用于容器的 Azure Monitor 常见问题解答Azure Monitor for containers Frequently Asked Questions

本 Microsoft 常见问题解答列出了用于容器的 Azure Monitor 的常见问题。This Microsoft FAQ is a list of commonly asked questions about Azure Monitor for containers. 如果对该解决方案还有其他任何问题,请访问论坛并发布问题。If you have any additional questions about the solution, go to the discussion forum and post your questions. 当某个问题经常被问到时,我们会将该问题添加到本文中,以便可以轻松快捷地找到该问题。When a question is frequently asked, we add it to this article so that it can be found quickly and easily.

我看不到在查询 ContainerLog 表时填充的图像和名称属性值。I don't see Image and Name property values populated when I query the ContainerLog table.

对于代理版本 ciprod12042019 和更高版本,默认情况下,不会为每个日志行填充这两个属性,这样是为了最大程度地减少收集日志数据时产生的成本。For agent version ciprod12042019 and later, by default these two properties are not populated for every log line to minimize cost incurred on log data collected. 有两个可用于查询表的选项,其中包含这些属性及其值:There are two options to query the table that include these properties with their values:

选项 1Option 1

联接其他表以在结果中包含这些属性值。Join other tables to include these property values in the results.

通过在 ContainerID 属性上进行联接,将查询修改为包含 ContainerInventory 表中的 Image 和 ImageTag 属性。Modify your queries to include Image and ImageTag properties from the ContainerInventory table by joining on ContainerID property. 通过在 ContainerID 属性上进行联接,可以包含 KubepodInventory 表的 ContaineName 字段中的 Name 属性(与以前在 ContainerLog 表中显示的相同)。建议使用此选项。You can include the Name property (as it previously appeared in the ContainerLog table) from KubepodInventory table's ContaineName field by joining on the ContainerID property.This is the recommended option.

下面的示例是一个示例详细查询,说明如何使用联接获取这些字段值。The following example is a sample detailed query that explains how to get these field values with joins.

//lets say we are querying an hour worth of logs
let startTime = ago(1h);
let endTime = now();
//below gets the latest Image & ImageTag for every containerID, during the time window
let ContainerInv = ContainerInventory | where TimeGenerated >= startTime and TimeGenerated < endTime | summarize arg_max(TimeGenerated, *)  by ContainerID, Image, ImageTag | project-away TimeGenerated | project ContainerID1=ContainerID, Image1=Image ,ImageTag1=ImageTag;
//below gets the latest Name for every containerID, during the time window
let KubePodInv  = KubePodInventory | where ContainerID != "" | where TimeGenerated >= startTime | where TimeGenerated < endTime | summarize arg_max(TimeGenerated, *)  by ContainerID2 = ContainerID, Name1=ContainerName | project ContainerID2 , Name1;
//now join the above 2 to get a 'jointed table' that has name, image & imagetag. Outer left is safer in-case there are no kubepod records are if they are latent
let ContainerData = ContainerInv | join kind=leftouter (KubePodInv) on $left.ContainerID1 == $right.ContainerID2;
//now join ContainerLog table with the 'jointed table' above and project-away redundant fields/columns and rename columns that were re-written
//Outer left is safer so you dont lose logs even if we cannot find container metadata for loglines (due to latency, time skew between data types etc...)
| where TimeGenerated >= startTime and TimeGenerated < endTime 
| join kind= leftouter (
) on $left.ContainerID == $right.ContainerID2 | project-away ContainerID1, ContainerID2, Name, Image, ImageTag | project-rename Name = Name1, Image=Image1, ImageTag=ImageTag1 

方法 2Option 2

为每个容器日志行的这些属性重新启用收集。Re-enable collection for these properties for every container log line.

如果第一个选项因涉及到查询更改而不方便,则可通过在代理配置映射中启用设置 log_collection_settings.enrich_container_logs 来重新启用收集这些字段的功能,如数据收集配置设置中所述。If the first option is not convenient due to query changes involved, you can re-enable collecting these fields by enabling the setting log_collection_settings.enrich_container_logs in the agent config map as described in the data collection configuration settings.


对于包含 50 个以上节点的大型群集,不建议使用第二个选项,因为它将从群集中的每个节点生成 API 服务器调用以执行此扩充。The second option is not recommend with large clusters that have more than 50 nodes, as it generates API server calls from every node > in the cluster to perform this enrichment. 此选项还会增加收集的每个日志行的数据大小。This option also increases data size for every log line collected.

是否可以使用用于容器的 Azure Monitor 监视 AKS-engine 群集?Can I monitor my AKS-engine cluster with Azure Monitor for containers?

用于容器的 Azure Monitor 支持监视部署到 Azure 上托管的 AKS-engine(以前称为 ACS-engine)群集的容器工作负荷。Azure Monitor for containers supports monitoring container workloads deployed to AKS-engine (formerly known as ACS-engine) cluster(s) hosted on Azure. 有关为此方案启用监视所需步骤的进一步详细信息和概述,请参阅将用于容器的 Azure Monitor 用于 AKS-engineFor further details and an overview of steps required to enable monitoring for this scenario, see Using Azure Monitor for containers for AKS-engine.

为何 Log Analytics 工作区中不显示数据?Why don't I see data in my Log Analytics workspace?

如果在每天的某个时间,在 Log Analytics 工作区中看不到任何数据,则可能已达到 500 MB 的默认限制或为了控制每天要收集的数据量而指定的每日上限。If you are unable to see any data in the Log Analytics workspace at a certain time everyday, you may have reached the default 500 MB limit or the daily cap specified to control the amount of data to collect daily. 如果当天的限制已达到,则数据收集将停止,并且仅在第二天恢复。When the limit is met for the day, data collection stops and resumes only on the next day. 若要查看数据使用情况,并根据预期的使用模式更新为不同的定价层,请参阅日志数据使用情况和成本To review your data usage and update to a different pricing tier based on your anticipated usage patterns, see Log data usage and cost.

ContainerInventory 表中指定的容器状态是什么?What are the container states specified in the ContainerInventory table?

ContainerInventory 表包含已停止和正在运行的容器的信息。The ContainerInventory table contains information about both stopped and running containers. 此表由代理中的一个工作流进行填充,该工作流查询 Docker 中的所有容器(正在运行的和已停止的),并将该数据转发到 Log Analytics 工作区。The table is populated by a workflow inside the agent that queries the docker for all the containers (running and stopped), and forwards that data the Log Analytics workspace.

如何解决“缺少订阅注册” 错误?How do I resolve Missing Subscription registration error?

如果收到“缺少 Microsoft.OperationsManagement 的订阅注册” 错误,则可以通过在定义了工作区的订阅中注册资源提供程序 Microsoft.OperationsManagement 来解决该错误。If you receive the error Missing Subscription registration for Microsoft.OperationsManagement, you can resolve it by registering the resource provider Microsoft.OperationsManagement in the subscription where the workspace is defined. 可以在此处找到介绍如何执行此操作的文档。The documentation for how to do this can be found here.

是否支持启用了 RBAC 的 AKS 群集?Is there support for RBAC enabled AKS clusters?

容器监视解决方案不支持 RBAC,但用于容器的 Azure Monitor 支持 RBAC。The Container Monitoring solution doesn’t support RBAC, but it is supported with Azure Monitor for Containers. 在显示这些群集的数据的边栏选项卡上,解决方案详细信息页可能不会显示正确的信息。The solution details page may not show the right information in the blades that show data for these clusters.

如何通过 Helm 为 kube-system 命名空间中的容器启用日志收集?How do I enable log collection for containers in the kube-system namespace through Helm?

默认情况下,kube-system 命名空间中的容器的日志收集被禁用。The log collection from containers in the kube-system namespace is disabled by default. 可以通过在 omsagent 上设置一个环境变量来启用日志收集。Log collection can be enabled by setting an environment variable on the omsagent. 有关详细信息,请参阅用于容器的 Azure Monitor GitHub 页。For more information, see the Azure Monitor for containers GitHub page.

如何将 omsagent 更新为最新发布的版本?How do I update the omsagent to the latest released version?

若要了解如何升级代理,请参阅代理管理To learn how to upgrade the agent, see Agent management.

如何启用多行日志记录?How do I enable multi-line logging?

当前,用于容器的 Azure Monitor 不支持多行日志记录,但有可用的变通方法。Currently Azure Monitor for containers doesn’t support multi-line logging, but there are workarounds available. 你可以将所有服务配置为以 JSON 格式进行写入,然后 Docker/Moby 会在单个行上写入它们。You can configure all the services to write in JSON format and then Docker/Moby will write them as a single line.

例如,可以将你的日志包装为一个 JSON 对象,如示例 node.js 应用程序的以下示例中所示:For example, you can wrap your log as a JSON object as shown in the example below for a sample node.js application:

      "Hello": "This example has multiple lines:",
      "Docker/Moby": "will not break this into multiple lines",
      "and you will receive":"all of them in log analytics",
      "as one": "log entry"

在你查询时,此数据将类似于用于日志的 Azure Monitor 中的以下示例:This data will look like the following example in Azure Monitor for logs when you query for it:

LogEntry : ({“Hello": "This example has multiple lines:","Docker/Moby": "will not break this into multiple lines", "and you will receive":"all of them in log analytics", "as one": "log entry"}

有关此问题的详细信息,请查看以下 GitHub 链接For a detailed look at the issue, review the following GitHub link.

如何解决启用实时日志时遇到的 Azure AD 错误?How do I resolve Azure AD errors when I enable live logs?

你可能会看到以下错误:在请求中指定的回复 URL 与为应用程序“<应用程序 ID>”配置的回复 URL 不匹配You may see the following error: The reply url specified in the request does not match the reply urls configured for the application: '<application ID>'.

为何在载入后不能升级群集?Why can't I upgrade cluster after onboarding?

如果为 AKS 群集启用用于容器的 Azure Monitor 后,删除了该群集将其数据发送到的 Log Analytics 工作区,则尝试升级该群集时,该操作将会失败。If after you enable Azure Monitor for containers for an AKS cluster, you delete the Log Analytics workspace the cluster was sending its data to, when attempting to upgrade the cluster it will fail. 若要解决这一问题,必须禁用监视,然后重新启用该监视,同时引用订阅中的另一个有效工作区。To work around this, you will have to disable monitoring and then re-enable it referencing a different valid workspace in your subscription. 当你尝试再次升级群集时,该升级操作应进行处理并成功完成。When you try to perform the cluster upgrade again, it should process and complete successfully.

需要为代理打开哪些端口和域,或将哪些端口和域加入允许列表?Which ports and domains do I need to open/whitelist for the agent?

有关 Azure 云、Azure 中国云的容器化代理所需的代理和防火墙配置信息,请参阅网络防火墙要求See the Network firewall requirements for the proxy and firewall configuration information required for the containerized agent with Azure, Azure China clouds.

后续步骤Next steps

若要开始监视 AKS 群集,请查看如何载入用于容器的 Azure Monitor 以了解启用监视的要求和可用方法。To begin monitoring your AKS cluster, review How to onboard the Azure Monitor for containers to understand the requirements and available methods to enable monitoring.