0

I was trying to collect custom application text logs using Azure Monitor Agent and push it to Log Analytics workspace but i was not getting any application logs in log analytics workspace.

I did the following steps as per the link : https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-log-text

  1. Create Data Collection endpoint(DCE) in same region as log analytics workspace.
  2. Create Custom Table (DCR based) in Log Analytics Workspace.
  3. Create Data Collection Rule (DCR) Custom Text Logs in same region with log path and file name in sources and destination with Log Analytics Workspace and adding the VM in resource from where the logs needs to be collected. (This step installed the Azure Monitor Agent as VM extension)
  4. While querying in Log Analytics Workspace no application logs were visible. but i was getting the heartbeat logs of that VM while querying analytics workspace with Azure Monitor Agent.
  5. I also checked the logs of Azure Monitor Agent on the VM and the logs was processed by the agent and there was no error.
Improve this question
4
  • Are you still looking for an approach. @Chsr Commented Dec 2, 2024 at 5:26
  • @Jahnavi I think the approach is fine only the issue was with custom table creation as it is asking to upload log file in Json format whereas my logs are in unstructured way and in text format, so the issue is with tranformation i believe. Commented Dec 17, 2024 at 13:26
  • Have you checked the below one. @Chsr Commented Dec 17, 2024 at 14:24
  • 1
    @Jahnavi I checked the one you posted as well. Thank You.. I am getting the logs now. There was issue with sample json file which i was uploading. I was trying to separate the logs with some headers in log transfomation. Only when i put the sample json file as below then only i got the logs in log analytics workspace : RawData : "Complete log file data" Commented Dec 18, 2024 at 14:33

1 Answer 1

Reset to default
0

The approach you are following is accurate according to the MS Doc given for collecting custom application logs and retrieve it in the monitor workspaces.

But as mentioned in the Blog here by @Allen,

The table usually takes 60 minutes to pull the source data and update the new custom table in the workspace.

If still the issue persists after 60-80 minutes, then you need to verify below.

Check that you have specified the correct source custom data log location in the data collection rule (DCR) and also the file pattern in the DCR.

Make sure that the column names and data types are given according to the log files uploaded into the workspace tables. Modify it if needed as shown below.

enter image description here

Once the check conditions are verified, run query with your custom table name as shown in the below syntax.

runtinow_CL
| project TimeGenerated, RawData

Note: Also check the heartbeat logs are properly retrieving according to the specific given VM.

enter image description here

Reference link for more detailed information.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.