将 Azure 自动化作业数据转发到 Azure Monitor 日志Forward Azure Automation job data to Azure Monitor logs
Azure 自动化可将 Runbook 作业状态和作业流发送到 Log Analytics 工作区。Azure Automation can send runbook job status and job streams to your Log Analytics workspace. 此过程不涉及工作区链接,并且完全独立。This process does not involve workspace linking and is completely independent. 可在 Azure 门户中或使用 PowerShell 查看单个作业的作业日志和作业流,这使用户可执行简单的调查。Job logs and job streams are visible in the Azure portal, or with PowerShell, for individual jobs and this allows you to perform simple investigations. 借助 Azure Monitor 日志,你现可:Now with Azure Monitor logs you can:
- 深入了解自动化作业的状态。Get insight into the status of your Automation jobs.
- 基于 Runbook 作业状态(例如失败或暂停)触发电子邮件或警报。Trigger an email or alert based on your runbook job status (for example, failed or suspended).
- 编写跨作业流的高级查询。Write advanced queries across your job streams.
- 跨自动化帐户关联作业。Correlate jobs across Automation accounts.
- 使用自定义视图和搜索查询直观呈现 Runbook 结果、Runbook 作业状态以及其他相关的关键指标。Use custom views and search queries to visualize your runbook results, runbook job status, and other related key indicators or metrics.
先决条件Prerequisites
要开始将自动化日志发送到 Azure Monitor 日志,需要:To start sending your Automation logs to Azure Monitor logs, you need:
最新版本的 Azure PowerShell。The latest release of Azure PowerShell.
Log Analytics 工作区及其资源 ID。A Log Analytics workspace and it's resource ID. 有关详细信息,请参阅 Azure Monitor 日志入门。For more information, see Get started with Azure Monitor logs.
Azure 自动化帐户的资源 ID。The resource ID of your Azure Automation account.
如何查找资源 IDHow to find resource IDs
使用以下命令查找 Azure 自动化帐户的资源 ID:Use the following command to find the resource ID for your Azure Automation account:
# Find the ResourceId for the Automation account Get-AzResource -ResourceType "Microsoft.Automation/automationAccounts"复制 ResourceID 的值。Copy the value for ResourceID.
使用以下命令查找 Log Analytics 工作区的资源 ID:Use the following command to find the resource ID of your Log Analytics workspace:
# Find the ResourceId for the Log Analytics workspace Get-AzResource -ResourceType "Microsoft.OperationalInsights/workspaces"复制 ResourceID 的值。Copy the value for ResourceID.
若要从特定的资源组返回结果,请包含 -ResourceGroupName 参数。To return results from a specific resource group, include the -ResourceGroupName parameter. 有关详细信息,请参阅 Get-AzResource。For more information, see Get-AzResource.
如果上述命令的输出中有多个自动化帐户或工作区,可通过执行以下操作来查找自动化帐户的完整资源 ID 中包含的名称和其他相关属性:If you have more than one Automation account or workspace in the output of the preceding commands, you can find the name and other related properties that are part of the full resource ID of your Automation account by performing the following:
登录到 Azure 门户。Sign in to the Azure portal.
在 Azure 门户中,从“自动化帐户”页面选择你的自动化帐户。In the Azure portal, select your Automation account from the Automation Accounts page.
在所选自动化帐户的页面,在“帐户设置”下选择“属性” 。On the page of the selected Automation account, under Account Settings, select Properties.
在“属性”页面上,注意下面显示的详细信息。In the Properties page, note the details shown below.
..
配置诊断设置Configure diagnostic settings
自动化诊断设置支持转发以下平台日志和指标数据:Automation diagnostic settings supports forwarding the following platform logs and metric data:
- JobLogsJobLogs
- JobStreamsJobStreams
- DSCNodeStatusDSCNodeStatus
- 指标 - 作业总数、更新部署计算机运行总数、更新部署运行总数Metrics - Total Jobs, Total Update Deployment Machine Runs, Total Update Deployment Runs
若要开始将自动化日志发送到 Azure Monitor 日志,请查看创建诊断设置,了解可用于配置诊断设置以发送平台日志的功能和方法。To start sending your Automation logs to Azure Monitor logs, review create diagnostic settings to understand the feature and methods available to configure diagnostic settings to send platform logs.
Azure Monitor 日志记录Azure Monitor log records
Azure 自动化诊断将在 Azure Monitor 日志中创建两种类型的记录,标记为 AzureDiagnostics。Azure Automation diagnostics create two types of records in Azure Monitor logs, tagged as AzureDiagnostics. 在以下各部分的表格中,有 Azure 自动化生成的记录和日志搜索结果中显示的数据类型的示例。The tables in the next sections are examples of records that Azure Automation generates and the data types that appear in log search results.
