Table: azure_diagnostic_setting - Query Azure Diagnostic Settings using SQL

Azure Diagnostic Settings is a feature within Microsoft Azure that allows users to configure the collection of metrics and logs for Azure resources. It provides a centralized way to manage and route these logs and metrics to different destinations such as Azure Monitor Logs, Azure Event Hubs, and Azure Monitor Metrics. Azure Diagnostic Settings is essential for monitoring the performance and health of Azure resources, and for responding to issues that may arise.

Table Usage Guide

The azure_diagnostic_setting table provides insights into the diagnostic settings of Azure resources. As a DevOps engineer or system administrator, you can use this table to explore the configuration of logs and metrics for your Azure resources. It can be particularly useful for monitoring the health and performance of these resources, and for setting up alerts based on specific conditions.

Examples

Basic info

Determine the types of diagnostic settings currently in use within your Azure environment. This can help in understanding the configuration and organization of your resources, aiding in efficient management and troubleshooting.

select
  name,
  id,
  type
from
  azure_diagnostic_setting;

select
  name,
  id,
  type
from
  azure_diagnostic_setting;

List diagnostic settings that capture Alert category logs

Determine the areas in which diagnostic settings are actively monitoring alerts. This is beneficial for ensuring your system is properly tracking potential issues and maintaining overall operational health.

select
  name,
  id,
  type
from
  azure_diagnostic_setting,
  jsonb_array_elements(logs) as l
where
  l ->> 'category' = 'Alert'
  and l ->> 'enabled' = 'true';

select
  name,
  s.id,
  s.type
from
  azure_diagnostic_setting as s,
  json_each(logs) as l
where
  json_extract(l.value, '$.category') = 'Alert'
  and json_extract(l.value, '$.enabled') = 'true';

List diagnostic settings that capture Security category logs

Determine the areas in which diagnostic settings are configured to monitor security-related activities. This is useful for ensuring security measures are properly logged and can aid in identifying potential security risks or breaches.

select
  name,
  id,
  type
from
  azure_diagnostic_setting,
  jsonb_array_elements(logs) as l
where
  l ->> 'category' = 'Security'
  and l ->> 'enabled' = 'true';

select
  name,
  s.id,
  s.type
from
  azure_diagnostic_setting as s,
  json_each(logs) as l
where
  json_extract(l.value, '$.category') = 'Security'
  and json_extract(l.value, '$.enabled') = 'true';

List diagnostic settings that capture Policy category logs

Explore which diagnostic settings in Azure are set to capture logs in the 'Policy' category. This is useful to ensure that policy-related activities are being properly logged for auditing and troubleshooting purposes.

select
  name,
  id,
  type
from
  azure_diagnostic_setting,
  jsonb_array_elements(logs) as l
where
  l ->> 'category' = 'Policy'
  and l ->> 'enabled' = 'true';

select
  name,
  s.id,
  s.type
from
  azure_diagnostic_setting as s,
  json_each(logs) as l
where
  json_extract(l.value, '$.category') = 'Policy'
  and json_extract(l.value, '$.enabled') = 'true';

List diagnostic settings that capture Administrative category logs

Discover the segments that are capturing administrative logs in your Azure diagnostic settings. This can be useful in maintaining security and compliance by ensuring that administrative activities are being properly monitored and logged.

select
  name,
  id,
  type
from
  azure_diagnostic_setting,
  jsonb_array_elements(logs) as l
where
  l ->> 'category' = 'Administrative'
  and l ->> 'enabled' = 'true';

select
  name,
  s.id,
  s.type
from
  azure_diagnostic_setting as s,
  json_each(logs) as l
where
  json_extract(l.value, '$.category') = 'Administrative'
  and json_extract(l.value, '$.enabled') = 'true';

Query examples

monitor_diagnostic_settings_for_storage_account

Control examples

Schema for azure_diagnostic_setting

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
cloud_environment	text		The Azure Cloud Environment.
event_hub_authorization_rule_id	text		The resource Id for the event hub authorization rule.
event_hub_name	text		The name of the event hub.
id	text		The resource Id.
log_analytics_destination_type	text		A string indicating whether the export to Log Analytics should use the default destinatio type.
logs	jsonb		The list of logs settings.
metrics	jsonb		The list of metric settings.
name	text	=	The name of the resource.
resource_group	text		The resource group which holds this resource.
service_bus_rule_id	text		The service bus rule Id of the diagnostic setting.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
storage_account_id	text		The resource ID of the storage account to which you would like to send Diagnostic Logs.
subscription_id	text	=, !=, ~~, ~~, !~~, !~~	The Azure Subscription ID in which the resource is located.
title	text		Title of the resource.
type	text		Type of the resource.
workspace_id	text		The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_diagnostic_setting