将作业状态和作业流从自动化转发到 Azure Monitor 日志Forward job status and job streams from Automation to Azure Monitor logs
自动化可以将 Runbook 作业状态和作业流发送到 Log Analytics 工作区。Automation can send runbook job status and job streams to your Log Analytics workspace. 此过程不涉及工作区链接,并且完全独立。This process does not involve workspace linking and is completely independent. 可在 Azure 门户中或使用 PowerShell 查看单个作业的作业日志和作业流,这使用户可执行简单的调查。Job logs and job streams are visible in the Azure portal, or with PowerShell, for individual jobs and this allows you to perform simple investigations. 现在,可以使用 Azure Monitor 日志执行以下操作:Now with Azure Monitor logs you can:
- 了解自动化作业的状态。Get insight into the status of your Automation jobs.
- 基于 Runbook 作业状态(例如失败或暂停)触发电子邮件或警报。Trigger an email or alert based on your runbook job status (for example, failed or suspended).
- 编写跨作业流的高级查询。Write advanced queries across your job streams.
- 跨自动化帐户关联作业。Correlate jobs across Automation accounts.
- 使用自定义视图和搜索查询直观地显示 Runbook 结果、Runbook 作业状态,以及其他相关的关键指标。Use custom views and search queries to visualize your runbook results, runbook job status, and other related key indicators or metrics.
Note
本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改。See Azure Monitor terminology changes for details.
先决条件和部署注意事项Prerequisites and deployment considerations
若要开始将自动化日志发送到 Azure Monitor 日志,需要:To start sending your Automation logs to Azure Monitor logs, you need:
- 最新版本的 Azure PowerShell。The latest release of Azure PowerShell.
- Log Analytics 工作区。A Log Analytics workspace. 有关详细信息,请参阅 Azure Monitor 日志入门。For more information, see Get started with Azure Monitor logs.
- 你的 Azure 自动化帐户的资源 ID。The resource ID for your Azure Automation account.
请使用以下命令查找 Azure 自动化帐户的资源 ID:Use the following command to find the resource ID for your Azure Automation account:
# Find the ResourceId for the Automation account
Get-AzResource -ResourceType "Microsoft.Automation/automationAccounts"
若要查找 Log Analytics 工作区的资源 ID,请运行以下 PowerShell 命令:To find the resource ID for your Log Analytics workspace, run the following PowerShell command:
# Find the ResourceId for the Log Analytics workspace
Get-AzResource -ResourceType "Microsoft.OperationalInsights/workspaces"
如果以上命令的输出中有多个自动化帐户或工作区,请找到你需要配置的名称,并复制资源 ID 的值。If you have more than one Automation account or workspace in the output of the preceding commands, find the name that you need to configure and copy the value for the resource ID.
在 Azure 门户中,从“自动化帐户”边栏选项卡中选择你的自动化帐户,然后选择“所有设置”。 In the Azure portal, select your Automation account from the Automation account blade and select All settings.
在“所有设置”边栏选项卡中,在“帐户设置”下选择“属性” 。From the All settings blade, under Account Settings, select Properties.
在“属性”边栏选项卡中,记下下面显示的属性 。In the Properties blade, note the properties shown below.
。.
Azure Monitor 日志记录Azure Monitor log records
Azure 自动化诊断在 Azure Monitor 日志中创建两种类型的记录,标记为 AzureDiagnostics。Azure Automation diagnostics create two types of records in Azure Monitor logs, tagged as AzureDiagnostics. 下面几部分中的表是 Azure 自动化生成的记录以及日志搜索结果中显示的数据类型的示例。The tables in the next sections are examples of records that Azure Automation generates and the data types that appear in log search results.
