监视已发布的 APIMonitor published APIs

通过 Azure Monitor,可直观显示、查询、路由和存档来自 Azure 资源的指标或日志并对其执行操作。With Azure Monitor, you can visualize, query, route, archive, and take actions on the metrics or logs coming from Azure resources.

本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 查看活动日志View activity logs
  • 查看诊断日志View diagnostic logs
  • 查看 API 的指标View metrics of your API
  • 针对 API 收到的未经授权的调用设置警报规则Set up an alert rule when your API gets unauthorized calls

    先决条件Prerequisites

可用性Availability

Important

此功能在 API 管理的“高级”、“标准”、“基本”和“开发人员”层中可用。This feature is available in the Premium, Standard, Basic and Developer tiers of API Management.

查看 API 的指标View metrics of your APIs

API 管理每分钟发出一次指标,几乎可让你实时了解 API 的状态和运行状况。API Management emits metrics every minute, giving you near real-time visibility into the state and health of your APIs. 下面汇总了一些可用指标:Following is a summary of some of the available metrics:

  • 容量(预览版):帮助做出有关升级/降级 APIM 服务的决策。Capacity (preview): helps you make decisions about upgrading/downgrading your APIM services. 指标每分钟发出,在报告时反映网关容量。The metric is emitted per minute and reflects the gateway capacity at the time of reporting. 指标范围为 0-100,是根据 CPU 和内存利用率等网关资源计算的。The metric ranges from 0-100 calculated based on gateway resources such as CPU and memory utilization.
  • 网关请求总数:期间内的 API 请求数。Total Gateway Requests: the number of API requests in the period.
  • 成功的网关请求数:接收成功的 HTTP 响应代码(包括 304、307 以及任何小于 301 的代码,例如 200)的 API 请求数。Successful Gateway Requests: the number of API requests that received successful HTTP response codes including 304, 307, and anything smaller than 301 (for example, 200).
  • 失败的网关请求数:接收错误的 HTTP 响应代码(包括 400 以及任何大于 500 的代码)的 API 请求数。Failed Gateway Requests: the number of API requests that received erroneous HTTP response codes including 400, and anything larger than 500.
  • 未经授权的网关请求数:接收包括 401、403 和 429的 HTTP 响应代码的 API 请求数。Unauthorized Gateway Requests: the number of API requests that received HTTP response codes including 401, 403, and 429.
  • 其他网关请求数:接收不属于上述任何类别的 HTTP 响应代码(例如 418)的 API 请求数。Other Gateway Requests: the number of API requests that received HTTP response codes that do not belong to any of the preceding categories (for example, 418).

指标图表

访问指标:To access metrics:

  1. 在靠近页面底部的菜单中选择“指标”。 Select Metrics from the menu near the bottom of the page.

    指标

  2. 从下拉列表中选择所需的指标。From the drop-down, select metrics you are interested in. 例如,“请求” 。For example, Requests.

  3. 该图显示 API 调用总数。The chart shows the total number of API calls.

  4. 可以使用请求指标的维度来筛选该图表。The chart can be filtered using the dimensions of the Requests metric. 例如,单击“添加筛选器” ,选择“后端响应代码” ,输入 500 作为值。For example, click on Add filter, choose Backend Response Code, enter 500 as the value. 现在,该图表显示了 API 后端中失败的请求数。Now the chart shows the number of requests that were failed in the API backend.

针对未经授权的请求设置警报规则Set up an alert rule for unauthorized request

可配置为基于指标和活动日志接收警报。You can configure to receive alerts based on metrics and activity logs. 通过 Azure Monitor 可配置警报,使警报触发时执行以下操作:Azure Monitor allows you to configure an alert to do the following when it triggers:

  • 发送电子邮件通知Send an email notification
  • 调用 WebhookCall a webhook
  • 调用 Azure 逻辑应用Invoke an Azure Logic App

配置警报:To configure alerts:

  1. 在靠近页面底部的菜单栏中选择“警报”。 Select Alerts from the menu bar near the bottom of the page.

    alerts

  2. 对于此警报,请单击“新建警报规则”。 Click on a New alert rule for this alert.

  3. 单击“添加条件”。 Click on Add condition.

  4. 在“信号类型”下拉列表中选择“指标”。 Select Metrics in the Signal type drop down.

  5. 选择“未经授权的网关请求”作为要监视的信号。 Select Unauthorized Gateway Request as the signal to monitor.

    alerts

  6. 在“配置信号逻辑”视图中指定触发警报的阈值,然后单击“完成”。 In the Configure signal logic view, specify a threshold after which the alert should be triggered and click Done.

    alerts

  7. 选择现有的操作组或创建新组。Select an existing Action Group or create a new one. 在下面的示例中,将向管理员发送电子邮件。In the example below, an email will be sent to the admins.

    alerts

  8. 提供警报规则的名称和说明,然后选择严重级别。Provide a name, description of the alert rule and choose the severity level.

  9. 按“创建警报规则”。 Press Create alert rule.

  10. 现在,尝试在不使用 API 密钥的情况下调用会议 API。Now, try to call the Conference API without an API key. 将会触发警报,向管理员发送电子邮件。The alert will be triggered and email will be sent to the admins.

活动日志Activity Logs

活动日志提供有关对 API 管理服务执行的操作的见解。Activity logs provide insight into the operations that were performed on your API Management services. 通过活动日志,可确定对 API 管理服务执行的任何写入操作 (PUT、POST、DELETE) 的“操作内容、操作人员和操作时间”。Using activity logs, you can determine the "what, who, and when" for any write operations (PUT, POST, DELETE) taken on your API Management services.

Note

活动日志不包括读取 (GET) 操作或者通过 Azure 门户或原始管理 API 执行的操作。Activity logs do not include read (GET) operations or operations performed in the Azure portal or using the original Management APIs.

可在 API 管理服务中访问活动日志,或在 Azure Monitor 中访问所有 Azure 资源的日志。You can access activity logs in your API Management service, or access logs of all your Azure resources in Azure Monitor.

活动日志

要查看活动日志,请执行以下操作:To view activity logs:

  1. 选择 APIM 服务实例。Select your APIM service instance.

  2. 单击“活动日志” 。Click Activity log.

    活动日志

  3. 选择所需的筛选范围,然后单击“应用” 。Select desired filtering scope and click Apply.

诊断日志Diagnostic Logs

诊断日志提供大量有关操作和错误的信息,这些信息对审核和故障排除非常重要。Diagnostic logs provide rich information about operations and errors that are important for auditing as well as troubleshooting purposes. 诊断日志不同于活动日志。Diagnostics logs differ from activity logs. 活动日志提供有关对 Azure 资源执行的操作的见解。Activity logs provide insights into the operations that were performed on your Azure resources. 诊断日志提供资源执行的操作的深入信息。Diagnostics logs provide insight into operations that your resource performed.

若要配置诊断日志,请执行以下操作:To configure diagnostic logs:

  1. 选择 APIM 服务实例。Select your APIM service instance.

  2. 单击“诊断设置”。 Click Diagnostic settings.

    诊断日志

  3. 单击“启用诊断” 。Click Turn on diagnostics. 可以将诊断日志与指标一起存档到存储帐户,将其流式传输到事件中心,或者将其发送到 Azure Monitor 日志。You can archive diagnostic logs along with metrics to a storage account, stream them to an Event Hub, or send them to Azure Monitor logs.

“API 管理”当前提供有关单个 API 请求的诊断日志(每小时进行批处理),其中每个条目具有以下架构:API Management currently provides diagnostics logs (batched hourly) about individual API request with each entry having the following schema:

