Application Insights 中的数据收集、保留和存储Data collection, retention and storage in Application Insights

在应用中安装 Azure Application Insights SDK 后,它会将有关应用的遥测数据发送到云中。When you install Azure Application Insights SDK in your app, it sends telemetry about your app to the Cloud. 负责的开发人员自然想要确切了解发送了哪些数据、数据的后续情况,以及如何控制数据。Naturally, responsible developers want to know exactly what data is sent, what happens to the data, and how they can keep control of it. 具体而言,是否发送了敏感数据?数据存储在何处?其安全性怎样?In particular, could sensitive data be sent, where is it stored, and how secure is it?

首先,简短的答案是:First, the short answer:

  • “按原样”运行的标准遥测模块不太可能将敏感数据发送到服务。The standard telemetry modules that run "out of the box" are unlikely to send sensitive data to the service. 遥测考虑到负载、性能和使用指标、异常报告和其他诊断数据。The telemetry is concerned with load, performance and usage metrics, exception reports, and other diagnostic data. 诊断报告中显示的主要用户数据是 URL;但是,应用在任何情况下都不应该将敏感数据以明文形式放在 URL 中。The main user data visible in the diagnostic reports are URLs; but your app shouldn't in any case put sensitive data in plain text in a URL.
  • 可以编写发送其他自定义遥测数据的代码,帮助进行诊断与监视使用情况。You can write code that sends additional custom telemetry to help you with diagnostics and monitoring usage. (这种可扩展性是 Application Insights 的突出特性之一)。在编写此代码时,有可能不小心包含个人数据和其他敏感数据。(This extensibility is a great feature of Application Insights.) It would be possible, by mistake, to write this code so that it includes personal and other sensitive data. 如果应用程序可处理此类数据,则应对编写的所有代码进行彻底审查。If your application works with such data, you should apply a thorough review processes to all the code you write.
  • 开发和测试应用时,可以轻松检查 SDK 发送的内容。While developing and testing your app, it's easy to inspect what's being sent by the SDK. 数据会显示在 IDE 和浏览器的调试输出窗口中。The data appears in the debugging output windows of the IDE and browser.
  • 数据保存在中国的世纪互联 Azure 服务器中。The data is held in 21Vianet Azure servers in the USA or Europe. (但应用可在任何位置运行)。Azure 有严格的安全过程,并符合各种法规标准(But your app can run anywhere.) Azure has strong security processes and meets a broad range of compliance standards. 只有你和指定的团队可以访问数据。Only you and your designated team have access to your data. Azure 工作人员只会在知情的情况下和受限的具体情况下,才对数据拥有受限的访问权限。Azure staff can have restricted access to it only under specific limited circumstances with your knowledge. 将对传输中的静态数据加密。It's encrypted in transit and at rest.

本文的余下部分详细阐述上述答案。The rest of this article elaborates more fully on these answers. 本文的内容简单直白,因此,可以将其转达给不属于直属团队的同事。It's designed to be self-contained, so that you can show it to colleagues who aren't part of your immediate team.

什么是 Application Insights?What is Application Insights?

Azure Application Insights 是 Azure 提供的一项服务,可帮助改进实时应用程序的性能和可用性。Azure Application Insights is a service provided by Azure that helps you improve the performance and usability of your live application. 它在应用程序运行时全程进行监视,包括测试期间以及发布或部署之后。It monitors your application all the time it's running, both during testing and after you've published or deployed it. Application Insights 可创建图表和表格来显示多种信息,例如,一天中的哪些时间用户最多、应用的响应能力如何,以及应用依赖的任何外部服务是否顺利地为其提供服务。Application Insights creates charts and tables that show you, for example, what times of day you get most users, how responsive the app is, and how well it is served by any external services that it depends on. 如果出现崩溃、故障或性能问题,可以搜索详细的遥测数据来诊断原因。If there are crashes, failures or performance issues, you can search through the telemetry data in detail to diagnose the cause. 此外,如果应用的可用性和性能有任何变化,服务会向你发送电子邮件。And the service will send you emails if there are any changes in the availability and performance of your app.

