将 Azure 自动化作业数据转发到 Azure Monitor 日志Forward Azure Automation job data to Azure Monitor logs
Azure 自动化可将 Runbook 作业状态和作业流发送到 Log Analytics 工作区。Azure Automation can send runbook job status and job streams to your Log Analytics workspace. 此过程不涉及工作区链接,并且完全独立。This process does not involve workspace linking and is completely independent. 可在 Azure 门户中或使用 PowerShell 查看单个作业的作业日志和作业流,这使用户可执行简单的调查。Job logs and job streams are visible in the Azure portal, or with PowerShell, for individual jobs and this allows you to perform simple investigations. 借助 Azure Monitor 日志,你现可:Now with Azure Monitor logs you can:
- 深入了解自动化作业的状态。Get insight into the status of your Automation jobs.
- 基于 Runbook 作业状态(例如失败或暂停)触发电子邮件或警报。Trigger an email or alert based on your runbook job status (for example, failed or suspended).
- 编写跨作业流的高级查询。Write advanced queries across your job streams.
- 跨自动化帐户关联作业。Correlate jobs across Automation accounts.
- 使用自定义视图和搜索查询直观呈现 Runbook 结果、Runbook 作业状态以及其他相关的关键指标。Use custom views and search queries to visualize your runbook results, runbook job status, and other related key indicators or metrics.
备注
本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改。See Azure Monitor terminology changes for details.
先决条件和部署注意事项Prerequisites and deployment considerations
要开始将自动化日志发送到 Azure Monitor 日志,需要:To start sending your Automation logs to Azure Monitor logs, you need:
- 最新版本的 Azure PowerShell。The latest release of Azure PowerShell.
- Log Analytics 工作区。A Log Analytics workspace. 有关详细信息,请参阅 Azure Monitor 日志入门。For more information, see Get started with Azure Monitor logs.
- Azure 自动化帐户的资源 ID。The resource ID for your Azure Automation account.
使用以下命令查找 Azure 自动化帐户的资源 ID:Use the following command to find the resource ID for your Azure Automation account:
# Find the ResourceId for the Automation account
Get-AzResource -ResourceType "Microsoft.Automation/automationAccounts"
要查找 Log Analytics 工作区的资源 ID,请运行以下 PowerShell 命令:To find the resource ID for your Log Analytics workspace, run the following PowerShell command:
# Find the ResourceId for the Log Analytics workspace
Get-AzResource -ResourceType "Microsoft.OperationalInsights/workspaces"
如果上述命令的输出中有多个自动化帐户或工作区,可通过执行以下操作来查找自动化帐户的完整资源 ID 中包含的名称和其他相关属性:If you have more than one Automation account or workspace in the output of the preceding commands, you can find the name and other related properties that are part of the full resource ID of your Automation account by performing the following:
在 Azure 门户中,从“自动化帐户”页面选择你的自动化帐户。In the Azure portal, select your Automation account from the Automation Accounts page.
在所选自动化帐户的页面,在“帐户设置”下选择“属性” 。On the page of the selected Automation account, under Account Settings, select Properties.
在“属性”页面上,注意下面显示的详细信息。In the Properties page, note the details shown below.
。.
Azure Monitor 日志记录Azure Monitor log records
Azure 自动化诊断将在 Azure Monitor 日志中创建两种类型的记录,标记为 AzureDiagnostics。Azure Automation diagnostics create two types of records in Azure Monitor logs, tagged as AzureDiagnostics. 在以下各部分的表格中,有 Azure 自动化生成的记录和日志搜索结果中显示的数据类型的示例。The tables in the next sections are examples of records that Azure Automation generates and the data types that appear in log search results.
作业日志Job logs
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| Tenant_gTenant_g | 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - 新- New - 已创建- Created - 已启动- Started - 已停止- Stopped - 已暂停- Suspended - 失败- Failed - 已完成- Completed |
| 类别Category | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobLogs。For Automation, the value is JobLogs. |
| OperationNameOperationName | Azure 中执行的操作的类型。The type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称The name of the Automation account |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | Runbook 作业结果状态。The runbook job result state. 可能的值包括:Possible values are: - 作业已启动- Job is started - 作业失败- Job Failed - 作业已完成- Job Completed |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| ResourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
作业流Job streams
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| StreamType_sStreamType_s | 作业流的类型。The type of job stream. 可能的值包括:Possible values are: - 进度-Progress - 输出- Output - 警告- Warning - 错误- Error - 调试- Debug - 详细- Verbose |
| Tenant_gTenant_g | 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - In Progress- In Progress |
| 类别Category | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobStreams。For Automation, the value is JobStreams. |
| OperationNameOperationName | Azure 中执行的操作的类型。Type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称。The name of the Automation account. |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | 包括来自 Runbook 的输出流的说明。Description that includes the output stream from the runbook. |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| ResourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
设置与 Azure Monitor 日志的集成Set up integration with Azure Monitor logs
在计算机上,从“开始”屏幕启动 Windows PowerShell。On your computer, start Windows PowerShell from the Start screen.
运行以下 PowerShell 命令,并使用从上一部分获得的值编辑
$automationAccountId和$workspaceId的值。Run the following PowerShell commands, and edit the values for$automationAccountIdand$workspaceIdwith the values from the preceding section.$workspaceId = "resource ID of the log analytics workspace" $automationAccountId = "resource ID of your Automation account" Set-AzDiagnosticSetting -ResourceId $automationAccountId -WorkspaceId $workspaceId -Enabled 1
运行此脚本后,可能需要一小时才能开始在 Azure Monitor 日志中看到写入新 JobLogs 或 JobStreams 的记录。After running this script, it can take an hour before you start to see records in Azure Monitor logs of new JobLogs or JobStreams being written.