作业日志Job logs
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动了操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| Tenant_gTenant_g | 标识调用方的租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - New(新)- New - Created(已创建)- Created - Started(已启动)- Started - Stopped(已停止)- Stopped - Suspended(已暂停)- Suspended - Failed(失败)- Failed - Completed(已完成)- Completed |
| CategoryCategory | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobLogs。For Automation, the value is JobLogs. |
| OperationNameOperationName | 在 Azure 中执行的操作的类型。The type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称The name of the Automation account |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,此项的值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | Runbook 作业结果状态。The runbook job result state. 可能的值包括:Possible values are: - 作业已启动- Job is started - 作业失败- Job Failed - Job Completed- Job Completed |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| resourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
作业流Job streams
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动了操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| StreamType_sStreamType_s | 作业流的类型。The type of job stream. 可能的值包括:Possible values are: - Progress(进度)-Progress - Output(输出)- Output - Warning- Warning - Error(错误)- Error - Debug(调试)- Debug - Verbose- Verbose |
| Tenant_gTenant_g | 标识调用方的租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - InProgress- In Progress |
| CategoryCategory | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobStreams。For Automation, the value is JobStreams. |
| OperationNameOperationName | 在 Azure 中执行的操作的类型。Type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称。The name of the Automation account. |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,此项的值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | 说明,其中包含来自 Runbook 的输出流。Description that includes the output stream from the runbook. |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| resourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
设置与 Azure Monitor 日志的集成Setting up integration with Azure Monitor logs
在计算机上,从“开始”屏幕启动 Windows PowerShell。 On your computer, start Windows PowerShell from the Start screen.
运行以下 PowerShell 命令,并使用在前面部分获得的值编辑
[your resource ID]和[resource ID of the log analytics workspace]的值。Run the following PowerShell commands, and edit the values for[your resource ID]and[resource ID of the log analytics workspace]with the values from the preceding section.$workspaceId = "[resource ID of the log analytics workspace]" $automationAccountId = "[resource ID of your Automation account]" Set-AzDiagnosticSetting -ResourceId $automationAccountId -WorkspaceId $workspaceId -Enabled 1
运行此脚本后,可能需要一小时才能开始在 Azure Monitor 日志中看到写入的新 JobLogs 或 JobStreams 的记录。After running this script, it can take an hour before you start to see records in Azure Monitor logs of new JobLogs or JobStreams being written.
若要查看日志,请在 Log Analytics 日志搜索中运行以下查询:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"To see the logs, run the following query in log analytics log search: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"
验证配置Verify configuration
若要确认自动化帐户是否会将日志发送到 Log Analytics 工作区,请使用以下 PowerShell 命令检查是否在自动化帐户上正确配置了诊断。To confirm that your Automation account is sending logs to your Log Analytics workspace, check that diagnostics are correctly configured on the Automation account by using the following PowerShell command.
Get-AzDiagnosticSetting -ResourceId $automationAccountId
在输出中,请确保:In the output, ensure that:
- 在
Logs下,Enabled的值为 True。UnderLogs, the value forEnabledis True. WorkspaceId已设置为你的 Log Analytics 工作区的ResourceId值。WorkspaceIdis set to theResourceIdvalue for your Log Analytics workspace.
在 Azure Monitor 日志中查看自动化日志Viewing Automation Logs in Azure Monitor logs
开始将自动化作业日志发送到 Azure Monitor 日志后,让我们看一下在 Azure Monitor 日志中可对这些日志执行哪些操作。Now that you started sending your Automation job logs to Azure Monitor logs, let's see what you can do with these logs inside Azure Monitor logs.
若要查看日志,请运行以下查询:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"To see the logs, run the following query: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"
Runbook 作业失败或暂停时发送电子邮件Send an email when a runbook job fails or suspends
客户的主要诉求之一是,当 Runbook 作业出现问题时能够发送电子邮件或短信。One of the top customer asks is for the ability to send an email or a text when something goes wrong with a runbook job.
若要创建警报规则,首先请针对应该调用警报的 Runbook 作业记录创建日志搜索。To create an alert rule, start by creating a log search for the runbook job records that should invoke the alert. 单击“警报” 按钮以创建并配置警报规则。Click the Alert button to create and configure the alert rule.