作业日志Job logs
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| Tenant_gTenant_g | 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - 新- New - 已创建- Created - Started(已启动)- Started - Stopped(已停止)- Stopped - Suspended(已暂停)- Suspended - Failed(失败)- Failed - 已完成- Completed |
| CategoryCategory | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobLogs。For Automation, the value is JobLogs. |
| OperationNameOperationName | Azure 中执行的操作的类型。The type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称The name of the Automation account |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | Runbook 作业结果状态。The runbook job result state. 可能的值包括:Possible values are: - 作业已启动- Job is started - 作业失败- Job Failed - 作业已完成- Job Completed |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| ResourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
作业流Job streams
| 属性Property | 说明Description |
|---|---|
| TimeGeneratedTimeGenerated | 执行 Runbook 作业的日期和时间。Date and time when the runbook job executed. |
| RunbookName_sRunbookName_s | Runbook 的名称。The name of the runbook. |
| Caller_sCaller_s | 启动操作的调用方。The caller that initiated the operation. 可能的值为电子邮件地址或计划作业的系统。Possible values are either an email address or system for scheduled jobs. |
| StreamType_sStreamType_s | 作业流的类型。The type of job stream. 可能的值包括:Possible values are: - 进度-Progress - Output(输出)- Output - Warning(警告)- Warning - Error(错误)- Error - Debug(调试)- Debug - 详细- Verbose |
| Tenant_gTenant_g | 用于为调用方标识租户的 GUID。GUID that identifies the tenant for the caller. |
| JobId_gJobId_g | 标识 Runbook 作业的 GUID。GUID that identifies the runbook job. |
| ResultTypeResultType | Runbook 作业的状态。The status of the runbook job. 可能的值包括:Possible values are: - In Progress- In Progress |
| CategoryCategory | 数据类型的分类。Classification of the type of data. 对于自动化,该值为 JobStreams。For Automation, the value is JobStreams. |
| OperationNameOperationName | Azure 中执行的操作的类型。Type of operation performed in Azure. 对于自动化,该值为 Job。For Automation, the value is Job. |
| 资源Resource | 自动化帐户的名称。The name of the Automation account. |
| SourceSystemSourceSystem | Azure Monitor 日志用来收集数据的系统。System that Azure Monitor logs use to collect the data. 对于 Azure 诊断,值始终为 Azure。The value is always Azure for Azure diagnostics. |
| ResultDescriptionResultDescription | 包括来自 Runbook 的输出流的说明。Description that includes the output stream from the runbook. |
| CorrelationIdCorrelationId | Runbook 作业的关联 GUID。The correlation GUID of the runbook job. |
| ResourceIdResourceId | Runbook 的 Azure 自动化帐户资源 ID。The Azure Automation account resource ID of the runbook. |
| SubscriptionIdSubscriptionId | 自动化帐户的 Azure 订阅 GUID。The Azure subscription GUID for the Automation account. |
| ResourceGroupResourceGroup | 自动化帐户的资源组的名称。The name of the resource group for the Automation account. |
| ResourceProviderResourceProvider | 资源提供程序。The resource provider. 值为 MICROSOFT.AUTOMATION。The value is MICROSOFT.AUTOMATION. |
| ResourceTypeResourceType | 资源类型。The resource type. 值为 AUTOMATIONACCOUNTS。The value is AUTOMATIONACCOUNTS. |
在 Azure Monitor 日志中查看自动化日志View Automation logs in Azure Monitor logs
现在,你已开始将自动化作业流和日志发送到 Azure Monitor 日志,接下来让我们看看可在 Azure Monitor 日志中对这些日志执行哪些操作。Now that you started sending your Automation job streams and logs to Azure Monitor logs, let's see what you can do with these logs inside Azure Monitor logs.
若要查看日志,请运行以下查询:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"To see the logs, run the following query: AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION"
Runbook 作业失败或暂停时发送电子邮件Send an email when a runbook job fails or suspends
以下步骤说明如何在 Azure Monitor 中设置警报,以便在 Runbook 作业出现问题时通知你。The following steps show how to set up alerts in Azure Monitor to notify you when something goes wrong with a runbook job.
要创建警报规则,请先针对应调用警报的 Runbook 作业记录创建日志搜索。To create an alert rule, start by creating a log search for the runbook job records that should invoke the alert. 单击“警报”按钮以创建和配置警报的规则。Click the Alert button to create and configure the alert rule.
在 Log Analytics 工作区的“概述”页面中,单击“查看日志”。From the Log Analytics workspace Overview page, click View logs.
在查询字段中键入以下搜索,针对警报创建日志搜索查询:
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")Create a log search query for your alert by typing the following search into the query field:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended")
也可使用以下命令按 Runbook 名称进行分组:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_sYou can also group by the runbook name by using:AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and (ResultType == "Failed" or ResultType == "Suspended") | summarize AggregatedValue = count() by RunbookName_s如果设置了在工作区中收集来自多个自动化帐户或订阅的日志,则可以按照订阅或自动化帐户来为警报分组。If you set up logs from more than one Automation account or subscription to your workspace, you can group your alerts by subscription and Automation account. 可在
JobLogs搜索中的Resource字段中找到自动化帐户名称。Automation account name can be found in theResourcefield in the search ofJobLogs.若要打开“创建规则”屏幕,请单击页面顶部的“新建警报规则” 。To open the Create rule screen, click New Alert Rule at the top of the page. 要详细了解用于配置警报的选项,请参阅 Azure 中的日志警报。For more information on the options to configure the alert, see Log alerts in Azure.
查找已完成但出错的所有作业Find all jobs that have completed with errors
除了在失败时发出警报外,还可以发现 Runbook 作业何时发生非终止错误。In addition to alerting on failures, you can find when a runbook job has a non-terminating error. 在这些情况下,PowerShell 会生成一个错误流,但非终止错误不会导致作业暂停或失败。In these cases, PowerShell produces an error stream, but the non-terminating errors don't cause your job to suspend or fail.
在 Log Analytics 工作区中,单击“日志”。In your Log Analytics workspace, click Logs.
在查询字段中,键入
AzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g。In the query field, typeAzureDiagnostics | where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and StreamType_s == "Error" | summarize AggregatedValue = count() by JobId_g.单击“搜索”按钮。Click the Search button.
查看作业的作业流View job streams for a job
调试作业时,你可能还希望深入查看作业流。When you're debugging a job, you might also want to look into the job streams. 以下查询会显示 GUID 为 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0 的单个作业的所有流:The following query shows all the streams for a single job with GUID 2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0:
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobStreams" and JobId_g == "2ebd22ea-e05e-4eb9-9d76-d73cbd4356e0"
| sort by TimeGenerated asc
| project ResultDescription
查看历史作业状态View historical job status
最后,可能需要直观显示一段时间内的作业历史记录。Finally, you might want to visualize your job history over time. 可以使用此查询来搜索作业在不同时间段的状态。You can use this query to search for the status of your jobs over time.
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.AUTOMATION" and Category == "JobLogs" and ResultType != "started"
| summarize AggregatedValue = count() by ResultType, bin(TimeGenerated, 1h)
筛选已转换为 JSON 对象的作业状态输出Filter job status output converted into a JSON object
最近,我们更改了将自动化日志数据写入 Log Analytics 服务的 AzureDiagnostics 表的行为方式,在该表中不再将 JSON 属性分解为单独的字段。Recently we changed the behavior of how the Automation log data is written to the AzureDiagnostics table in the Log Analytics service, where it no longer breaks down the JSON properties into separate fields. 如果 runbook 已配置为将 JSON 格式的输出流中的对象格式化为单独的列,则必须重新配置查询以将该字段解析为 JSON 对象,以便访问这些属性。If you configured your runbook to format objects in the output stream in JSON format as separate columns, it is necessary to reconfigure your queries to parse that field to a JSON object in order to access those properties. 这是使用 parsejson 访问已知路径中的特定 JSON 元素来实现的。This is accomplished using parsejson to access a specific JSON element in a known path.
例如,runbook 将 JSON 格式的输出流中的 ResultDescription 属性格式化为多个字段。For example, a runbook formats the ResultDescription property in the output stream in JSON format with multiple fields. 若要搜索在名为“Status”的字段中指定为失败状态的作业的状态,请使用此示例查询搜索状态为“Failed”的 ResultDescription:To search for the status of your jobs that are in a failed state as specified in a field called Status, use this example query to search the ResultDescription with a status of Failed:
AzureDiagnostics
| where Category == 'JobStreams'
| extend jsonResourceDescription = parse_json(ResultDescription)
| where jsonResourceDescription.Status == 'Failed'
后续步骤Next steps
- 若要了解如何使用 Azure Monitor 日志构建搜索查询和查看自动化作业日志,请参阅 Azure Monitor 日志中的日志搜索。To learn how to construct search queries and review the Automation job logs with Azure Monitor logs, see Log searches in Azure Monitor logs.
- 若要了解如何从 Runbook 创建和检索输出及错误消息,请参阅监视 Runbook 输出。To understand creation and retrieval of output and error messages from runbooks, see Monitor runbook output.
- 若要详细了解 Runbook 执行情况、Runbook 作业的监视方式以及其他技术详细信息,请参阅在 Azure 自动化中执行 Runbook。To learn more about runbook execution, how to monitor runbook jobs, and other technical details, see Runbook execution in Azure Automation.
- 若要详细了解 Azure Monitor 日志和数据收集源,请参阅“在 Azure Monitor 日志中收集 Azure 存储数据”概述。To learn more about Azure Monitor logs and data collection sources, see Collecting Azure storage data in Azure Monitor logs overview.
- 若在排查 Log Analytics 问题时需要帮助,请参阅排查 Log Analytics 不再收集数据的原因。For help troubleshooting Log Analytics, see Troubleshooting why Log Analytics is no longer collecting data.