要获取此功能,需在应用程序中安装 Application Insights SDK,该 SDK 将成为应用程序代码的一部分。In order to get this functionality, you install an Application Insights SDK in your application, which becomes part of its code. 当应用运行时,SDK 将监视其操作,并将遥测发送到 Application Insights 服务。When your app is running, the SDK monitors its operation and sends telemetry to the Application Insights service. 这是世纪互联 Azure 托管的云服务。This is a cloud service hosted by 21Vianet Azure. (不过,Application Insights 适用于任何应用程序,而不只是 Azure 中托管的应用程序)。(But Application Insights works for any applications, not just those that are hosted in Azure.)

Application Insights 服务存储并分析遥测数据。The Application Insights service stores and analyzes the telemetry. 若要查看分析或搜索已存储的遥测数据,可以登录到 Azure 帐户并打开应用程序的 Application Insights 资源。To see the analysis or search through the stored telemetry, you sign in to your Azure account and open the Application Insights resource for your application. 还可以与团队的其他成员或指定的 Azure 订户共享数据访问权限。You can also share access to the data with other members of your team, or with specified Azure subscribers.

可以从 Application Insights 服务导出数据,例如,导出到数据库或外部工具。You can have data exported from the Application Insights service, for example to a database or to external tools. 需要为每项工具提供从服务获取的特殊密钥。You provide each tool with a special key that you obtain from the service. 如果需要,可以吊销该密钥。The key can be revoked if necessary.

Application Insights SDK 可用于多种应用程序类型:托管在自己的 Java EE 或 ASP.NET 服务器中或者 Azure 中的 Web 服务;Web 客户端(即网页中运行的代码);桌面应用和服务;设备应用,例如 Windows Phone、iOS 和 Android。Application Insights SDKs are available for a range of application types: web services hosted in your own Java EE or ASP.NET servers, or in Azure; web clients - that is, the code running in a web page; desktop apps and services; device apps such as Windows Phone, iOS, and Android. 它们都将遥测数据发送到相同的服务。They all send telemetry to the same service.

它收集哪些数据?What data does it collect?

有三种数据源:There are three sources of data:

  • SDK。可以在开发阶段或者在运行时将它与应用集成。The SDK, which you integrate with your app either in development or at run time. 不同类型的应用程序有不同的 SDK。There are different SDKs for different application types. 此外还有网页 SDK,连同页面一起加载到用户的浏览器中。There's also an SDK for web pages, which loads into the end-user's browser along with the page.

    • 每个 SDK 有许多模块,这些模块使用不同的技术收集不同类型的遥测数据。Each SDK has a number of modules, which use different techniques to collect different types of telemetry.
    • 如果在开发环境中安装 SDK,则除了使用标准模块发送自己的遥测数据以外,还可以使用 SDK 的 API 发送这些数据。If you install the SDK in development, you can use its API to send your own telemetry, in addition to the standard modules. 这些自定义遥测数据可以包含所要发送的任何数据。This custom telemetry can include any data you want to send.
  • 在某些 Web 服务器中,还装有与应用一起运行并发送有关 CPU、内存和网络占用量的遥测数据的代理。In some web servers, there are also agents that run alongside the app and send telemetry about CPU, memory, and network occupancy. 例如,Azure VM、Docker 主机和 Java EE 服务器都可能拥有此类代理。For example, Azure VMs, Docker hosts, and Java EE servers can have such agents.

  • 可用性测试是 Azure 运行的过程,可定期将请求发送到 Web 应用。Availability tests are processes run by Azure that send requests to your web app at regular intervals. 结果将发送到 Application Insights 服务。The results are sent to the Application Insights service.

收集哪些类型的数据?What kinds of data are collected?

主要类别如下:The main categories are:

  • Web 服务器遥测数据 - HTTP 请求。Web server telemetry - HTTP requests. URI、处理请求花费的时间、响应代码、客户端 IP 地址。Uri, time taken to process the request, response code, client IP address. Session idSession id.
  • 网页 - 页面、用户和会话计数。Web pages - Page, user and session counts. 页面加载时间。Page load times. 异常。Exceptions. Ajax 调用。Ajax calls.
  • 性能计数器 - 内存、CPU、IO、网络占用量。Performance counters - Memory, CPU, IO, Network occupancy.
  • 客户端和服务器上下文 - OS、区域性、设备类型、浏览器和屏幕分辨率。Client and server context - OS, locale, device type, browser, screen resolution.
  • 异常和崩溃 - 堆栈转储build id、CPU 类型。Exceptions and crashes - stack dumps, build id, CPU type.
  • 依赖项 - 对外部服务的调用,例如 REST、SQL、AJAX。Dependencies - calls to external services such as REST, SQL, AJAX. URI 或连接字符串、持续时间、成功结果、命令。URI or connection string, duration, success, command.
  • 可用性测试 - 测试持续时间、步骤、响应。Availability tests - duration of test and steps, responses.
  • 跟踪日志自定义遥测 - 在日志或遥测中编写的任何内容Trace logs and custom telemetry - anything you code into your logs or telemetry.

更多详细信息More detail.

如何验证收集了哪些信息?How can I verify what's being collected?

如果使用 Visual Studio 开发应用,请在调试模式下运行应用 (F5)。If you're developing the app using Visual Studio, run the app in debug mode (F5). 遥测数据会显示在“输出”窗口中。The telemetry appears in the Output window. 在该窗口中,可以复制遥测数据并将其格式设置为 JSON 以便于检查。From there, you can copy it and format it as JSON for easy inspection.

“诊断”窗口中还提供了一个可方便阅读的视图。There's also a more readable view in the Diagnostics window.

针对网页,请打开浏览器的调试窗口。For web pages, open your browser's debugging window.

按 F12 打开“网络”选项卡。

是否可以编写代码来筛选遥测数据,然后将它发送出去?Can I write code to filter the telemetry before it is sent?

可以编写遥测处理器插件来实现此目的。This would be possible by writing a telemetry processor plugin.

数据保留多长时间?How long is the data kept?

原始数据点(即,可以在 Analytics 中查询并在“搜索”中检查的项)最多可以保留 730 天。Raw data points (that is, items that you can query in Analytics and inspect in Search) are kept for up to 730 days. 可以选择保留期限 30 天、60 天、90 天、120 天、180 天、270 天、365 天、550 天或 730 天。You can select a retention duration of 30, 60, 90, 120, 180, 270, 365, 550 or 730 days. 如果需要将数据保留超过 730 天,则可以使用连续导出在数据引入过程中将其复制到存储帐户。If you need to keep data longer than 730 days, you can use Continuous Export to copy it to a storage account during data ingestion.

保留时间超过 90 天的数据将产生额外费用。Data kept longer than 90 days will incur addition charges. Azure Monitor 定价页上详细了解 Application Insights 定价。Learn more about Application Insights pricing on the Azure Monitor pricing page.

1 分钟粒度的聚合数据(即,在指标资源管理器中显示的计数、平均值和其他统计信息)可保留 90 天。Aggregated data (that is, counts, averages and other statistical data that you see in Metric Explorer) are retained at a grain of 1 minute for 90 days.

此保留策略是逐个应用程序进行设置。This retention policy is set on a per-application basis. 如果需要,可以在 Azure 门户中打开支持案例,以请求增加此值。If you need to increase this value, you can request an increase by opening a support case in the Azure portal.

谁可以访问该数据?Who can access the data?

你和团队成员(如果使用组织帐户)可以看到数据。The data is visible to you and, if you have an organization account, your team members.

你和团队成员可以导出数据,还可以将其复制到其他位置并传递给其他人员。It can be exported by you and your team members and could be copied to other locations and passed on to other people.

Azure 如何处理应用发送到 Application Insights 的信息?What does Azure do with the information my app sends to Application Insights?

Azure 只使用这些数据来向你提供服务。Azure uses the data only in order to provide the service to you.

数据保存在哪个位置?Where is the data held?

  • 在中国。In the China. 创建新的 Application Insights 资源时,可以选择存储位置。You can select the location when you create a new Application Insights resource.

这是否意味着必须在中国托管我的应用?Does that mean my app has to be hosted in China?

  • 否。No. 应用程序可在任何位置运行,不管是在自己的本地主机中还是云中。Your application can run anywhere, either in your own on-premises hosts or in the cloud.

数据的安全性如何?How secure is my data?

Application Insights 是一项 Azure 服务。Application Insights is an Azure Service. Azure Security, Privacy, and Compliance white paper(Azure 安全性、隐私性和遵从性白皮书)中介绍了安全政策。Security policies are described in the Azure Security, Privacy, and Compliance white paper.

数据存储在世纪互联 Azure 服务器中。The data is stored in 21Vianet Azure servers. 对于 Azure 门户中的帐户,将实施 Azure Security, Privacy, and Compliance document(Azure 安全性、隐私性和遵从性白皮书)中所述的帐户限制。For accounts in the Azure Portal, account restrictions are described in the Azure Security, Privacy, and Compliance document.

Azure 工作人员对数据的访问将受到限制。Access to your data by Azure personnel is restricted. 我们只有在获得许可以及为了帮助你使用 Application Insights 而有必要访问时才访问数据。We access your data only with your permission and if it is necessary to support your use of Application Insights.

跨所有客户应用程序(例如数据速率和平均跟踪大小)的聚合数据用于改善 Application Insights。Data in aggregate across all our customers' applications (such as data rates and average size of traces) is used to improve Application Insights.

其他人的遥测数据是否会干扰我的 Application Insights 数据?Could someone else's telemetry interfere with my Application Insights data?

他们可以使用检测密钥将附加的遥测数据发送到帐户,而检测密钥在网页的代码中。They could send additional telemetry to your account by using the instrumentation key, which can be found in the code of your web pages. 如果附加数据过多,指标会错误地呈现应用的性能和使用情况。With enough additional data, your metrics would not correctly represent your app's performance and usage.

如果与其他项目共享代码,请务必删除检测密钥。If you share code with other projects, remember to remove your instrumentation key.

数据是否已加密?Is the data encrypted?

在数据中心之间移动的所有数据都经过静态加密。All data is encrypted at rest and as it moves between data centers.

从应用程序传输到 Application Insights 服务器的数据是否经过加密?Is the data encrypted in transit from my application to Application Insights servers?

是。我们使用 https 将数据从几乎所有 SDK(包括 Web 服务器、设备和 HTTPS 网页)发送到门户。Yes, we use https to send data to the portal from nearly all SDKs, including web servers, devices and HTTPS web pages. 唯一的例外是从纯 HTTP 网页发送的数据。The only exception is data sent from plain HTTP web pages.

SDK 是否创建临时本地存储?Does the SDK create temporary local storage?

是。如果无法访问终结点,一些遥测通道在本地暂留数据。Yes, certain Telemetry Channels will persist data locally if an endpoint cannot be reached. 请查看下面的内容,以确定哪些框架和遥测通道受影响。Please review below to see which frameworks and telemetry channels are affected.

利用本地存储的遥测通道会在 TEMP 或 APPDATA 目录中创建临时文件,但仅限于运行应用程序的特定帐户。Telemetry channels that utilize local storage create temp files in the TEMP or APPDATA directories which are restricted to the specific account running your application. 当终结点暂时不可用或达到限制值时,可能会发生这种情况。This may happen when an endpoint was temporarily unavailable or you hit the throttling limit. 解决此问题后,遥测通道便会恢复发送所有新数据和暂留数据。Once this issue is resolved, the telemetry channel will resume sending all the new and persisted data.

此持久数据不会在本地加密。This persisted data is not encrypted locally. 如果这是一个问题,请检查数据并限制私人数据的收集。If this is a concern, review the data and restrict the collection of private data.

如果客户需要使用特定安全要求配置此目录,可以逐个框架进行配置。If a customer needs to configure this directory with specific security requirements it can be configured per framework. 请确保运行应用程序的进程对此目录拥有写入权限,并确保此目录受保护,以免遥测数据遭用户意外读取。Please make sure that the process running your application has write access to this directory, but also make sure this directory is protected to avoid telemetry being read by unintended users.

JavaJava

C:\Users\username\AppData\Local\Temp 用于暂留数据。C:\Users\username\AppData\Local\Temp is used for persisting data. 此位置无法通过配置目录进行配置,只有拥有所需凭据的特定用户,才有权访问此文件夹。This location isn't configurable from the config directory and the permissions to access this folder are restricted to the specific user with required credentials. (请参阅此处的实现。)(See implementation here.)

.Net.Net

默认情况下,ServerTelemetryChannel 使用当前用户的本地应用数据文件夹 %localAppData%\Microsoft\ApplicationInsights 或临时文件夹 %TMP%By default ServerTelemetryChannel uses the current user’s local app data folder %localAppData%\Microsoft\ApplicationInsights or temp folder %TMP%.

通过配置文件:Via configuration file:

<TelemetryChannel Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.ServerTelemetryChannel,   Microsoft.AI.ServerTelemetryChannel">
    <StorageFolder>D:\NewTestFolder</StorageFolder>
</TelemetryChannel>

通过代码:Via code:

  • 从配置文件中删除 ServerTelemetryChannelRemove ServerTelemetryChannel from configuration file
  • 将此代码片段添加到配置中:Add this snippet to your configuration:
    ServerTelemetryChannel channel = new ServerTelemetryChannel();
    channel.StorageFolder = @"D:\NewTestFolder";
    channel.Initialize(TelemetryConfiguration.Active);
    TelemetryConfiguration.Active.TelemetryChannel = channel;
    

NetCoreNetCore

默认情况下,ServerTelemetryChannel 使用当前用户的本地应用数据文件夹 %localAppData%\Microsoft\ApplicationInsights 或临时文件夹 %TMP%By default ServerTelemetryChannel uses the current user’s local app data folder %localAppData%\Microsoft\ApplicationInsights or temp folder %TMP%.

下面的代码片段展示了如何在  Startup.cs  类的 ConfigureServices()  方法中设置 ServerTelemetryChannel.StorageFolderThe following code snippet shows how to set ServerTelemetryChannel.StorageFolder in the ConfigureServices() method of your Startup.cs class:

services.AddSingleton(typeof(ITelemetryChannel), new ServerTelemetryChannel () {StorageFolder = "/tmp/myfolder"});

(有关详细信息,请参阅 AspNetCore 自定义配置(See AspNetCore Custom Configuration for more information. ))

Node.jsNode.js

默认情况下,%TEMP%/appInsights-node{INSTRUMENTATION KEY} 用于暂留数据。By default %TEMP%/appInsights-node{INSTRUMENTATION KEY} is used for persisting data. 只有当前用户和管理员,才有权访问此文件夹。Permissions to access this folder are restricted to the current user and Administrators. (请参阅此处的实现。)(See implementation here.)

可更改 Sender.ts 中的静态变量 Sender.TEMPDIR_PREFIX 的运行时值,以替代文件夹前缀 appInsights-nodeThe folder prefix appInsights-node can be overridden by changing the runtime value of the static variable Sender.TEMPDIR_PREFIX found in Sender.ts.

如何使用 TLS 1.2 将数据发送到 Application Insights?How do I send data to Application Insights using TLS 1.2?