若要查看日志,请在日志分析日志搜索中运行以下查询:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"To see the logs, run the following query in log analytics log search: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"
验证配置Verify configuration
要确认自动化帐户是否会将日志发送到 Log Analytics 工作区,请使用以下 PowerShell 命令检查是否在自动化帐户上正确配置了诊断。To confirm that your Automation account is sending logs to your Log Analytics workspace, check that diagnostics are correctly configured on the Automation account by using the following PowerShell command.
Get-AzDiagnosticSetting -ResourceId $automationAccountId
在输出中,确保:In the output, ensure that:
- 在
Logs下,Enabled的值为 True。UnderLogs, the value forEnabledis True. WorkspaceId设置为 Log Analytics 工作区的ResourceId值。WorkspaceIdis set to theResourceIdvalue for your Log Analytics workspace.
在 Azure Monitor 日志中查看自动化日志View Automation logs in Azure Monitor logs
现在,你已开始将自动化作业日志发送到 Azure Monitor 日志,接下来让我们看看可在 Azure Monitor 日志中对这些日志执行哪些操作。Now that you started sending your Automation job logs to Azure Monitor logs, let's see what you can do with these logs inside Azure Monitor logs.
若要查看日志,请运行以下查询:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"To see the logs, run the following query: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"
Runbook 作业失败或暂停时发送电子邮件Send an email when a runbook job fails or suspends
以下步骤说明如何在 Azure Monitor 中设置警报,以便在 Runbook 作业出现问题时通知你。The following steps show how to set up alerts in Azure Monitor to notify you when something goes wrong with a runbook job.
要创建警报规则,请先针对应调用警报的 Runbook 作业记录创建日志搜索。To create an alert rule, start by creating a log search for the runbook job records that should invoke the alert. 单击“警报”按钮以创建和配置警报的规则。Click the Alert button to create and configure the alert rule.
在 Log Analytics 工作区的“概述”页面中,单击“查看日志”。From the Log Analytics workspace Overview page, click View logs.
在查询字段中键入以下搜索,针对警报创建日志搜索查询:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")Create a log search query for your alert by typing the following search into the query field:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")
也可使用以下命令按 Runbook 名称进行分组:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_sYou can also group by the runbook name by using:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_s如果设置了在工作区中收集来自多个自动化帐户或订阅的日志,则可以按照订阅或自动化帐户来为警报分组。If you set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account. 可在
JobLogs搜索中的Resource字段中找到自动化帐户名称。Automation account name can be found in theResourcefield in the search ofJobLogs.若要打开“创建规则”屏幕,请单击页面顶部的“新建警报规则” 。To open the Create rule screen, click New Alert Rule at the top of the page. 要详细了解用于配置警报的选项,请参阅 Azure 中的日志警报。For more information on the options to configure the alert, see Log alerts in Azure.
查找已完成但出错的所有作业Find all jobs that have completed with errors
除了在失败时发出警报外,还可以发现 Runbook 作业何时发生非终止错误。In addition to alerting on failures, you can find when a runbook job has a non-terminating error. 在这些情况下,PowerShell 会生成一个错误流,但非终止错误不会导致作业暂停或失败。In these cases, PowerShell produces an error stream, but the non-terminating errors don't cause your job to suspend or fail.
在 Log Analytics 工作区中,单击“日志”。In your Log Analytics workspace, click Logs.
在查询字段中,键入
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g。In the query field, typeAzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g.单击“搜索”按钮。Click the Search button.
查看作业的作业流View job streams for a job
调试作业时,你可能还希望深入查看作业流。When you're debugging a job, you might also want to look into the job streams. 以下查询会显示 GUID 为 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0 的单个作业的所有流:The following query shows all the streams for a single job with GUID 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and JobId_g == "2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0" | sort by TimeGenerated asc | project ResultDescription
查看历史作业状态View historical job status
最后,可能需要直观显示一段时间内的作业历史记录。Finally, you might want to visualize your job history over time. 可以使用此查询来搜索作业在不同时间段的状态。You can use this query to search for the status of your jobs over time.
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and ResultType != "started" | summarize AggregatedValue = count() by ResultType, bin(TimeGenerated, 1h)
删除诊断设置Remove diagnostic settings
若要从自动化帐户中删除诊断设置,请运行以下命令:To remove the diagnostic setting from the Automation account, run the following command:
$automationAccountId = "[resource ID of your Automation account]"
Remove-AzDiagnosticSetting -ResourceId $automationAccountId
后续步骤Next steps
- 若要了解如何使用 Azure Monitor 日志构建搜索查询和查看自动化作业日志,请参阅 Azure Monitor 日志中的日志搜索。To learn how to construct search queries and review the Automation job logs with Azure Monitor logs, see Log searches in Azure Monitor logs.
- 若要了解如何从 Runbook 创建和检索输出及错误消息,请参阅监视 Runbook 输出。To understand creation and retrieval of output and error messages from runbooks, see Monitor runbook output.
- 若要详细了解 Runbook 执行情况、Runbook 作业的监视方式以及其他技术详细信息,请参阅在 Azure 自动化中执行 Runbook。To learn more about runbook execution, how to monitor runbook jobs, and other technical details, see Runbook execution in Azure Automation.
- 若要详细了解 Azure Monitor 日志和数据收集源,请参阅“在 Azure Monitor 日志中收集 Azure 存储数据”概述。To learn more about Azure Monitor logs and data collection sources, see Collecting Azure storage data in Azure Monitor logs overview.
- 若在排查 Log Analytics 问题时需要帮助,请参阅排查 Log Analytics 不再收集数据的原因。For help troubleshooting Log Analytics, see Troubleshooting why Log Analytics is no longer collecting data.