使用 Azure Monitor 日志进行容器组和实例日志记录Container group and instance logging with Azure Monitor logs

Log Analytics 工作区提供了一个集中的位置,用于存储和查询来自 Azure 资源、本地资源以及其他云中的资源的日志数据。Log Analytics workspaces provide a centralized location for storing and querying log data not only from Azure resources, but also on-premises resources and resources in other clouds. Azure 容器实例提供内置支持,支持将日志和事件数据发送到 Azure Monitor 日志。Azure Container Instances includes built-in support for sending logs and event data to Azure Monitor logs.

若要将容器组日志和事件数据发送到 Azure Monitor 日志,请在配置容器组时指定现有 Log Analytics 工作区 ID 和工作区密钥。To send container group log and event data to Azure Monitor logs, specify an existing Log Analytics workspace ID and workspace key when configuring a container group.

以下部分介绍如何创建启用了日志记录的容器组以及如何查询日志。The following sections describe how to create a logging-enabled container group and how to query logs. 还可以使用工作区 ID 和工作区密钥更新容器组以启用日志记录。You can also update a container group with a workspace ID and workspace key to enable logging.

备注

本文最近已更新,从使用术语“Log Analytics”改为使用术语“Azure Monitor 日志”。This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. 日志数据仍然存储在 Log Analytics 工作区中,并仍然由同一 Log Analytics 服务收集并分析。Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. 我们正在更新术语,以便更好地反映 Azure Monitor 中日志的角色。We are updating the terminology to better reflect the role of logs in Azure Monitor. 有关详细信息,请参阅 Azure Monitor 术语更改See Azure Monitor terminology changes for details.

备注

目前,只能将事件数据从 Linux 容器实例发送到 Log Analytics。Currently, you can only send event data from Linux container instances to Log Analytics.

先决条件Prerequisites

若要在容器实例中启用日志记录,需具备以下条件:To enable logging in your container instances, you need the following:

获取 Log Analytics 凭据Get Log Analytics credentials

Azure 容器实例需要权限才能向 Log Analytics 工作区发送数据。Azure Container Instances needs permission to send data to your Log Analytics workspace. 若要授予该权限并启用日志记录,必须在创建容器组时提供 Log Analytics 工作区 ID 和一个密钥(主密钥或辅助密钥)。To grant this permission and enable logging, you must provide the Log Analytics workspace ID and one of its keys (either primary or secondary) when you create the container group.

若要获取 Log Analytics 工作区 ID 和主密钥,请执行以下操作:To obtain the log analytics workspace ID and primary key:

  1. 在 Azure 门户中导航到 Log Analytics 工作区Navigate to your Log Analytics workspace in the Azure portal

  2. 在“设置”下,选择“高级设置” Under Settings, select Advanced settings

  3. 选择“连接的源” > “Linux 服务器” Select Connected Sources > Linux Servers

  4. 记下以下内容:Take note of:

    • 工作区 IDWORKSPACE ID
    • 主密钥PRIMARY KEY

创建容器组Create container group

有了 Log Analytics 工作区 ID 和主密钥以后,即可创建启用日志记录的容器组。Now that you have the log analytics workspace ID and primary key, you're ready to create a logging-enabled container group.

下面的示例演示了创建包含单个 fluentd 容器的容器组的两种方式:Azure CLI 和带有 YAML 模板的 Azure CLI。The following examples demonstrate two ways to create a container group that consists of a single fluentd container: Azure CLI, and Azure CLI with a YAML template. fluentd 容器在其默认配置中生成多行输出。The fluentd container produces several lines of output in its default configuration. 由于该输出发送到 Log Analytics 工作区,因此适用于演示如何查看和查询日志。Because this output is sent to your Log Analytics workspace, it works well for demonstrating the viewing and querying of logs.

使用 Azure CLI 进行部署Deploy with Azure CLI

若要使用 Azure CLI 进行部署,请在 az container create 命令中指定 --log-analytics-workspace--log-analytics-workspace-key 参数。To deploy with the Azure CLI, specify the --log-analytics-workspace and --log-analytics-workspace-key parameters in the az container create command. 在运行下面的命令之前,请将两个工作区值替换为在前面的步骤中获得的值(并更新资源组名称)。Replace the two workspace values with the values you obtained in the previous step (and update the resource group name) before running the following command.

az container create \
    --resource-group myResourceGroup \
    --name mycontainergroup001 \
    --image fluent/fluentd \
    --log-analytics-workspace <WORKSPACE_ID> \
    --log-analytics-workspace-key <WORKSPACE_KEY>

使用 YAML 进行部署Deploy with YAML

如果喜欢使用 YAML 部署容器组,请使用此方法。Use this method if you prefer to deploy container groups with YAML. 下面的 YAML 定义包含单个容器的容器组。The following YAML defines a container group with a single container. 将 YAML 复制到一个新文件中,然后将 LOG_ANALYTICS_WORKSPACE_IDLOG_ANALYTICS_WORKSPACE_KEY 替换为在前面的步骤中获得的值。Copy the YAML into a new file, then replace LOG_ANALYTICS_WORKSPACE_ID and LOG_ANALYTICS_WORKSPACE_KEY with the values you obtained in the previous step. 将该文件保存为 deploy-aci.yamlSave the file as deploy-aci.yaml.