为了确保传输到 Application Insights 终结点的数据的安全性,我们强烈建议客户将其应用程序配置为至少使用传输层安全性 (TLS) 1.2。To insure the security of data in transit to the Application Insights endpoints, we strongly encourage customers to configure their application to use at least Transport Layer Security (TLS) 1.2. 我们发现旧版 TLS/安全套接字层 (SSL) 容易受到攻击,尽管出于向后兼容,这些协议仍可正常工作,但我们不建议使用,并且行业即将放弃对这些旧协议的支持。Older versions of TLS/Secure Sockets Layer (SSL) have been found to be vulnerable and while they still currently work to allow backwards compatibility, they are not recommended, and the industry is quickly moving to abandon support for these older protocols.

PCI 安全标准委员会规定 2018 年 6 月 30 日是停用旧版 TLS/SSL 并升级到更安全协议的截止时间。The PCI Security Standards Council has set a deadline of June 30th, 2018 to disable older versions of TLS/SSL and upgrade to more secure protocols. 在 Azure 放弃旧版支持后,如果应用程序/客户端无法通过最低版本 TLS 1.2 进行通信,则你无法将数据发送到 Application Insights。Once Azure drops legacy support, if your application/clients cannot communicate over at least TLS 1.2 you would not be able to send data to Application Insights. 测试和验证应用程序对 TLS 的支持的方法根据操作系统/平台以及应用程序使用的语言/框架而异。The approach you take to test and validate your application's TLS support will vary depending on the operating system/platform as well as the language/framework your application uses.

除非绝对必要,否则我们不建议将应用程序显式设置为仅使用 TLS 1.2,因为这可能会破坏平台级安全功能,导致无法自动检测并利用推出的更新且更安全的协议,例如 TLS 1.3。We do not recommend explicitly setting your application to only use TLS 1.2 unless absolutely necessary as this can break platform level security features that allow you to automatically detect and take advantage of newer more secure protocols as they become available such as TLS 1.3. 我们建议针对应用程序代码执行全面的审核,以检查特定 TLS/SSL 版本的硬编码。We recommend performing a thorough audit of your application's code to check for hardcoding of specific TLS/SSL versions.

特定于平台/语言的指导Platform/Language specific guidance

平台/语言Platform/Language 支持Support 更多信息More Information
Azure 应用服务Azure App Services 受支持,可能需要配置。Supported, configuration may be required. 已在 2018 年 4 月宣告支持。Support was announced in April 2018. 阅读有关配置详细信息的宣告。Read the announcement for configuration details.
Azure 函数应用Azure Function Apps 受支持,可能需要配置。Supported, configuration may be required. 已在 2018 年 4 月宣告支持。Support was announced in April 2018. 阅读有关配置详细信息的宣告。Read the announcement for configuration details.
.NET.NET 受支持,配置因版本而异。Supported, configuration varies by version. 有关 .NET 4.7 和更低版本的详细配置信息,请参阅这些说明For detailed configuration info for .NET 4.7 and earlier versions refer to these instructions.
状态监视器Status Monitor 受支持,需要配置Supported, configuration required 状态监视器依赖于使用 OS 配置 + .NET 配置来支持 TLS 1.2。Status Monitor relies on OS Configuration + .NET Configuration to support TLS 1.2.
Node.jsNode.js 受支持,在 v10.5.0 中可能需要配置。Supported, in v10.5.0, configuration may be required. 使用官方的 Node.js TLS/SSL 文档完成任何特定于应用程序的配置。Use the official Node.js TLS/SSL documentation for any application specific configuration.
JavaJava 受支持,JDK 6 Update 121JDK 7 中添加了对 TLS 1.2 的 JDK 支持。Supported, JDK support for TLS 1.2 was added in JDK 6 update 121 and JDK 7. JDK 8 默认使用 TLS 1.2JDK 8 uses TLS 1.2 by default.
LinuxLinux Linux 分发版往往依赖于 OpenSSL 来提供 TLS 1.2 支持。Linux distributions tend to rely on OpenSSL for TLS 1.2 support. 请检查 OpenSSL 变更日志,确认你的 OpenSSL 版本是否受支持。Check the OpenSSL Changelog to confirm your version of OpenSSL is supported.
Windows 8.0 - 10Windows 8.0 - 10 受支持,并且默认已启用。Supported, and enabled by default. 确认是否仍在使用默认设置To confirm that you are still using the default settings.
Windows Server 2012 - 2016Windows Server 2012 - 2016 受支持,并且默认已启用。Supported, and enabled by default. 确认是否仍在使用默认设置To confirm that you are still using the default settings
Windows 7 SP1 和 Windows Server 2008 R2 SP1Windows 7 SP1 and Windows Server 2008 R2 SP1 受支持,但默认未启用。Supported, but not enabled by default. 有关启用方法的详细信息,请参阅传输层安全性 (TLS) 注册表设置页。See the Transport Layer Security (TLS) registry settings page for details on how to enable.
Windows Server 2008 SP2Windows Server 2008 SP2 对 TLS 1.2 的支持需要更新。Support for TLS 1.2 requires an update. 请参阅 Windows Server 2008 SP2 中的更新以添加对 TLS 1.2 的支持See Update to add support for TLS 1.2 in Windows Server 2008 SP2.
Windows VistaWindows Vista Not Supported. 不适用N/A

