使用用于密钥保管库的 Azure Monitor(预览版)监视密钥保管库服务Monitoring your key vault service with Azure Monitor for Key Vault (preview)

用于密钥保管库的 Azure Monitor(预览版)通过提供密钥保管库请求、性能、故障和延迟的统一视图,对密钥保管库进行全面监视。Azure Monitor for Key Vault (preview) provides comprehensive monitoring of your key vaults by delivering a unified view of your Key Vault requests, performance, failures, and latency. 本文将帮助你了解如何加入和自定义用于密钥保管库的 Azure Monitor(预览版)的体验。This article will help you understand how to onboard and customize the experience of Azure Monitor for Key Vault (preview).

用于密钥保管库的 Azure Monitor(预览版)简介Introduction to Azure Monitor for Key Vault (preview)

在深入了解此体验之前,应该了解它如何呈现和可视化信息。Before jumping into the experience, you should understand how it presents and visualizes information.

  • 大规模透视图:可显示基于请求的性能快照视图、故障详情以及操作和延迟概览。At scale perspective showing a snapshot view of performance based on the requests, breakdown of failures, and an overview of the operations and latency.
  • 深化分析:可对特定密钥保管库执行详细分析。Drill down analysis of a particular key vault to perform detailed analysis.
  • 可自定义:可在其中更改要查看、修改的指标,或设置与限制相符的阈值,并保存你自己的工作簿。Customizable where you can change which metrics you want to see, modify or set thresholds that align with your limits, and save your own workbook. 可以将工作簿中的图表固定到 Azure 面板。Charts in the workbook can be pinned to Azure dashboards.

用于密钥保管库的 Azure Monitor 结合了日志和指标来提供全局监视解决方案。Azure Monitor for Key Vault combines both logs and metrics to provide a global monitoring solution. 所有用户都可以访问基于指标的监视数据,但包含基于日志的可视化效果可能要求用户对其 Azure 密钥保管库启用日志记录All users can access the metrics-based monitoring data, however the inclusion of logs-based visualizations may require users to enable logging of their Azure Key Vault.

配置密钥保管库以进行监视Configuring your key vaults for monitoring

备注

启用日志是一项付费服务,可提供其他监视功能。Enabling logs is a paid-service that provides additional monitoring capabilities.

  1. “操作与延迟”选项卡可帮助确定启用多少个以及启用哪些密钥保管库。The Operations & Latency tab helps you determine how many and which key vaults are enabled. 要开始收集,请选择“启用”按钮,随后跳转到一个单独的工作簿,其中列出了需要启用诊断日志的密钥保管库。To begin collecting, select the Enable button, which will bring you to a separate workbook that lists out the key vaults that require enabling diagnostic logs.

    “操作和延迟”选项卡的屏幕截图,其中显示了蓝色启用按钮

  2. 要启用诊断日志,请单击“操作”列下的“启用”链接,然后创建一个可将日志发送到 Log Analytics 工作区的新诊断设置。To enable diagnostic logs, click on the Enable link underneath the actions column, and create a new diagnostics setting that sends logs to a Log Analytics workspace. 建议将所有日志发送到同一工作区。It is recommended to send all the logs to the same workspace.

  3. 保存诊断设置后,你将能够查看蜜月保管库见解下的所有基于日志的图表和可视化效果。Once the diagnostic settings are saved, you will be able to view all the log-based charts and visualizations underneath the Key Vault Insights. 请注意,可能需要几分钟到几小时才能开始填充日志。Please note that it may take several minutes to hours to begin populating the logs.

  4. 有关如何为密钥保管库服务启用诊断日志的其他帮助,请参阅完整指南For additional assistance on how to enable diagnostic logs for your Key Vault service, read the full guide.

从 Azure Monitor 查看View from Azure Monitor

在 Azure Monitor 中,可以查看订阅中多个密钥保管库的请求、延迟和故障详细信息,并帮助确定性能问题和限制方案。From Azure Monitor, you can view request, latency, and failure details from multiple key vaults in your subscription, and help identify performance problems and throttling scenarios.

要查看所有订阅中存储帐户的利用率和操作情况,请执行以下步骤:To view the utilization and operations of your storage accounts across all your subscriptions, perform the following steps:

  1. 登录到 Azure 门户Sign into the Azure portal

  2. 从 Azure 门户的左侧窗格中选择“监视”,然后在“见解”部分下选择“密钥保管库(预览版)” 。Select Monitor from the left-hand pane in the Azure portal, and under the Insights section, select Key Vaults (preview).

“概览”体验的屏幕截图,其中显示了多个关系图

“概览”工作簿Overview workbook

在所选订阅的“概览”工作簿中,表显示了分组到该订阅的密钥保管库的交互式密钥保管库指标。On the Overview workbook for the selected subscription, the table displays interactive key vault metrics for key vaults grouped within the subscription. 你可以根据从下面的下拉列表中选择的选项来筛选结果:You can filter results based on the options you select from the following drop-down lists:

  • 订阅 - 仅列出具有密钥保管库的订阅。Subscriptions - only subscriptions that have key vaults are listed.

  • 密钥保管库 - 默认最多只能预选 5 个密钥保管库。Key Vaults - by default only up to 5 key vaults are pre-selected. 如果在作用域选择器中选择全部或多个密钥保管库,则将返回最多 200 个密钥保管库。If you select all or multiple key vaults in the scope selector, up to 200 key vaults will be returned. 例如,如果在你选择的三个订阅中共有 573 个密钥保管库,则将仅显示 200 个保管库。For example, if you had a total of 573 key vaults across three subscriptions that you've selected, only 200 vaults will be displayed.

  • 时间范围 - 系统默认会根据你所做的选择显示过去 24 小时的相应信息。Time Range - by default, displays the last 24 hours of information based on the corresponding selections made.

下拉列表下的计数器磁贴汇总了所选订阅中密钥保管库的总数并反映了选择的数目。The counter tile, under the drop-down list, rolls-up the total number of key vaults in the selected subscriptions and reflects how many are selected. 报告请求、故障和延迟指标的工作簿的列存在条件颜色编码的热度地图。There are conditional color-coded heatmaps for the columns of the workbook that report request, failures, and latency metrics. 最深的颜色具有最高值,较浅的颜色基于最低值。The deepest color has the highest value and a lighter color is based on the lowest values.

“故障”工作簿Failures workbook

在页面顶部选择“故障”,“故障”选项卡随即打开。Select Failures at the top of the page and the Failures tab opens. 其中显示了 API 命中率、一段时间的频率以及某些响应代码的数量。It shows you the API hits, frequency over time, along with the amount of certain response codes.

“故障”工作簿的屏幕截图

工作簿中报告蓝色值的 API 命中数指标的列存在条件颜色编码或热度地图。There is conditional color-coding or heatmaps for columns in the workbook that report API hits metrics with a blue value. 最深的颜色具有最高值,较浅的颜色基于最低值。The deepest color has the highest value and a lighter color is based on the lowest values.

工作簿显示成功(2xx 状态代码)、身份验证错误(401/403 状态代码)、限制(429 状态代码)和其他故障(4xx 状态代码)。The workbook displays Successes (2xx status codes), Authentication Errors (401/403 status codes), Throttling (429 status codes), and Other Failures (4xx status codes).

为了更好地理解每个状态代码的含义,建议通读有关 Azure 密钥保管库状态和响应代码的文档。To better understand what each of the status codes represent, we recommend reading through the documentation on Azure Key Vault status and response codes.

“操作与延迟”工作簿Operations & latency workbook

在页面顶部选择“操作与延迟”,“操作与延迟”选项卡随即打开 。Select Operations & Latency at the top of the page and the Operations & Latency tab opens. 借助此选项卡,可加入密钥保管库以进行监视。This tab enables you to onboard your key vaults for monitoring. 有关更多详细步骤,请参阅配置密钥保管库以进行监视部分。For more detailed steps see the Configuring your key vaults for Monitoring section.

你可以查看有多少个密钥保管库启用了日志记录。You can see how many of your key vaults are enabled for the logging. 如果正确配置了至少一个保管库,你将能够看到相关的表,其中显示了每个密钥保管库的操作和状态代码。If at least one vault has been configured properly, then you will be able to see tables that display the operations and status codes for each of your key vaults. 可单击各行的详细信息部分,以获取有关各个操作的其他信息。You can click into the details section for a row to get additional information on the individual operation.

“操作与延迟”图表的屏幕截图

如果在此部分未看到任何数据,请参考上面介绍如何为 Azure 密钥保管库启用日志的部分,或查看下面的疑难解答部分。If you are not seeing any data for this section, reference the top section on how to enable logs for Azure Key Vault, or check the troubleshooting section below.

从密钥保管库资源查看View from a Key Vault resource

要直接从密钥保管库访问用于密钥保管库的 Azure Monitor,请执行以下操作:To access Azure Monitor for Key Vault directly from a key Vault:

  1. 在 Azure 门户中,选择密钥保管库。In the Azure portal, select Key Vaults.

  2. 从列表中选择一个密钥保管库。From the list, choose a key vault. 在“监视”部分选择“见解(预览版)”。In the monitoring section, choose Insights (preview).

还可以从 Azure Monitor 级别工作簿中选择密钥保管库的资源名称来访问这些视图。These views are also accessible by selecting the resource name of a key vault from the Azure Monitor level workbook.

密钥保管库资源视图的屏幕截图

在密钥保管库的“概览”工作簿中,显示了一些可帮助你快速评估的性能指标:On the Overview workbook for the key vault, it shows several performance metrics that help you quickly assess:

  • 交互式性能图表,显示与密钥保管库事务、延迟和可用性相关的最重要的详细信息。Interactive performance charts showing the most essential details related to key vault transactions, latency, and availability.

  • 指标和状态磁贴,突出显示服务可用性、密钥保管库资源的事务总数和总体延迟。Metrics and status tiles highlighting service availability, total count of transactions to the key vault resource, and overall latency.

选择“故障”或“操作”的任何其他选项卡会打开相应的工作簿 。Selecting any of the other tabs for Failures or Operations opens the respective workbooks.

“故障”视图的屏幕截图

“故障”工作簿将细分所选期限内全部密钥保管库请求的结果,并提供成功 (2xx)、身份验证错误 (401/403)、限制 (429) 和其他故障几个分类。The failures workbook breakdowns the results of all key vault requests in the selected time frame, and provides categorization on Successes (2xx), Authentication Errors (401/403), Throttling (429), and other failures.

“操作”视图的屏幕截图

借助“操作”工作簿,用户可深入了解所有事务的完整详细信息,可以使用顶层磁贴按“结果状态”筛选这些事务。The Operations workbook allows users to deep dive into the full details of all transactions, which can be filtered by the Result Status using the top level tiles.

“操作”视图的屏幕截图

用户还可以根据上表中的特定事务类型来确定视图的作用域,这会动态更新下表,用户可以在弹出的上下文窗格中查看完整的操作详细信息。Users can also scope out views based on specific transaction types in the upper table, which dynamically updates the lower table, where users can view full operation details in a pop up context pane.

备注

请注意,用户必须启用了诊断设置才能查看此工作簿。Note that users must have the diagnostic settings enabled to view this workbook. 要详细了解如何启用诊断设置,请阅读有关 Azure 密钥保管库日志记录的详细信息。To learn more about enabling diagnostic setting, read more about Azure Key Vault Logging.

固定和导出Pin and export

可将任一指标部分固定到 Azure 仪表板,方法是选择该部分右上角的图钉图标。You can pin any one of the metric sections to an Azure dashboard by selecting the pushpin icon at the top right of the section.

在多订阅和密钥保管库“概览”或“失败”工作簿中,支持通过选择图钉图标左侧的下载图标来导出 Excel 格式的结果。The multi-subscription and key vaults overview or failures workbooks support exporting the results in Excel format by selecting the download icon to the left of the pushpin icon.

已选择的固定图标的屏幕截图

自定义 Azure Monitor for Key VaultCustomize Azure Monitor for Key Vault

本部分重点介绍编辑工作簿以自定义支持数据分析需求的常见方案:This section highlights common scenarios for editing the workbook to customize in support of your data analytics needs:

  • 将工作簿的作用域限定为始终选择特定订阅或密钥保管库Scope the workbook to always select a particular subscription or key vault(s)
  • 更改网格中的指标Change metrics in the grid
  • 更改请求阈值Change the requests threshold
  • 更改颜色渲染Change the color rendering

从顶部工具栏选择“自定义”按钮可启用编辑模式,以开始自定义。You can begin customizations by enabling the editing mode, by selecting the Customize button from the top toolbar.

“自定义”按钮的屏幕截图

自定义项保存到自定义工作簿,以防止覆盖已发布工作簿中的默认配置。Customizations are saved to a custom workbook to prevent overwriting the default configuration in our published workbook. 无论是在专用的“我的报表”部分,还是在有权访问资源组的任何用户均可访问的“共享报表”部分,工作簿都保存在某个资源组中。Workbooks are saved within a resource group, either in the My Reports section that is private to you or in the Shared Reports section that's accessible to everyone with access to the resource group. 保存自定义工作簿后,需要转到工作簿库来启动它。After you save the custom workbook, you need to go to the workbook gallery to launch it.

工作簿库的屏幕截图

指定订阅或密钥保管库Specifying a subscription or key vault

你可以将包含多个订阅和密钥保管库的“概览”或“故障”工作簿配置为在每次运行时作用于特定的订阅或密钥保管库,具体操作步骤如下:You can configure the multi-subscription and key vault Overview or Failures workbooks to scope to a particular subscription(s) or key vault(s) on every run, by performing the following steps:

  1. 从门户中选择“监视”,然后从左侧窗格中选择“密钥保管库(预览版)” 。Select Monitor from the portal and then select Key Vaults (preview) from the left-hand pane.
  2. 在“概览”工作簿上,从命令栏中选择“编辑” 。On the Overview workbook, from the command bar select Edit.
  3. 从“订阅”下拉列表中选择要用作默认订阅的一个或多个订阅。Select from the Subscriptions drop-down list one or more subscriptions you want yo use as the default. 请记住,工作簿最多支持选择 10 个订阅。Remember, the workbook supports selecting up to a total of 10 subscriptions.
  4. 从“密钥保管库”下拉列表中选择要用作默认帐户的一个或多个帐户。Select from the Key Vaults drop-down list one or more accounts you want it to use as the default. 请记住,工作簿最多支持选择 200 个存储帐户。Remember, the workbook supports selecting up to a total of 200 storage accounts.
  5. 从命令栏中选择“另存为”以使用你的自定义项保存工作簿的副本,然后单击“完成编辑”以返回到读取模式 。Select Save as from the command bar to save a copy of the workbook with your customizations, and then click Done editing to return to reading mode.

故障排除Troubleshooting

如需常规故障排除指南,请参阅专用的基于工作簿的见解故障排除文章For general troubleshooting guidance, refer to the dedicated workbook-based insights troubleshooting article.

本部分将帮助你诊断和排查在使用用于密钥保管库的 Azure Monitor(预览版)时可能会遇到的一些常见问题。This section will help you with the diagnosis and troubleshooting of some of the common issues you may encounter when using Azure Monitor for Key Vault (preview). 使用下面的列表来查找与具体问题相关的信息。Use the list below to locate the information relevant to your specific issue.

解决性能问题或故障Resolving performance issues or failures

要帮助解决使用用于密钥保管库的 Azure Monitor(预览版)标识的任何密钥保管库相关问题,请参阅 Azure 密钥保管库文档To help troubleshoot any key vault related issues you identify with Azure Monitor for Key Vault (preview), see the Azure Key Vault documentation.

为什么只能看到 200 个密钥保管库Why can I only see 200 key vaults

最多只能选择和查看 200 个密钥保管库。There is a limit of 200 key vaults that can be selected and viewed. 无论所选订阅数量是多少,所选密钥保管库的数目限制为 200。Regardless of the number of selected subscriptions, the number of selected key vaults has a limit of 200.

为什么在订阅选取器中看不到所有订阅Why don't I see all my subscriptions in the subscription picker

我们只显示从所选订阅筛选器中选择的包含密钥保管库的订阅,你可在 Azure 门户标头的“目录 + 订阅”中选择这些订阅。We only show subscriptions that contain key vaults, chosen from the selected subscription filter, which are selected in the "Directory + Subscription" in the Azure portal header.

订阅筛选器的屏幕截图

我收到一条错误消息,指出“查询超出了允许的最大工作区数/区域数”,现在该怎么办I am getting an error message that the "query exceeds the maximum number of workspaces/regions allowed", what to do now

目前,只能查询 25 个区域和 200 个工作区,要查看你的数据,需要减少订阅和/或资源组的数目。Currently, there is a limit to 25 regions and 200 workspaces, to view your data, you will need to reduce the number of subscriptions and/or resource groups.

我想要在 Key Vault Insights 中进行更改或添加更多可视化效果,如何执行此操作I want to make changes or add additional visualizations to Key Vault Insights, how do I do so

要进行更改,请选择“编辑模式”修改工作簿,然后可以将工作保存为绑定到指定订阅和资源组的新工作簿。To make changes, select the "Edit Mode" to modify the workbook, then you can save your work as a new workbook that is tied to a designated subscription and resource group.

固定工作簿的任何部分后,时间粒度是多少What is the time-grain once we pin any part of the Workbooks

我们使用“自动”时间粒度,因此,它取决于选择的时间范围。We utilize the "Auto" time grain, therefore it depends on what time range is selected.

固定工作簿的任何部分后,时间范围是多少What is the time range when any part of the workbook is pinned

时间范围将取决于面板设置。The time range will depend on the dashboard settings.

为何在“操作和延迟”部分下看不到我的 Key Vault 的任何数据Why do I not see any data for my Key Vault under the Operations & Latency sections

要查看基于日志的数据,需要为要监视的每个密钥保管库启用日志。To view your logs-based data, you will need to enable logs for each of the key vaults you want to monitor. 可在每个密钥保管库的诊断设置下完成此操作。This can be done under the diagnostic settings for each key vault. 需要将数据发送到指定的 Log Analytics 工作区。You will need to send your data to a designated Log Analytics workspace.

我已经为 Key Vault 启用了日志,为何在“操作和延迟”下仍看不到我的数据I have already enabled logs for my Key Vault, why am I still unable to see my data under Operations & Latency

目前,诊断日志无法追溯,只有在对密钥保管库执行了操作后,才会显示数据。Currently, diagnostic logs do not work retroactively, so the data will only start appearing once there have been actions taken to your key vaults. 因此,此操作可能需要一段时间(几小时到一天),具体取决于密钥保管库的活动情况。Therefore, it may take some time, ranging from hours to a day, depending on how active your key vault is.

此外,如果选择了大量的密钥保管库和订阅,则由于查询限制,可能无法查看数据。In addition, if you have a high number of key vaults and subscriptions selected, you may not be able to view your data due to query limitations. 要查看数据,可能需要减少所选订阅或密钥保管库的数目。In order to view your data, you may need to reduce the number of selected subscriptions or key vaults.

如果想要查看其他数据或生成自己的可视化效果,应该怎么做?What if I want to see other data or make my own visualizations? 如何对 Key Vault Insights 进行更改How can I make changes to the Key Vault Insights

可使用编辑模式来编辑现有工作簿,然后将工作保存为新的工作簿,该工作簿将包含所有新的更改。You can edit the existing workbook, through the use of the edit mode, and then save your work as a new workbook that will have all your new changes.

后续步骤Next steps

查看使用 Azure Monitor 工作簿创建交互式报表,了解工作簿旨在支持的方案、创作新报表和自定义现有报表的方式,以及更多信息。Learn the scenarios workbooks are designed to support, how to author new and customize existing reports, and more by reviewing Create interactive reports with Azure Monitor workbooks.