Azure Monitor

Microsoft Azure

Synopsis

Creates an Azure Monitor collector that simultaneously gathers alerts, logs, and metrics from Azure. A single device runs all three collection types concurrently, each maintaining its own checkpoint for incremental updates. Collection types that are not configured are skipped automatically.

Schema

- id: <numeric>
  name: <string>
  description: <string>
  type: azmon
  tags: <string[]>
  pipelines: <pipeline[]>
  status: <boolean>
  properties:
    tenant_id: <string>
    client_id: <string>
    client_secret: <string>
    event_frequency: <numeric>

Configuration

The following fields are used to define the device.

Device

Field	Required	Default	Description
`id`	Y		Unique identifier
`name`	Y		Device name
`description`	N	-	Optional description
`type`	Y		Must be `azmon`
`tags`	N	-	Optional tags
`pipelines`	N	-	Optional pre-processor pipelines
`status`	N	`true`	Enable/disable the device

Authentication

All collection types share a single set of credentials.

Field	Required	Description
`tenant_id`	Y	Azure tenant ID
`client_id`	Y	Azure client ID
`client_secret`	Y	Azure client secret

Collection

Field	Required	Default	Description
`event_frequency`	N	`300`	Interval in seconds between collection cycles

Details

Collection Architecture

Each device instance runs alerts, logs, and metrics collection concurrently via separate goroutines within a single collection cycle. After all three goroutines complete, the collector waits for event_frequency seconds before starting the next cycle. Each collection type maintains its own checkpoint keyed by device ID and type, so a failure in one type does not affect the others' progress.

Examples

Basic

The minimum configuration that establishes connectivity. At least one definition must be configured for collection to occur:

devices:
  - id: 1
    name: azmon
    type: azmon
    properties:
      tenant_id: "00000000-0000-0000-0000-000000000000"
      client_id: "11111111-1111-1111-1111-111111111111"
      client_secret: "your-client-secret"

Custom Collection Interval

Reducing the collection interval for near-real-time monitoring:

devices:
  - id: 2
    name: azmon_frequent
    type: azmon
    properties:
      tenant_id: "00000000-0000-0000-0000-000000000000"
      client_id: "11111111-1111-1111-1111-111111111111"
      client_secret: "your-client-secret"
      event_frequency: 60

Synopsis​

Schema​

Configuration​

Device​

Authentication​

Collection​

Details​

Collection Architecture​

Examples​

Basic​

Custom Collection Interval​