{  
    "isRequestSuccess" : "",
    "time": "",
    "operationName": "",
    "category": "",
    "durationMs": ,
    "callerIpAddress": "",
    "correlationId": "",
    "location": "",
    "httpStatusCodeCategory": "",
    "resourceId": "",
    "properties": {   
        "method": "", 
        "url": "", 
        "clientProtocol": "", 
        "responseCode": , 
        "backendMethod": "", 
        "backendUrl": "", 
        "backendResponseCode": ,
        "backendProtocol": "",  
        "requestSize": , 
        "responseSize": , 
        "cache": "", 
        "cacheTime": "", 
        "backendTime": , 
        "clientTime": , 
        "apiId": "",
        "operationId": "", 
        "productId": "", 
        "userId": "", 
        "apimSubscriptionId": "", 
        "backendId": "",
        "lastError": { 
            "elapsed" : "", 
            "source" : "", 
            "scope" : "", 
            "section" : "" ,
            "reason" : "", 
            "message" : ""
        } 
    }      
}  
propertiesProperty 类型Type 说明Description
isRequestSuccessisRequestSuccess 布尔值boolean 如果 HTTP 请求完成时,响应状态代码在 2xx 或 3xx 范围内,则为 trueTrue if the HTTP request completed with response status code within 2xx or 3xx range
timetime 日期时间date-time 网关接收 HTTP 请求的时间戳Timestamp of receiving the HTTP request by the gateway
operationNameoperationName stringstring 常量值“'Microsoft.ApiManagement/GatewayLogs”Constant value 'Microsoft.ApiManagement/GatewayLogs'
categorycategory stringstring 常量值“GatewayLogs”Constant value 'GatewayLogs'
durationMsdurationMs integerinteger 从网关收到请求到响应全部发送出去经过的时间(毫秒)Number of milliseconds from the moment gateway received request until the moment response sent in full
callerIpAddresscallerIpAddress stringstring 直接网关调用方(可以是中介)的 IP 地址IP address of immediate Gateway caller (can be an intermediary)
correlationIdcorrelationId stringstring 由 API 管理分配的唯一 http 请求标识符Unique http request identifier assigned by API Management
locationlocation stringstring 处理请求的网关所在 Azure 区域的名称Name of the Azure region where the Gateway that processed the request was located
httpStatusCodeCategoryhttpStatusCodeCategory stringstring Http 响应状态代码的类别:成功(301 或以下,或者 304 或 307)、未授权(401、403、429)、错误(400、500 到 600)、其他Category of http response status code: Successful (301 or less or 304 or 307), Unauthorized (401, 403, 429), Erroneous (400, between 500 and 600), Other
ResourceIdresourceId stringstring API 管理资源 /SUBSCRIPTIONS/<subscription>/RESOURCEGROUPS/<resource-group>/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/<name> 的 IDID of the API Management resource /SUBSCRIPTIONS/<subscription>/RESOURCEGROUPS/<resource-group>/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/<name>
propertiesproperties objectobject 当前请求的属性Properties of the current request
methodmethod stringstring 传入请求的 HTTP 方法HTTP method of the incoming request
urlurl stringstring 传入请求的 URLURL of the incoming request
clientProtocolclientProtocol stringstring 传入请求的 HTTP 协议版本HTTP protocol version of the incoming request
responseCoderesponseCode integerinteger 发送到客户端的 HTTP 响应的状态代码Status code of the HTTP response sent to a client
backendMethodbackendMethod stringstring 发送到后端的请求的 HTTP 方法HTTP method of the request sent to a backend
backendUrlbackendUrl stringstring 发送到后端的请求的 URLURL of the request sent to a backend
backendResponseCodebackendResponseCode integerinteger 从后端收到的 HTTP 响应代码Code of the HTTP response received from a backend
backendProtocolbackendProtocol stringstring 发送到后端的请求的 HTTP 协议版本HTTP protocol version of the request sent to a backend
requestSizerequestSize integerinteger 在请求处理过程中从客户端接收的字节数Number of bytes received from a client during request processing
responseSizeresponseSize integerinteger 在请求处理过程中发送到客户端的字节数Number of bytes sent to a client during request processing
cachecache stringstring 在请求处理过程中涉及的 API 管理缓存的状态(即命中、未命中、无)Status of API Management cache involvement in request processing (i.e., hit, miss, none)
cacheTimecacheTime integerinteger 花在整个 API 管理缓存 IO(连接、发送和接收字节)上的时间(毫秒)Number of milliseconds spent on overall API Management cache IO (connecting, sending, and receiving bytes)
backendTimebackendTime integerinteger 花在整个后端 IO(连接、发送和接收字节)上的时间(毫秒)Number of milliseconds spent on overall backend IO (connecting, sending and receiving bytes)
clientTimeclientTime integerinteger 花在整个客户端 IO(连接、发送和接收字节)上的时间(毫秒)Number of milliseconds spent on overall client IO (connecting, sending and receiving bytes)
apiIdapiId stringstring 当前请求的 API 实体标识符API entity identifier for current request
operationIdoperationId stringstring 当前请求的操作实体标识符Operation entity identifier for current request
productIdproductId stringstring 当前请求的产品实体标识符Product entity identifier for current request
userIduserId stringstring 当前请求的用户实体标识符User entity identifier for current request
apimSubscriptionIdapimSubscriptionId stringstring 当前请求的订阅实体标识符Subscription entity identifier for current request
backendIdbackendId stringstring 当前请求的后端实体标识符Backend entity identifier for current request
lastErrorLastError objectobject 上一个请求处理错误Last request processing error
elapsedelapsed integerinteger 从网关收到请求到发生错误经过的时间(毫秒)Number of milliseconds elapsed since Gateway received request the moment the error occurred
sourcesource stringstring 导致错误的策略或内部处理程序的名称Name of the policy or processing internal handler caused the error
scopescope stringstring 导致错误的策略所在策略文档的范围Scope of the policy document containing the policy that caused the error
sectionsection stringstring 导致错误的策略所在策略文档的节Section of the policy document containing the policy that caused the error
reasonreason stringstring 错误原因Error reason
messagemessage stringstring 错误消息Error message

后续步骤Next steps

在本教程中,你已学习了如何执行以下操作:In this tutorial, you learned how to:

  • 查看活动日志View activity logs
  • 查看诊断日志View diagnostic logs
  • 查看 API 的指标View metrics of your API
  • 针对 API 收到的未经授权的调用设置警报规则Set up an alert rule when your API gets unauthorized calls

转到下一教程:Advance to the next tutorial: