Azure Monitor 日志专用群集Azure Monitor Logs Dedicated Clusters

Azure Monitor 日志专用群集是一个部署选项,可为 Azure Monitor 日志客户启用高级功能。Azure Monitor Logs Dedicated Clusters are a deployment option that enables advanced capabilities for Azure Monitor Logs customers. 具有专用群集的客户可以选择在这些群集上托管的工作区。Customers with dedicated clusters can choose the workspaces to be hosted on these clusters.

需要专用群集的功能包括:The capabilities that require dedicated clusters are:

  • 客户管理的密钥 - 使用由客户提供和控制的密钥对群集数据进行加密。Customer-managed Keys - Encrypt the cluster data using keys that are provided and controlled by the customer.
  • 多工作区 - - 如果客户使用多个工作区进行生产,则使用专用群集可能是合理的。Multi-workspace - If a customer is using more than one workspace for production it might make sense to use dedicated cluster. 如果所有工作区都在同一群集上,则“跨工作区”查询会运行更快。Cross-workspace queries will run faster if all workspaces are on the same cluster. 使用专用群集还可能更具成本效益,因为分配的产能预留层考虑了所有群集引入并应用于其所有工作区,即使其中一些工作区很小并且没有资格享受产能预留折扣。It might also be more cost effective to use dedicated cluster as the assigned capacity reservation tiers take into account all cluster ingestion and applies to all its workspaces, even if some of them are small and not eligible for capacity reservation discount.

专用群集要求客户使用每天至少 1 TB 的数据引入产能进行提交。Dedicated clusters require customers to commit using a capacity of at least 1 TB of data ingestion per day. 迁移到专用群集很简单。Migration to a dedicated cluster is simple. 无数据丢失或服务中断。There is no data loss or service interruption.

管理Management

专用群集通过表示 Azure Monitor 日志群集的 Azure 资源进行管理。Dedicated clusters are managed via an Azure resource that represents Azure Monitor Log clusters. 所有操作都是使用 PowerShell 或 REST API 在该资源上完成的。All operations are done on this resource using PowerShell or the REST API.

创建群集后,可以对其进行配置并将工作区链接到该群集。Once the cluster is created, it can be configured and workspaces linked to it. 当工作区链接到群集时,发送到工作区的新数据都将驻留在群集上。When a workspace is linked to a cluster, new data sent to the workspace resides on the cluster. 只有与群集位于同一区域中的工作区才能链接到群集。Only workspaces that are in the same region as the cluster can be linked to the cluster. 可从群集中取消工作区的链接,但有一些限制。Workspaces can be unliked from a cluster with some limitations. 本文将详细介绍这些限制。More detail on these limitations is included in this article.

引入到专用群集的数据进行两次加密 — 一次在服务级别使用 Microsoft 管理的密钥或客户管理的密钥,一次在基础结构级别使用两种不同的加密算法和两个不同的密钥。Data ingested to dedicated clusters is being encrypted twice — once at the service level using Microsoft-managed keys or customer-managed key, and once at the infrastructure level using two different encryption algorithms and two different keys.

群集级别的所有操作都需要群集上的 Microsoft.OperationalInsights/clusters/write 操作权限。All operations on the cluster level require the Microsoft.OperationalInsights/clusters/write action permission on the cluster. 可以通过包含 */write 操作的所有者或参与者或包含 Microsoft.OperationalInsights/* 操作的 Log Analytics 参与者角色授予此权限。This permission could be granted via the Owner or Contributor that contains the */write action or via the Log Analytics Contributor role that contains the Microsoft.OperationalInsights/* action. 有关 Log Analytics 权限的更多信息,请参阅管理对 Azure Monitor 中的日志数据和工作区的访问For more information on Log Analytics permissions, see Manage access to log data and workspaces in Azure Monitor.

群集定价模型Cluster pricing model

Log Analytics 专用群集使用产能预留定价模型,该模型至少为 1000 GB/天。Log Analytics Dedicated Clusters use a Capacity Reservation pricing model which of at least 1000 GB/day. 将按即用即付费率对超出预留级别的任何使用量进行计费。Any usage above the reservation level will be billed at the Pay-As-You-Go rate. 有关产能预留的定价信息,请参阅 Azure Monitor 定价页Capacity Reservation pricing information is available at the Azure Monitor pricing page.

群集产能预留级别将使用 Sku 下的 Capacity 参数以编程方式通过 Azure 资源管理器进行配置。The cluster capacity reservation level is configured via programmatically with Azure Resource Manager using the Capacity parameter under Sku. Capacity 指定 GB 为单位,并且值可以为 1000 GB/天或更大,增量为 100 GB/天。The Capacity is specified in units of GB and can have values of 1000 GB/day or more in increments of 100 GB/day.

对于群集上的使用情况,有两种计费模式。There are two modes of billing for usage on a cluster. 配置群集时,可通过 billingType 参数指定这些计费模式。These can be specified by the billingType parameter when configuring your cluster.

  1. 群集:在此情况下(其为默认情况),引入数据的计费在群集级别完成。Cluster: in this case (which is the default), billing for ingested data is done at the cluster level. 每个与群集关联的工作区中的引入数据数量将进行聚合,以计算该群集的每日帐单。The ingested data quantities from each workspace associated to a cluster are aggregated to calculate the daily bill for the cluster.

  2. 工作区:群集的产能预留成本按比例分配给群集中的工作区(在考虑了为每个工作区从 Azure 安全中心进行每节点分配之后。)Workspaces: the Capacity Reservation costs for your Cluster are attributed proportionately to the workspaces in the Cluster (after accounting for per-node allocations from Azure Security Center for each workspace.)

如果工作区使用旧的每节点定价层,则当其链接到群集时,它将根据群集的产能预留引入到的数据来计费,而不再是按节点计费。If your workspace is using legacy Per Node pricing tier, when it is linked to a cluster it will be billed based on data ingested against the cluster’s Capacity Reservation, and no longer per node. 将继续应用来自 Azure 安全中心的每节点数据分配。Per node data allocations from Azure Security Center will continue to be applied.

有关 Log Analytics 专用群集的计费的详细信息,请参阅此处More details are billing for Log Analytics dedicated clusters are available here.

异步操作和状态检查Asynchronous operations and status check

某些配置步骤是异步运行的,因为它们无法快速完成。Some of the configuration steps run asynchronously because they can't be completed quickly. 响应中的状态可能包含以下项之一:“InProgress”、“Updating”、“Deleting”、“Succeeded”或“Failed”,包括错误代码。The status in response contains can be one of the followings: 'InProgress', 'Updating', 'Deleting', 'Succeeded or 'Failed' including the error code. 使用 REST 时,响应最初返回 HTTP 状态代码 202(已接受)和包含 Azure-AsyncOperation 属性的标头:When using REST, the response initially returns an HTTP status code 202 (Accepted) and header with Azure-AsyncOperation property:

"Azure-AsyncOperation": "https://management.chinacloudapi.cn/subscriptions/subscription-id/providers/Microsoft.OperationalInsights/locations/region-name/operationStatuses/operation-id?api-version=2020-08-01"

若要查看异步操作的状态,请向 Azure-AsyncOperation 标头值发送 GET 请求:You can check the status of the asynchronous operation by sending a GET request to the Azure-AsyncOperation header value:

GET https://management.chinacloudapi.cn/subscriptions/subscription-id/providers/microsoft.operationalInsights/locations/region-name/operationstatuses/operation-id?api-version=2020-08-01
Authorization: Bearer <token>

创建群集Creating a cluster

首先创建群集资源以开始创建专用群集。You first create cluster resources to begin creating a dedicated cluster.

必须指定以下属性:The following properties must be specified:

  • ClusterName:用于管理目的。ClusterName: Used for administrative purposes. 不会向用户公开此名称。Users are not exposed to this name.
  • ResourceGroupName:对于任何 Azure 资源,群集都属于一个资源组。ResourceGroupName: As for any Azure resource, clusters belong to a resource group. 建议使用中心 IT 资源组,因为群集通常由组织中的许多团队共享。We recommended you use a central IT resource group because clusters are usually shared by many teams in the organization. 有关更多设计注意事项,请查看设计 Azure Monitor 日志部署For more design considerations, review Designing your Azure Monitor Logs deployment
  • 位置:群集位于特定的 Azure 区域中。Location: A cluster is located in a specific Azure region. 只有位于此区域中的工作区才能链接到此群集。Only workspaces located in this region can be linked to this cluster.
  • SkuCapacity:创建群集资源时,必须指定产能预留级别 (SKU) 。SkuCapacity: You must specify the capacity reservation level (sku) when creating a cluster resource. 产能预留级别可以在每天 1000 GB 到 3000 GB 之间。The capacity reservation level can be in the range of 1,000 GB to 3,000 GB per day. 如果需要,你可以在以后按 100 进行增减。You can update it in steps of 100 later if needed. 如果你需要高于每天 3000 GB 的产能预留级别,请通过 LAIngestionRate@microsoft.com 与我们联系。If you need capacity reservation level higher than 3,000 GB per day, contact us at LAIngestionRate@microsoft.com. 有关群集成本的更多信息,请参阅管理 Log Analytics 群集的成本For more information on cluster costs, see Manage Costs for Log Analytics clusters

创建群集资源后,可以编辑其他属性,如 sku、keyVaultProperties 或 billingType 。After you create your Cluster resource, you can edit additional properties such as sku, *keyVaultProperties, or billingType. 参阅下面的更多详细信息。See more details below.

每个区域每个订阅最多可以有 2 个活动群集。You can have up to 2 active clusters per subscription per region. 如果删除群集,该群集将仍保留 14 天。If cluster is deleted, it is still reserved for 14 days. 每个区域每个订阅最多可以有 4 个保留群集(活动或最近删除的群集)。You can have up to 4 reserved clusters per subscription per region (active or recently deleted).

警告

创建群集会触发资源分配和预配。Cluster creation triggers resource allocation and provisioning. 此操作可能需要几个小时才能完成。This operation can take a few hours to complete. 建议以异步方式运行。It is recommended to run it asynchronously.

创建群集的用户帐户必须具有以下标准 Azure 资源创建权限:Microsoft.Resources/deployments/* 和群集写入权限 Microsoft.OperationalInsights/clusters/write,可通过在其角色分配中添加此特定操作或 Microsoft.OperationalInsights/**/write 获得这些权限。The user account that creates the clusters must have the standard Azure resource creation permission: Microsoft.Resources/deployments/* and cluster write permission Microsoft.OperationalInsights/clusters/write by having in their role assignments this specific action or Microsoft.OperationalInsights/* or */write.

创建Create

PowerShellPowerShell

New-AzOperationalInsightsCluster -ResourceGroupName {resource-group-name} -ClusterName {cluster-name} -Location {region-name} -SkuCapacity {daily-ingestion-gigabyte} -AsJob

# Check when the job is done
Get-Job -Command "New-AzOperationalInsightsCluster*" | Format-List -Property *

RESTREST

调用Call

PUT https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-08-01
Authorization: Bearer <token>
Content-type: application/json

{
  "identity": {
    "type": "systemAssigned"
    },
  "sku": {
    "name": "capacityReservation",
    "Capacity": 1000
    },
  "properties": {
    "billingType": "cluster",
    },
  "location": "<region-name>",
}

响应Response

应为 202(已接受)和一个标头。Should be 202 (Accepted) and a header.

检查群集预配状态Check cluster provisioning status

Log Analytics 群集的预配需要一段时间才能完成。The provisioning of the Log Analytics cluster takes a while to complete. 可以通过多种方式检查预配状态:You can check the provisioning state in several ways:

  • 使用资源组名称运行 Get-AzOperationalInsightsCluster PowerShell 命令,并检查 ProvisioningState 属性。Run Get-AzOperationalInsightsCluster PowerShell command with the resource group name and check the ProvisioningState property. 预配进行时此值是 ProvisioningAccount,预配完成后是 Succeeded 。The value is ProvisioningAccount while provisioning and Succeeded when completed.

    New-AzOperationalInsightsCluster -ResourceGroupName {resource-group-name} 
    
  • 从响应中复制 Azure-AsyncOperation URL 值,并进行异步操作状态检查。Copy the Azure-AsyncOperation URL value from the response and follow the asynchronous operations status check.

  • 在群集资源上发送 GET 请求,然后查看 provisioningState 值 。Send a GET request on the Cluster resource and look at the provisioningState value. 预配进行时此值是 ProvisioningAccount,预配完成后是 Succeeded 。The value is ProvisioningAccount while provisioning and Succeeded when completed.

    GET https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-08-01
    Authorization: Bearer <token>
    

    响应Response

    {
       "identity": {
         "type": "SystemAssigned",
         "tenantId": "tenant-id",
         "principalId": "principal-id"
         },
       "sku": {
         "name": "capacityReservation",
         "capacity": 1000,
         "lastSkuUpdate": "Sun, 22 Mar 2020 15:39:29 GMT"
         },
       "properties": {
         "provisioningState": "ProvisioningAccount",
         "billingType": "cluster",
         "clusterId": "cluster-id"
         },
       "id": "/subscriptions/subscription-id/resourceGroups/resource-group-name/providers/Microsoft.OperationalInsights/clusters/cluster-name",
       "name": "cluster-name",
       "type": "Microsoft.OperationalInsights/clusters",
       "location": "region-name"
    }
    

“principalId”GUID 是托管标识服务为群集资源生成的 。The principalId GUID is generated by the managed identity service for the Cluster resource.

当工作区链接到专用群集时,引入到工作区的新数据将路由到新群集,而现有数据仍保留在现有群集上。When a workspace is linked to a dedicated cluster, new data that is ingested into the workspace is routed to the new cluster while existing data remains on the existing cluster. 如果使用客户管理的密钥 (CMK) 加密专用群集,则只有新数据使用该密钥进行加密。If the dedicated cluster is encrypted using customer-managed keys (CMK), only new data is encrypted with the key. 当系统在后端执行跨群集查询时,系统从用户中抽象出这种差异,用户像往常一样只查询工作区。The system is abstracting this difference from the users and the users just query the workspace as usual while the system performs cross-cluster queries on the backend.

一个群集最多可以链接到 100 个工作区。A cluster can be linked to up to 100 workspaces. 链接的工作区与群集位于同一区域。Linked workspaces are located in the same region as the cluster. 若要保护系统后端并避免数据碎片化,一个工作区每月链接到群集的次数不能超过两次。To protect the system backend and avoid fragmentation of data, a workspace can’t be linked to a cluster more than twice a month.

若要执行链接操作,需要同时具有对工作区和群集资源的“写入”权限:To perform the link operation, you need to have 'write' permissions to both the workspace and the cluster resource:

  • 在工作区中:Microsoft.OperationalInsights/workspaces/writeIn the workspace: Microsoft.OperationalInsights/workspaces/write
  • 在群集资源中:Microsoft.OperationalInsights/clusters/writeIn the cluster resource: Microsoft.OperationalInsights/clusters/write

除了计费方面,链接的工作区还会保留自己的设置,例如数据保留的长度。Other than the billing aspects, the linked workspace keeps its own settings such as the length of data retention. 工作区和群集可以位于不同的订阅中。The workspace and the cluster can be in different subscriptions.

与任何群集操作一样,只有在完成 Log Analytics 群集配置之后才能执行工作区链接。As any cluster operation, linking a workspace can be performed only after the completion of the Log Analytics cluster provisioning.

警告

将工作区链接到群集需要同步多个后端组件并确保缓存合成。Linking a workspace to a cluster requires syncing multiple backend components and assuring cache hydration. 此操作可能需要两个小时才能完成。This operation may take up to two hours to complete. 建议以异步方式运行。We recommended you run it asynchronously.

PowerShellPowerShell

使用以下 PowerShell 命令链接到群集:Use the following PowerShell command to link to a cluster:

# Find cluster resource ID
$clusterResourceId = (Get-AzOperationalInsightsCluster -ResourceGroupName {resource-group-name} -ClusterName {cluster-name}).id

# Link the workspace to the cluster
Set-AzOperationalInsightsLinkedService -ResourceGroupName {resource-group-name} -WorkspaceName {workspace-name} -LinkedServiceName cluster -WriteAccessResourceId $clusterResourceId -AsJob

# Check when the job is done
Get-Job -Command "Set-AzOperationalInsightsLinkedService" | Format-List -Property *

RESTREST

使用以下 REST 调用链接到群集:Use the following REST call to link to a cluster:

发送Send

PUT https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/microsoft.operationalinsights/workspaces/<workspace-name>/linkedservices/cluster?api-version=2020-08-01 
Authorization: Bearer <token>
Content-type: application/json

{
  "properties": {
    "WriteAccessResourceId": "/subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/microsoft.operationalinsights/clusters/<cluster-name>"
    }
}

响应Response

202(已接受)和标头。202 (Accepted) and header.

如果使用客户管理的密钥,完成关联操作后,引入的数据会使用托管密钥进行加密存储,这可能需要长达 90 分钟才能完成。If you use customer-managed keys, ingested data is stored encrypted with your managed key after the association operation, which can take up to 90 minutes to complete.

可以通过两种方式检查工作区关联状态:You can check the workspace association state in two ways:

  • 从响应中复制 Azure-AsyncOperation URL 值,并进行异步操作状态检查。Copy the Azure-AsyncOperation URL value from the response and follow the asynchronous operations status check.

  • 对工作区执行 Get 操作,并观察功能下的响应中是否存在 clusterResourceId 属性 。Perform Get operation on the workspace and observe if clusterResourceId property is present in the response under features.

CLICLI

az monitor log-analytics cluster show --resource-group "resource-group-name" --name "cluster-name"

PowerShellPowerShell

Get-AzOperationalInsightsWorkspace -ResourceGroupName "resource-group-name" -Name "workspace-name"

RESTREST

调用Call

GET https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/microsoft.operationalinsights/workspaces/<workspace-name>?api-version=2020-08-01
Authorization: Bearer <token>

响应Response

{
  "properties": {
    "source": "Azure",
    "customerId": "workspace-name",
    "provisioningState": "Succeeded",
    "sku": {
      "name": "pricing-tier-name",
      "lastSkuUpdate": "Tue, 28 Jan 2020 12:26:30 GMT"
    },
    "retentionInDays": 31,
    "features": {
      "legacy": 0,
      "searchVersion": 1,
      "enableLogAccessUsingOnlyResourcePermissions": true,
      "clusterResourceId": "/subscriptions/subscription-id/resourceGroups/resource-group-name/providers/Microsoft.OperationalInsights/clusters/cluster-name"
    },
    "workspaceCapping": {
      "dailyQuotaGb": -1.0,
      "quotaNextResetTime": "Tue, 28 Jan 2020 14:00:00 GMT",
      "dataIngestionStatus": "RespectQuota"
    }
  },
  "id": "/subscriptions/subscription-id/resourcegroups/resource-group-name/providers/microsoft.operationalinsights/workspaces/workspace-name",
  "name": "workspace-name",
  "type": "Microsoft.OperationalInsights/workspaces",
  "location": "region-name"
}

更改群集属性Change cluster properties

创建群集资源并对其进行完全预配后,可以使用 PowerShell 或 REST API 在群集级别编辑其他属性。After you create your Cluster resource and it is fully provisioned, you can edit additional properties at the cluster level using PowerShell or REST API. 除了在群集创建过程中可用的属性外,便只能在预配群集后设置其他属性:Other than the properties that are available during cluster creation, additional properties can only be set after the cluster has been provisioned:

  • keyVaultProperties - 更新 Azure Key Vault 中的密钥。keyVaultProperties - Updates the key in Azure Key Vault. 请参阅为群集更新密钥标识符详细信息See Update cluster with Key identifier details. 它包含以下参数:KeyVaultUri、KeyName、KeyVersion 。It contains the following parameters: KeyVaultUri, KeyName, KeyVersion.
  • billingType - billingType 属性可确定群集资源及其数据的计费归属 :billingType - The billingType property determines the billing attribution for the cluster resource and its data:
    • 群集(默认)- 群集的产能预留成本归因于群集资源。Cluster (default) - The Capacity Reservation costs for your Cluster are attributed to the Cluster resource.
    • 工作区 - 群集的产能预留成本按比例分配给群集中的工作区,如果当天引入的总数据在产能预留之下,则会对群集资源的一些使用进行收费。Workspaces - The Capacity Reservation costs for your Cluster are attributed proportionately to the workspaces in the Cluster, with the Cluster resource being billed some of the usage if the total ingested data for the day is under the Capacity Reservation. 请参阅 Log Analytics 专用群集以了解有关群集定价模型的更多信息。See Log Analytics Dedicated Clusters to learn more about the Cluster pricing model.

备注

PowerShell 不支持 billingType 属性。The billingType property is not supported in PowerShell.

获取资源组中的所有群集Get all clusters in resource group

CLICLI

az monitor log-analytics cluster list --resource-group "resource-group-name"

PowerShellPowerShell

Get-AzOperationalInsightsCluster -ResourceGroupName "resource-group-name"

RESTREST

调用Call

GET https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourcegroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters?api-version=2020-08-01
Authorization: Bearer <token>

响应Response

{
  "value": [
    {
      "identity": {
        "type": "SystemAssigned",
        "tenantId": "tenant-id",
        "principalId": "principal-Id"
      },
      "sku": {
        "name": "capacityReservation",
        "capacity": 1000,
        "lastSkuUpdate": "Sun, 22 Mar 2020 15:39:29 GMT"
        },
      "properties": {
         "keyVaultProperties": {
            "keyVaultUri": "https://key-vault-name.vault.azure.cn",
            "keyName": "key-name",
            "keyVersion": "current-version"
            },
        "provisioningState": "Succeeded",
        "billingType": "cluster",
        "clusterId": "cluster-id"
      },
      "id": "/subscriptions/subscription-id/resourcegroups/resource-group-name/providers/microsoft.operationalinsights/workspaces/workspace-name",
      "name": "cluster-name",
      "type": "Microsoft.OperationalInsights/clusters",
      "location": "region-name"
    }
  ]
}

获取订阅中的所有群集Get all clusters in subscription

CLICLI

az monitor log-analytics cluster list

PowerShellPowerShell

Get-AzOperationalInsightsCluster

RESTREST

调用Call

GET https://management.chinacloudapi.cn/subscriptions/<subscription-id>/providers/Microsoft.OperationalInsights/clusters?api-version=2020-08-01
Authorization: Bearer <token>

响应Response

与“资源组的群集”相同,但在订阅范围内。The same as for 'clusters in a resource group', but in subscription scope.

更新群集中的容量预留Update capacity reservation in cluster

链接工作区的数据量随时间变化时,建议适当地更新容量预留级别。When the data volume to your linked workspaces change over time and you want to update the capacity reservation level appropriately. 容量以 GB 为单位,并且值可以为 1000 GB/天或更大,增量为 100 GB/天。The Capacity is specified in units of GB and can have values of 1000 GB/day or more in increments of 100 GB/day. 请注意,无需提供完整的 REST 请求正文,但应包含 sku。Note that you don’t have to provide the full REST request body but should include the sku.

CLICLI

az monitor log-analytics cluster update --name "cluster-name" --resource-group "resource-group-name" --sku-capacity 1000

PowerShellPowerShell

Update-AzOperationalInsightsCluster -ResourceGroupName "resource-group-name" -ClusterName "cluster-name" -SkuCapacity 1000

RESTREST

调用Call

PATCH https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-08-01
Authorization: Bearer <token>
Content-type: application/json

{
  "sku": {
    "name": "capacityReservation",
    "Capacity": 2000
  }
}

更新群集中的 billingTypeUpdate billingType in cluster

billingType 属性可确定群集及其数据的计费归属:The billingType property determines the billing attribution for the cluster and its data:

  • 群集(默认)-- 计费归属于承载群集资源的订阅cluster (default) -- The billing is attributed to the subscription hosting your Cluster resource
  • 工作区 -- 计费按比例归属于承载工作区的订阅workspaces -- The billing is attributed to the subscriptions hosting your workspaces proportionally

RESTREST

调用Call

PATCH https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-08-01
Authorization: Bearer <token>
Content-type: application/json

{
  "properties": {
    "billingType": "cluster",
    }  
}

你可以从群集中取消与工作区的链接。You can unlink a workspace from a cluster. 从群集取消工作区的链接后,与此工作区相关联的新数据不会发送到专用群集。After unlinking a workspace from the cluster, new data associated with this workspace is not sent to the dedicated cluster. 此外,工作区计费不再通过群集完成。Also, the workspace billing is no longer done via the cluster. 未取消链接的工作区的旧数据可能还保留在群集上。Old data of the unlinked workspace might be left on the cluster. 如果使用客户管理的密钥 (CMK) 加密此数据,则保留 Key Vault 机密。If this data is encrypted using customer-managed keys (CMK), the Key Vault secrets are kept. 该系统从 Log Analytics 用户中提取此更改。The system is abstracts this change from Log Analytics users. 用户可以像往常一样查询工作区。Users can just query the workspace as usual. 系统根据需要在后端执行跨群集查询,无需获得用户的指示。The system performs cross-cluster queries on the backend as needed with no indication to users.

警告

一个月内特定工作区的链接操作限制为两次。There is a limit of two linking operations for a specific workspace within a month. 花时间考虑并相应地计划取消链接的操作。Take time to consider and plan unlinking actions accordingly.

CLICLI

az monitor log-analytics workspace linked-service delete --resource-group "resource-group-name" --workspace-name "MyWorkspace" --name cluster

PowerShellPowerShell

使用以下 PowerShell 命令来从群集取消链接工作区:Use the following PowerShell command to unlink a workspace from cluster:

# Unlink a workspace from cluster
Remove-AzOperationalInsightsLinkedService -ResourceGroupName {resource-group-name} -WorkspaceName {workspace-name} -LinkedServiceName cluster

删除群集Delete cluster

可以删除专用群集资源。A dedicated cluster resource can be deleted. 删除群集之前,必须取消所有工作区与群集的链接。You must unlink all workspaces from the cluster before deleting it. 你需要对群集资源具有“写入”权限才能执行此操作。You need 'write' permissions on the Cluster resource to perform this operation.

删除群集资源后,物理群集将进入清除和删除过程。Once the cluster resource is deleted, the physical cluster enters a purge and deletion process. 删除群集将删除存储在群集上的所有数据。Deletion of a cluster deletes all the data that was stored on the cluster. 数据可能来自过去链接到群集的工作区。The data could be from workspaces that were linked to the cluster in the past.

过去 14 天内删除的群集资源处于软删除状态,因此该群集资源及其数据均可恢复。A Cluster resource that was deleted in the last 14 days is in soft-delete state and can be recovered with its data. 由于删除群集资源后所有工作区均与群集资源解除了关联,因此需要在恢复之后重新关联工作区 。Since all workspaces got disassociated from the Cluster resource with Cluster resource deletion, you need to re-associate your workspaces after the recovery. 用户无法执行恢复操作,请与 Microsoft 渠道或支持人员联系以获取恢复请求。The recovery operation cannot be performed by the user contact your Microsoft channel or support for recovery requests.

删除后 14 天内,群集资源名称被保留,不能被其他资源使用。Within the 14 days after deletion, the cluster resource name is reserved and cannot be used by other resources.

警告

每个订阅的群集限制为三个。There is a limit of three clusters per subscription. 活动群集和软删除群集均计入其中。Both active and soft-deleted clusters are counted as part of this. 客户不应创建用于创建和删除群集的循环过程。Customers should not create recurrent procedures that create and delete clusters. 它对 Log Analytics 后端系统有重大影响。It has a significant impact on Log Analytics backend systems.

PowerShellPowerShell

使用以下 PowerShell 命令来删除群集:Use the following PowerShell command to delete a cluster:

Remove-AzOperationalInsightsCluster -ResourceGroupName "resource-group-name" -ClusterName "cluster-name"

RESTREST

使用以下 REST 调用来删除群集:Use the following REST call to delete a cluster:

DELETE https://management.chinacloudapi.cn/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2020-08-01
Authorization: Bearer <token>

响应Response

200 正常200 OK

限制和约束Limits and constraints

  • 每个区域和每个订阅的活动群集的最大数目为 2The max number of active clusters per region and subscription is 2

  • 每个区域和每个订阅的保留群集(活动或最近删除)的最大数目为 4The max number of reserved clusters (active or recently deleted) per region and subscription is 4

  • 与群集链接的工作区的最大数目为 1000The maximum of linked workspaces to cluster is 1000

  • 你可以将工作区链接到群集,然后将其取消链接。You can link a workspace to your cluster and then unlink it. 在 30 天内,工作区与特定工作区的链接数限制为 2。The number of workspace link operations on particular workspace is limited to 2 in a period of 30 days.

  • 目前不支持将群集移动到另一个资源组或订阅。Cluster move to another resource group or subscription isn't supported currently.

疑难解答Troubleshooting

  • 如果创建群集时出现冲突错误,原因可能是你在过去 14 天内删除了群集,并且它处于软删除状态。If you get conflict error when creating a cluster - it may be that you have deleted your cluster in the last 14 days and it’s in a soft-delete state. 软删除期间,群集名称保持为预留,并且无法新建同名群集。The cluster name remains reserved during the soft-delete period and you can't create a new cluster with that name. 永久删除群集时,名称将在软删除期结束后释放。The name is released after the soft-delete period when the cluster is permanently deleted.

  • 如果在群集处于预配或更新状态时对其进行更新,则更新将失败。If you update your cluster while the cluster is at provisioning or updating state, the update will fail.

  • 部分操作较为耗时,可能需要一段时间才能完成 - 包括群集创建、群集密钥更新和群集删除。Some operations are long and can take a while to complete -- these are cluster create, cluster key update and cluster delete. 可以通过两种方式检查操作状态:You can check the operation status in two ways:

    • 使用 REST 时,从响应中复制 Azure-AsyncOperation URL 值,并进行异步操作状态检查When using REST, copy the Azure-AsyncOperation URL value from the response and follow the asynchronous operations status check.
    • 将 GET 请求发送到群集或工作区,然后观察响应。Send GET request to cluster or workspace and observe the response. 例如,未链接的工作区在“功能”下没有 clusterResourceId 。For example, unlinked workspace won't have the clusterResourceId under features.
  • 将工作区链接到群集时,如果是链接到其他群集,则链接会失败。Workspace link to cluster will fail if it is linked to another cluster.

  • 错误消息Error messages

    群集创建:Cluster Create:

    • 400 -- 群集名称无效。400 -- Cluster name is not valid. 群集名称可包含字符 a-z、A-Z、0-9,且长度为 3-63。Cluster name can contain characters a-z, A-Z, 0-9 and length of 3-63.
    • 400 -- 请求的正文为 Null 或格式错误。400 -- The body of the request is null or in bad format.
    • 400 -- SKU 名称无效。400 -- SKU name is invalid. 将 SKU 名称设置为 CapacityReservation。Set SKU name to capacityReservation.
    • 400 -- 提供了容量,但 SKU 不是 capacityReservation。400 -- Capacity was provided but SKU is not capacityReservation. 将 SKU 名称设置为 CapacityReservation。Set SKU name to capacityReservation.
    • 400 -- SKU 容量不足。400 -- Missing Capacity in SKU. 将“容量”值设置为 1000 或更高(以 100 (GB) 为度)。Set Capacity value to 1000 or higher in steps of 100 (GB).
    • 400 -- SKU 中的容量不在范围内。400 -- Capacity in SKU is not in range. 应介于 1000 到最大允许容量之间,最大允许容量可在工作区中的“用量和预估成本”下找到。Should be minimum 1000 and up to the max allowed capacity which is available under ‘Usage and estimated cost’ in your workspace.
    • 400 -- 容量锁定 30 天。400 -- Capacity is locked for 30 days. 更新后 30 天内允许减少容量。Decreasing capacity is permitted 30 days after update.
    • 400 -- 未设置 SKU。400 -- No SKU was set. 将 SKU 名称设置为 CapacityReservation,将“容量”值设置为 1000 或更高(以 100 (GB) 为增加幅度)。Set the SKU name to capacityReservation and Capacity value to 1000 or higher in steps of 100 (GB).
    • 400 -- 标识为 Null 或为空。400 -- Identity is null or empty. 设置具有 systemAssigned 类型的标识。Set Identity with systemAssigned type.
    • 400 -- KeyVaultProperty 是创建时设置的。400 -- KeyVaultProperties are set on creation. 创建群集后更新 KeyVaultProperties。Update KeyVaultProperties after cluster creation.
    • 400 -- 现在无法执行操作。400 -- Operation cannot be executed now. 异步操作处于非成功状态。Async operation is in a state other than succeeded. 群集必须完成其操作,才能执行任意更新操作。Cluster must complete its operation before any update operation is performed.

    群集更新Cluster Update

    • 400 -- 群集处于正在删除状态。400 -- Cluster is in deleting state. 正在执行异步操作。Async operation is in progress . 群集必须完成其操作,才能执行任意更新操作。Cluster must complete its operation before any update operation is performed.
    • 400 -- KeyVaultProperties 不为空,但格式错误。400 -- KeyVaultProperties is not empty but has a bad format. 请参阅密钥标识符更新See key identifier update.
    • 400 -- 无法验证 Key Vault 中的密钥。400 -- Failed to validate key in Key Vault. 可能是由于权限不足或密钥不存在。Could be due to lack of permissions or when key doesn’t exist. 验证是否在 Key Vault 中设置密钥和访问策略Verify that you set key and access policy in Key Vault.
    • 400 -- 密钥不可恢复。400 -- Key is not recoverable. Key Vault 必须设置为“软删除”和“清除保护”。Key Vault must be set to Soft-delete and Purge-protection. 请参阅 Key Vault 文档See Key Vault documentation
    • 400 -- 现在无法执行操作。400 -- Operation cannot be executed now. 等待异步操作完成,然后重试。Wait for the Async operation to complete and try again.
    • 400 -- 群集处于正在删除状态。400 -- Cluster is in deleting state. 等待异步操作完成,然后重试。Wait for the Async operation to complete and try again.

    群集获取:Cluster Get:

    • 404 -- 找不到群集,群集可能已删除。404 -- Cluster not found, the cluster may have been deleted. 如果尝试使用该名称创建群集但发生冲突,则该群集将处于软删除状态,为期 14 天。If you try to create a cluster with that name and get conflict, the cluster is in soft-delete for 14 days. 可以联系支持人员将其恢复,也可以使用其他名称创建新群集。You can contact support to recover it, or use another name to create a new cluster.

    群集删除Cluster Delete

    • 409 -- 处于预配状态时无法删除群集。409 -- Can't delete a cluster while in provisioning state. 等待异步操作完成,然后重试。Wait for the Async operation to complete and try again.

    工作区链接:Workspace link:

    • 404 -- 找不到工作区。404 -- Workspace not found. 指定的工作区不存在或已被删除。The workspace you specified doesn’t exist or was deleted.
    • 409 -- 正在执行工作区链接或取消链接操作。409 -- Workspace link or unlink operation in process.
    • 400 -- 找不到群集,指定的群集不存在或已被删除。400 -- Cluster not found, the cluster you specified doesn’t exist or was deleted. 如果尝试使用该名称创建群集但发生冲突,则该群集将处于软删除状态,为期 14 天。If you try to create a cluster with that name and get conflict, the cluster is in soft-delete for 14 days. 可以联系支持人员将其恢复。You can contact support to recover it.

    工作区取消链接:Workspace unlink:

    • 404 -- 找不到工作区。404 -- Workspace not found. 指定的工作区不存在或已被删除。The workspace you specified doesn’t exist or was deleted.
    • 409 -- 正在执行工作区链接或取消链接操作。409 -- Workspace link or unlink operation in process.

后续步骤Next steps