检查 Linux 分发版正在运行哪个 OpenSSL 版本Check what version of OpenSSL your Linux distribution is running

若要检查安装的 OpenSSL 版本,请打开终端并运行:To check what version of OpenSSL you have installed, open the terminal and run:

openssl version -a

在 Linux 上运行测试 TLS 1.2 事务Run a test TLS 1.2 transaction on Linux

若要运行初步测试来查看 Linux 系统是否能够通过 TLS 1.2 进行通信,请打开终端并运行以下命令:To run a preliminary test to see if your Linux system can communicate over TLS 1.2., open the terminal and run:

openssl s_client -connect bing.com:443 -tls1_2

Application Insights 中存储的个人数据Personal data stored in Application Insights

Application Insights 个人数据文章深入探讨了此问题。Our Application Insights personal data article discusses this issue in-depth.

用户是否可以关闭 Application Insights?Can my users turn off Application Insights?

无法直接关闭。Not directly. 我们未提供用户可操作的开关来关闭 Application Insights。We don't provide a switch that your users can operate to turn off Application Insights.

但是,可以在应用程序中实现此类功能。However, you can implement such a feature in your application. 所有 SDK 都包括关闭遥测收集的 API 设置。All the SDKs include an API setting that turns off telemetry collection.

Application Insights 发送的数据Data sent by Application Insights

SDK 根据平台的不同而异,可以安装多个组件。The SDKs vary between platforms, and there are several components that you can install. (请参阅 Application Insights - 概述。)每个组件发送不同的数据。(Refer to Application Insights - overview.) Each component sends different data.

不同情况下发送的数据类Classes of data sent in different scenarios

操作Your action 收集的数据类(参阅下一表格)Data classes collected (see next table)
将 Application Insights SDK 添加到 .NET Web 项目Add Application Insights SDK to a .NET web project ServerContextServerContext
推断Inferred
性能计数器Perf counters
请求Requests
异常Exceptions
会话Session
usersusers
在 IIS 上安装状态监视器Install Status Monitor on IIS 依赖项Dependencies
ServerContextServerContext
推断Inferred
性能计数器Perf counters
将 Application Insights SDK 添加到 Java Web 应用Add Application Insights SDK to a Java web app ServerContextServerContext
推断Inferred
请求Request
会话Session
usersusers
将 JavaScript SDK 添加到网页Add JavaScript SDK to web page ClientContextClientContext
推断Inferred
PagePage
ClientPerfClientPerf
AjaxAjax
定义默认属性Define default properties 所有标准事件和自定义事件的属性Properties on all standard and custom events
调用 TrackMetricCall TrackMetric 数字值Numeric values
属性Properties
调用跟踪*Call Track* 事件名称Event name
属性Properties
调用 TrackExceptionCall TrackException 异常Exceptions
堆栈转储Stack dump
属性Properties
SDK 无法收集数据。SDK can't collect data. 例如:For example:
- 无法访问性能计数器- can't access perf counters
- 遥测初始值设定项异常- exception in telemetry initializer
SDK 诊断SDK diagnostics

有关适用于其他平台的 SDK,请参阅相关文档。For SDKs for other platforms, see their documents.

收集的数据类The classes of collected data

收集的数据类Collected data class 包含(此列表并不详尽)Includes (not an exhaustive list)
属性Properties 任何数据 - 由代码确定Any data - determined by your code
DeviceContextDeviceContext ID、IP、区域性、设备型号、网络、网络类型、OEM 名称、屏幕分辨率、角色实例、角色名称、设备类型Id, IP, Locale, Device model, network, network type, OEM name, screen resolution, Role Instance, Role Name, Device Type
ClientContextClientContext OS、区域性、语言、网络、窗口分辨率OS, locale, language, network, window resolution
会话Session 会话 IDsession id
ServerContextServerContext 计算机名称、区域性、OS、设备、用户会话、用户上下文、操作Machine name, locale, OS, device, user session, user context, operation
推断Inferred IP 地址中的地理位置、时间戳、OS、浏览器geo location from IP address, timestamp, OS, browser
指标Metrics 指标名称和值Metric name and value
事件Events 事件名称和值Event name and value
PageViewsPageViews URL 和页面名称或屏幕名称URL and page name or screen name
客户端性能Client perf URL/页面名称、浏览器加载时间URL/page name, browser load time
AjaxAjax 从网页到服务器的 HTTP 调用HTTP calls from web page to server
请求Requests URL、持续时间、响应代码URL, duration, response code
依赖项Dependencies 类型(SQL、HTTP...)、连接字符串或 URI、同步/异步、持续时间、成功结果、SQL 语句(包含状态监视器)Type(SQL, HTTP, ...), connection string or URI, sync/async, duration, success, SQL statement (with Status Monitor)
异常Exceptions 类型、消息、调用堆栈、源文件与行号、线程 IDType, message, call stacks, source file and line number, thread id
崩溃Crashes 进程 ID、父进程 ID、崩溃线程 ID;应用程序修补程序、ID、版本;异常类型、地址、原因;模糊符号和寄存器、二进制开始和结束地址、二进制文件名和路径、CPU 类型Process id, parent process id, crash thread id; application patch, id, build; exception type, address, reason; obfuscated symbols and registers, binary start and end addresses, binary name and path, cpu type
跟踪Trace 消息和严重级别Message and severity level
性能计数器Perf counters 处理器时间、可用内存、请求速率、异常率、进程专用字节、IO 速率、请求持续期间、请求队列长度Processor time, available memory, request rate, exception rate, process private bytes, IO rate, request duration, request queue length
可用性Availability Web 测试响应代码、每个测试步骤的持续时间、测试名称、时间戳、成功结果、响应时间、测试位置Web test response code, duration of each test step, test name, timestamp, success, response time, test location
SDK 诊断SDK diagnostics 跟踪消息或异常Trace message or Exception

可以通过编辑 ApplicationInsights.config 来关闭某些数据You can switch off some of the data by editing ApplicationInsights.config

备注

客户端 IP 用于推断地理位置,但默认情况下,不再存储 IP 数据且将所有的零写入关联的字段。Client IP is used to infer geographic location, but by default IP data is no longer stored and all zeroes are written to the associated field. 如果需要存储 IP 地址,可以使用遥测初始值设定项完成此操作。If you need to store IP address you can do so with a telemetry initializer.

致谢Credits

此产品包含 MaxMind 创建的 GeoLite2 数据,可从 https://www.maxmind.com 获取。This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.