在“Log Analytics 工作区概述”页中,单击“查看日志” 。From the Log Analytics workspace Overview page, click View logs.
在查询字段中键入以下搜索,针对警报创建日志搜索查询:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")Create a log search query for your alert by typing the following search into the query field:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")
也可使用以下命令按 runbook 名称分组:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_sYou can also group by the runbook name by using:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_s如果设置了在工作区中收集来自多个自动化帐户或订阅的日志,则可以按照订阅或自动化帐户来为警报分组。If you set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account. 可以在搜索
JobLogs时在“Resource”字段中找到自动化帐户名称。Automation account name can be found in theResourcefield in the search ofJobLogs.若要打开“创建规则” 屏幕,请单击页面顶部的“新建警报规则” 。To open the Create rule screen, click New Alert Rule at the top of the page. 有关用于配置警报的选项的详细信息,请参阅 Azure 中的日志警报。For more information on the options to configure the alert, see Log alerts in Azure.
查找已完成但出错的所有作业Find all jobs that have completed with errors
除了在失败时发出警报外,还可以发现 Runbook 作业何时发生非终止错误。In addition to alerting on failures, you can find when a runbook job has a non-terminating error. 在这些情况下,PowerShell 会生成一个错误流,但非终止错误不会导致作业暂停或失败。In these cases, PowerShell produces an error stream, but the non-terminating errors don't cause your job to suspend or fail.
- 在 Log Analytics 工作区中单击“日志” 。In your Log Analytics workspace, click Logs.
- 在查询字段中,键入
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g。In the query field, typeAzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g. - 单击“搜索”按钮。 Click the Search button.
查看作业的作业流View job streams for a job
调试作业时,可能还需要查看作业流。When you're debugging a job, you might also want to look into the job streams. 以下查询会显示 GUID 为 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0 的单个作业的所有流:The following query shows all the streams for a single job with GUID 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and JobId_g == "2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0" | sort by TimeGenerated asc | project ResultDescription
查看历史作业状态View historical job status
最后,你可能需要可视化不同时间段的作业历史记录。Finally, you might want to visualize your job history over time. 可以使用此查询来搜索作业在不同时间段的状态。You can use this query to search for the status of your jobs over time.
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and ResultType != "started" | summarize AggregatedValue = count() by ResultType, bin(TimeGenerated, 1h)
删除诊断设置Removing diagnostic settings
若要从自动化帐户中删除诊断设置,请运行以下命令:To remove the diagnostic setting from the Automation account, run the following command:
$automationAccountId = "[resource ID of your Automation account]"
Remove-AzDiagnosticSetting -ResourceId $automationAccountId
后续步骤Next steps
- 有关对 Log Analytics 进行故障排除的帮助,请参阅对 Log Analytics 不再收集数据的原因进行故障排除。For help troubleshooting Log Analytics, see Troubleshooting why Log Analytics is no longer collecting data.
- 若要详细了解如何使用 Azure Monitor 日志构造不同的搜索查询和查看自动化作业日志,请参阅 Azure Monitor 日志中的日志搜索。To learn more about how to construct different search queries and review the Automation job logs with Azure Monitor logs, see Log searches in Azure Monitor logs.
- 若要了解如何通过 Runbook 创建和检索输出及错误消息,请参阅 Runbook 输出和消息。To understand how to create and retrieve output and error messages from runbooks, see Runbook output and messages.
- 若要详细了解 Runbook 执行、Runbook 作业监视方式和其他技术细节,请参阅 跟踪 Runbook 作业。To learn more about runbook execution, how to monitor runbook jobs, and other technical details, see Track a runbook job.
- 若要了解有关 Azure Monitor 日志和数据收集源的详细信息,请参阅在 Azure Monitor 日志中收集 Azure 存储数据概述。To learn more about Azure Monitor logs and data collection sources, see Collecting Azure storage data in Azure Monitor logs overview.