apiVersion: 2018-10-01
location: chinaeast2
name: mycontainergroup001
properties:
  containers:
  - name: mycontainer001
    properties:
      environmentVariables: []
      image: fluent/fluentd
      ports: []
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
  osType: Linux
  restartPolicy: Always
  diagnostics:
    logAnalytics:
      workspaceId: LOG_ANALYTICS_WORKSPACE_ID
      workspaceKey: LOG_ANALYTICS_WORKSPACE_KEY
tags: null
type: Microsoft.ContainerInstance/containerGroups

接下来,执行下面的命令,以部署该容器组。Next, execute the following command to deploy the container group. myResourceGroup 替换为订阅中的资源组(或者先创建名为“myResourceGroup”的资源组):Replace myResourceGroup with a resource group in your subscription (or first create a resource group named "myResourceGroup"):

az container create --resource-group myResourceGroup --name mycontainergroup001 --file deploy-aci.yaml

在发出命令以后,很快就会收到来自 Azure 的响应,其中包含部署详细信息。You should receive a response from Azure containing deployment details shortly after issuing the command.

查看日志View logs

部署容器组以后,可能需要等待数分钟(最多 10 分钟),第一个日志条目才会显示在 Azure 门户中。After you've deployed the container group, it can take several minutes (up to 10) for the first log entries to appear in the Azure portal. 若要查看 ContainerInstanceLog_CL 表中的容器组日志,请执行以下操作:To view the container group's logs in the ContainerInstanceLog_CL table:

  1. 在 Azure 门户中导航到 Log Analytics 工作区Navigate to your Log Analytics workspace in the Azure portal
  2. 在“常规”下,选择“日志”Under General, select Logs
  3. 键入以下查询:ContainerInstanceLog_CL | limit 50Type the following query: ContainerInstanceLog_CL | limit 50
  4. 选择“运行”Select Run

此时应看到查询显示了多个结果。You should see several results displayed by the query. 如果起初没有看到任何结果,请等待几分钟,然后选择“运行”按钮,再次执行查询。If at first you don't see any results, wait a few minutes, then select the Run button to execute the query again. 默认情况下会以“表”的形式显示日志条目。By default, log entries are displayed in Table format. 然后即可展开某一行来查看单个日志条目的内容。You can then expand a row to see the contents of an individual log entry.

Azure 门户中的“日志搜索”结果

查看事件View events

还可以在 Azure 门户中查看容器实例的事件。You can also view events for container instances in the Azure portal. 事件包括实例的创建时间和启动时间。Events include the time the instance is created and when it is started. 若要查看 ContainerEvent_CL 表中的事件数据,请执行以下操作:To view the event data in the ContainerEvent_CL table:

  1. 在 Azure 门户中导航到 Log Analytics 工作区Navigate to your Log Analytics workspace in the Azure portal
  2. 在“常规”下,选择“日志”Under General, select Logs
  3. 键入以下查询:ContainerEvent_CL | limit 50Type the following query: ContainerEvent_CL | limit 50
  4. 选择“运行”Select Run

此时应看到查询显示了多个结果。You should see several results displayed by the query. 如果起初没有看到任何结果,请等待几分钟,然后选择“运行”按钮,再次执行查询。If at first you don't see any results, wait a few minutes, then select the Run button to execute the query again. 默认情况下会以“表”的形式显示条目。By default, entries are displayed in Table format. 然后即可展开某一行来查看单个条目的内容。You can then expand a row to see the contents of an individual entry.

Azure 门户中的“事件搜索”结果

查询容器日志Query container logs

Azure Monitor 日志包含全面的查询语言,用于从可能有数千行的日志输出中拉取信息。Azure Monitor logs includes an extensive query language for pulling information from potentially thousands of lines of log output.

查询的基本结构是一个源表(在本文中为 ContainerInstanceLog_CLContainerEvent_CL),后跟一系列以竖线字符 (|) 分隔的运算符。The basic structure of a query is the source table (in this article, ContainerInstanceLog_CL or ContainerEvent_CL) followed by a series of operators separated by the pipe character (|). 可以将多个运算符链接起来以优化结果和执行高级函数。You can chain several operators to refine the results and perform advanced functions.

若要查看示例查询结果,请将以下查询粘贴到查询文本框中,然后选择“运行”按钮以执行该查询。To see example query results, paste the following query into the query text box, and select the Run button to execute the query. 此查询显示其“消息”字段包含“warn”一词的所有日志条目:This query displays all log entries whose "Message" field contains the word "warn":

ContainerInstanceLog_CL
| where Message contains "warn"

此外还支持更复杂的查询。More complex queries are also supported. 例如,以下查询仅显示“mycontainergroup001”容器组在过去一小时生成的那些日志条目:For example, this query displays only those log entries for the "mycontainergroup001" container group generated within the last hour:

ContainerInstanceLog_CL
| where (ContainerGroup_s == "mycontainergroup001")
| where (TimeGenerated > ago(1h))

后续步骤Next steps

Azure Monitor 日志Azure Monitor logs

若要详细了解如何在 Azure Monitor 日志中查询日志和配置警报,请参阅:For more information about querying logs and configuring alerts in Azure Monitor logs, see:

监视容器 CPU 和内存Monitor container CPU and memory

若要了解如何监视容器实例 CPU 和内存资源,请参阅:For information about monitoring container instance CPU and memory resources, see: