-### Scale the storage limit for PostgreSQL server

-Our system shows that the server might be constrained because it is approaching limits for the currently provisioned storage values. Approaching the storage limits might result in degraded performance or in the server being moved to read-only mode. To ensure continued performance, we recommend increasing the provisioned storage amount or turning ON the "Auto-Growth" feature for automatic storage increases

-Learn more about [PostgreSQL server - OrcasPostgreSqlStorageLimit (Scale the storage limit for PostgreSQL server)](https://aka.ms/postgresqlstoragelimits).

-### Scale the PostgreSQL server to higher SKU

-Our system shows that the server might be unable to support the connection requests because of the maximum supported connections for the given SKU, which might result in a large number of failed connections requests adversely affecting performance. To improve performance, we recommend moving to higher memory SKU by increasing vCore or switching to Memory-Optimized SKUs.

-Learn more about [PostgreSQL server - OrcasPostgreSqlConcurrentConnection (Scale the PostgreSQL server to higher SKU)](https://aka.ms/postgresqlconnectionlimits).

-### Move your PostgreSQL server to Memory Optimized SKU

-Our system shows that there is high churn in the buffer pool for this server which can result in slower query performance and increased IOPS. To improve performance, review your workload queries to identify opportunities to minimize memory consumed. If no such opportunity found, then we recommend moving to higher SKU with more memory or increase storage size to get more IOPS.

-Learn more about [PostgreSQL server - OrcasPostgreSqlMemoryCache (Move your PostgreSQL server to Memory Optimized SKU)](https://aka.ms/postgresqlpricing).

-### Add a PostgreSQL Read Replica server

-Our system shows that you might have a read intensive workload running, which results in resource contention for this server. Resource contention can lead to slow query performance for the server. To improve performance, we recommend you add a read replica, and offload some of your read workloads to the replica.

-Learn more about [PostgreSQL server - OrcasPostgreSqlReadReplica (Add a PostgreSQL Read Replica server)](https://aka.ms/postgresqlreadreplica).

-Our system shows that the CPU has been running under high utilization for an extended time period over the last seven days. High CPU utilization might lead to slow query performance. To improve performance, we recommend moving to a larger compute size.

-Learn more about [PostgreSQL server - OrcasPostgreSqlCpuOverload (Increase the PostgreSQL server vCores)](https://aka.ms/postgresqlpricing).

-### Improve PostgreSQL connection management

-Our system shows that your PostgreSQL server might not be managing connections efficiently, which can result in unnecessary resource consumption and overall higher application latency. To improve connection management, we recommend that you reduce the number of short-lived connections and eliminate unnecessary idle connections by configuring a server side connection-pooler, such as PgBouncer.

-Learn more about [PostgreSQL server - OrcasPostgreSqlConnectionPooling (Improve PostgreSQL connection management)](https://aka.ms/azure_postgresql_connection_pooling).

-### Improve PostgreSQL log performance

-Our system shows that your PostgreSQL server has been configured to output VERBOSE error logs. This setting can be useful for troubleshooting your database, but it can also result in reduced database performance. To improve performance, we recommend that you change the log_error_verbosity parameter to the DEFAULT setting.

-Learn more about [PostgreSQL server - OrcasPostgreSqlLogErrorVerbosity (Improve PostgreSQL log performance)](https://aka.ms/azure_postgresql_log_settings).

-### Optimize query statistics collection on an Azure Database for PostgreSQL

-Our system shows that your PostgreSQL server has been configured to track query statistics using the pg_stat_statements module. While useful for troubleshooting, it can also result in reduced server performance. To improve performance, we recommend that you change the pg_stat_statements.track parameter to NONE.

-Learn more about [PostgreSQL server - OrcasPostgreSqlStatStatementsTrack (Optimize query statistics collection on an Azure Database for PostgreSQL)](https://aka.ms/azure_postgresql_optimize_query_stats).

-### Optimize query store on an Azure Database for PostgreSQL when not troubleshooting

-Our system shows that your PostgreSQL database has been configured to track query performance using the pg_qs.query_capture_mode parameter. While troubleshooting, we suggest setting the pg_qs.query_capture_mode parameter to TOP or ALL. When not troubleshooting, we recommend that you set the pg_qs.query_capture_mode parameter to NONE.

-Learn more about [PostgreSQL server - OrcasPostgreSqlQueryCaptureMode (Optimize query store on an Azure Database for PostgreSQL when not troubleshooting)](https://aka.ms/azure_postgresql_query_store).

-### Increase the storage limit for PostgreSQL Flexible Server

-Our system shows that the server might be constrained because it is approaching limits for the currently provisioned storage values. Approaching the storage limits might result in degraded performance or in the server being moved to read-only mode.

-Learn more about [PostgreSQL server - OrcasPostgreSqlFlexibleServerStorageLimit (Increase the storage limit for PostgreSQL Flexible Server)](https://aka.ms/azure_postgresql_flexible_server_limits).

-#### Optimize logging settings by setting LoggingCollector to -1

-Optimize logging settings by setting LoggingCollector to -1

-Learn more [Logs in Azure Database for PostgreSQL - Single Server] (/azurepostgresql/single-server/concepts-server-logs#configure-logging).

-#### Optimize logging settings by setting LogDuration to OFF

-Optimize logging settings by setting LogDuration to OFF

-Learn more [Logs in Azure Database for PostgreSQL - Single Server] (/azurepostgresql/single-server/concepts-server-logs#configure-logging).

-#### Optimize logging settings by setting LogStatement to NONE

-Optimize logging settings by setting LogStatement to NONE

-Learn more [Logs in Azure Database for PostgreSQL - Single Server] (/azurepostgresql/single-server/concepts-server-logs#configure-logging).

-#### Optimize logging settings by setting ReplaceParameter to OFF

-Optimize logging settings by setting ReplaceParameter to OFF

-Learn more [Logs in Azure Database for PostgreSQL - Single Server] (/azurepostgresql/single-server/concepts-server-logs#configure-logging).

-#### Optimize logging settings by setting LoggingCollector to OFF

-Optimize logging settings by setting LoggingCollector to OFF

-Learn more [Logs in Azure Database for PostgreSQL - Single Server] (/azurepostgresql/single-server/concepts-server-logs#configure-logging).

-### Increase the storage limit for Hyperscale (Citus) server group

-Our system shows that one or more nodes in the server group might be constrained because they are approaching limits for the currently provisioned storage values. This might result in degraded performance or in the server being moved to read-only mode. To ensure continued performance, we recommend increasing the provisioned disk space.

-Learn more about [PostgreSQL server - OrcasPostgreSqlCitusStorageLimitHyperscaleCitus (Increase the storage limit for Hyperscale (Citus) server group)](/azure/postgresql/howto-hyperscale-scale-grow#increase-storage-on-nodes).

-### Optimize log_statement settings for PostgreSQL on Azure Database

-Our system shows that you have log_statement enabled, for better performance set it to NONE

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruLogStatement (Optimize log_statement settings for PostgreSQL on Azure Database)](../postgresql/flexible-server/concepts-logging.md).

-### Increase the work_mem to avoid excessive disk spilling from sort and hash

-Our system shows that the configuration work_mem is too small for your PostgreSQL server, resulting in disk spilling and degraded query performance. We recommend increasing the work_mem limit for the server, which helps to reduce the scenarios when the sort or hash happens on disk and improves the overall query performance.

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruWorkMem (Increase the work_mem to avoid excessive disk spilling from sort and hash)](https://aka.ms/runtimeconfiguration).

-### Improve PostgreSQL - Flexible Server performance by enabling Intelligent tuning

-Our system suggests that you can improve storage performance by enabling Intelligent tuning

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruIntelligentTuning (Improve PostgreSQL - Flexible Server performance by enabling Intelligent tuning)](../postgresql/flexible-server/concepts-intelligent-tuning.md).

-### Optimize log_duration settings for PostgreSQL on Azure Database

-Our system shows that you have log_duration enabled, for better performance, set it to OFF

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruLogDuration (Optimize log_duration settings for PostgreSQL on Azure Database)](../postgresql/flexible-server/concepts-logging.md).

-### Optimize log_min_duration settings for PostgreSQL on Azure Database

-Our system shows that you have log_min_duration enabled, for better performance, set it to -1

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruLogMinDuration (Optimize log_min_duration settings for PostgreSQL on Azure Database)](../postgresql/flexible-server/concepts-logging.md).

-### Optimize pg_qs.query_capture_mode settings for PostgreSQL on Azure Database

-Our system shows that you have pg_qs.query_capture_mode enabled, for better performance, set it to NONE

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruQueryCaptureMode (Optimize pg_qs.query_capture_mode settings for PostgreSQL on Azure Database)](../postgresql/flexible-server/concepts-query-store-best-practices.md).

-### Optimize PostgreSQL performance by enabling PGBouncer

-Our system shows that you can improve PostgreSQL performance by enabling PGBouncer

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruOrcasPostgreSQLConnectionPooling (Optimize PostgreSQL performance by enabling PGBouncer)](../postgresql/flexible-server/concepts-pgbouncer.md).

-### Optimize log_error_verbosity settings for PostgreSQL on Azure Database

-Our system shows that you have log_error_verbosity enabled, for better performance, set it to DEFAULT

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasMeruMeruLogErrorVerbosity (Optimize log_error_verbosity settings for PostgreSQL on Azure Database)](../postgresql/flexible-server/concepts-logging.md).

-Consider our new offering, Azure Database for PostgreSQL Flexible Server, which provides richer capabilities such as zone resilient HA, predictable performance, maximum control, custom maintenance window, cost optimization controls, and simplified developer experience.

-Learn more about [Azure Database for PostgreSQL flexible server - OrcasPostgreSqlMeruMigration (Migrate your database from SSPG to FSPG)](../postgresql/how-to-upgrade-using-dump-and-restore.md).

-### Move your PostgreSQL Flexible Server to Memory Optimized SKU

-Our system shows that there is high churn in the buffer pool for this server, resulting in slower query performance and increased IOPS. To improve performance, review your workload queries to identify opportunities to minimize memory consumed. If no such opportunity found, then we recommend moving to higher SKU with more memory or increase storage size to get more IOPS.

-Learn more about [PostgreSQL server - OrcasMeruMemoryUpsell (Move your PostgreSQL Flexible Server to Memory Optimized SKU)](https://aka.ms/azure_postgresql_flexible_server_pricing).

-Containers enable you to run the Azure AI Vision APIs in your own environment. Containers are great for specific security and data governance requirements. In this article you'll learn how to download, install, and run the Read (OCR) container.

-The Read container allows you to extract printed and handwritten text from images and documents with support for JPEG, PNG, BMP, PDF, and TIFF file formats. For more information, see the [Read API how-to guide](how-to/call-read-api.md).

-If you're using Read 2.0 containers today, see the [migration guide](read-container-migration-guide.md) to learn about changes in the new versions.

-## How is OCR related to Intelligent Document Processing (IDP)?

-Intelligent Document Processing (IDP) uses OCR as its foundational technology to additionally extract structure, relationships, key-values, entities, and other document-centric insights with an advanced machine-learning based AI service like [Document Intelligence](../../ai-services/document-intelligence/overview.md). Document Intelligence includes a document-optimized version of **Read** as its OCR engine while delegating to other models for higher-end insights. If you are extracting text from scanned and digital documents, use [Document Intelligence Read OCR](../../ai-services/document-intelligence/concept-read.md).

-Microsoft's **Read** OCR engine is composed of multiple advanced machine-learning based models supporting [global languages](./language-support.md). It can extract printed and handwritten text including mixed languages and writing styles. **Read** is available as cloud service and on-premises container for deployment flexibility. With the latest preview, it's also available as a synchronous API for single, non-document, image-only scenarios with performance enhancements that make it easier to implement OCR-assisted user experiences.

-Summarization is one of the features offered by [Azure AI Language](../overview.md), a collection of machine learning and AI algorithms in the cloud for developing intelligent applications that involve written language. Use this article to learn more about this feature, and how to use it in your applications.

-Though the services are labeled document and conversation summarization, text summarization only accepts plain text blocks, and conversation summarization accept various speech artifacts in order for the model to learn more. If you want to process a conversation but only care about text, you can use text summarization for that scenario.

-Text summarization uses natural language processing techniques to generate a summary for documents. There are two supported API approaches to automatic summarization: extractive and abstractive.

-Extractive summarization extracts sentences that collectively represent the most important or relevant information within the original content. Abstractive summarization generates a summary with concise, coherent sentences or words that aren't verbatim extract sentences from the original document. These features are designed to shorten content that could be considered too long to read.

-There are two aspects of text summarization this API provides:

-* [**Extractive summarization**](how-to/document-summarization.md#try-text-extractive-summarization): Produces a summary by extracting salient sentences within the document.

- * Rank score: The rank score indicates how relevant a sentence is to a document's main topic. Text summarization ranks extracted sentences, and you can determine whether they're returned in the order they appear, or according to their rank.

- * Multiple returned sentences: Determine the maximum number of sentences to be returned. For example, if you request a three-sentence summary extractive summarization returns the three highest scored sentences.

-* [**Abstractive summarization**](how-to/document-summarization.md#try-text-abstractive-summarization): Generates a summary that doesn't use the same words as in the document, but captures the main idea.

- * Summary texts: Abstractive summarization returns a summary for each contextual input range within the document. A long document can be segmented so multiple groups of summary texts can be returned with their contextual input range.

- * Contextual input range: The range within the input document that was used to generate the summary text.

-If we use the above example, the API might return these summarized sentences:

-* [**Issue/resolution summarization**](how-to/conversation-summarization.md#get-summaries-from-text-chats): A call center specific feature that gives a summary of issues and resolutions in conversations between customer-service agents and your customers.

-* [**Recap**](how-to/conversation-summarization.md#get-narrative-summarization): Summarizes a conversation into a brief paragraph.

-* [**Follow-up tasks**](how-to/conversation-summarization.md#get-narrative-summarization): Gives a list of follow-up tasks discussed in the input conversation.

-|Example summary | Format | Conversation aspect |

-| Customer wants to use the wifi connection on their Smart Brew 300. But it didn't work. | One or two sentences | issue |

-| Checked if the power light is blinking slowly. Checked the Contoso coffee app. It had no prompt. Tried to do a factory reset. | One or more sentences, generated from multiple lines of the transcript. | resolution |

-# [Document summarization](#tab/document-summarization)

-* **[Quickstarts](quickstart.md?pivots=rest-api&tabs=text-summarization)** are getting-started instructions to guide you through making requests to the service.

-Document summarization uses natural language processing techniques to generate a summary for documents. There are two supported API approaches to automatic summarization: extractive and abstractive.

-A native document refers to the file format used to create the original document such as Microsoft Word (docx) or a portable document file (pdf). Native document support eliminates the need for text preprocessing prior to using Azure AI Language resource capabilities. Currently, native document support is available for both [**AbstractiveSummarization**](../summarization/how-to/document-summarization.md#try-text-abstractive-summarization) and [**ExtractiveSummarization**](../summarization/how-to/document-summarization.md#try-text-extractive-summarization) capabilities.

- Currently **Text Summarization** supports the following native document formats:

-| Region | `gpt-35-turbo (0613)` | `gpt-35-turbo (1106)`| `fine tuned gpt-3.5-turbo-0125` | `gpt-4 (0613)` | `gpt-4 (1106)` | `gpt-4 (0125)` |

-|--|||||||

-| Australia East | ✅ | ✅ | | ✅ |✅ | |

-| East US | ✅ | | | | | ✅ |

-| East US 2 | ✅ | | ✅ | ✅ |✅ | |

-| France Central | ✅ | ✅ | | ✅ |✅ | |

-| Japan East | ✅ | | | | | |

-| Norway East | | | | | ✅ | |

-| Sweden Central | ✅ |✅ | ✅ |✅ |✅| |

-| UK South | ✅ | ✅ | | | ✅ | ✅ |

-| West US | | ✅ | | | ✅ | |

-| West US 3 | | | | |✅ | |

-The Azure OpenAI backend decides if, when, and how much extra dynamic quota is added or removed from different deployments. It isn't forecasted or announced in advance, and isn't predictable. Azure OpenAI lets your application know there's more quota available by responding with an HTTP 429 and not letting more API calls through. To take advantage of dynamic quota, your application code must be able to issue more requests as HTTP 429 responses become infrequent.

- model="gpt-35-turbo", # model = "deployment_name".

-response = client.completions.create(model=deployment_name, prompt=start_phrase, max_tokens=10)

- response = await client.chat.completions.create(model="gpt-35-turbo", messages=[{"role": "user", "content": "Hello world"}])

- model="deployment-name", # gpt-35-instant

- model=deployment,

-| Prompt tokens | Number of tokens in the prompt for each call |

-| Generation tokens | Number of tokens generated by the model on each call |

-| Peak calls per minute | Peak concurrent load to the endpoint measured in calls per minute|

-After you fill in the required details, select **Calculate** to view the suggested PTU for your scenario.

- name regex (.*)\.<domain to be rewritten>.com {1}.default.svc.cluster.local

-* An Azure subscription. [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

- - [!INCLUDE [azure-cli-login](../../includes/azure-cli-login.md)]

-* [!INCLUDE [About Bicep](../../../includes/resource-manager-quickstart-bicep-introduction.md)]

-> [!NOTE]

->If you use any programming/scripting logic to list and select a minor version of Kubernetes before creating clusters with the `ListKubernetesVersions` API, note that starting from Kubernetes v1.27, the API returns `SupportPlan` as `[KubernetesOfficial, AKSLongTermSupport]`. Please ensure you update any logic to exclude `AKSLongTermSupport` versions to avoid any breaks and choose `KubernetesOfficial` support plan versions. Otherwise, if LTS is indeed your path forward please first opt-into the Premium tier and the `AKSLongTermSupport` support plan versions from the `ListKubernetesVersions` API before creating clusters.

-> After you rotate the key, the previous key (key1) is still cached and shouldn't be deleted. If you want to delete the previous key (key1) immediately, you need to rotate the key twice. Then key2 and key3 are cached, and key1 can be deleted without affecting the existing cluster.

-* [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

- [!INCLUDE [azure-powershell-requirements-no-header.md](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [azure-powershell-requirements-no-header.md](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

- [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

- [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

- [!INCLUDE [azure-powershell-requirements-no-header](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [azure-powershell-requirements-no-header](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [azure-powershell-requirements-no-header](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [azure-powershell-requirements-no-header](../../includes/azure-powershell-requirements-no-header.md)]

- [!INCLUDE [azure-powershell-requirements-no-header](../../includes/azure-powershell-requirements-no-header.md)]

-By default, persistent storage is *disabled* on Windows custom containers. To enable it, set the `WEBSITES_ENABLE_APP_SERVICE_STORAGE` app setting value to `true` via the [Cloud Shell](https://shell.azure.com). In Bash:

-az webapp config appsettings set --resource-group <group-name> --name <app-name> --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=true

-Set-AzWebApp -ResourceGroupName <group-name> -Name <app-name> -AppSettings @{"WEBSITES_ENABLE_APP_SERVICE_STORAGE"=true}

-> It is recommended to use this feature for dev environments first before migrating any production environments to ensure there are no unexpected issues. Please provide any feedback related to this article or the feature using the buttons at the bottom of the page.

-> If you're configuring a custom domain suffix, when you're adding the network permissions on your Azure key vault, be sure that your key vault allows access from your App Service Environment v3's new subnet. If you're accessing your key vault using a private endpoint, ensure you've configured private access correctly with the new subnet.

-A scale operation on one size and operating system won't affect scaling of the other combinations of size and operating system. For example, if you are scaling a Windows I2v2 App Service plan, a scale operation to a Windows I3v2 App Service plan starts immediately. Scaling normally takes less than 15 minutes.

-| `WEBSITES_ENABLE_APP_SERVICE_STORAGE` | Set to `true` to enable the `/home` directory to be shared across scaled instances. The default is `false` for custom containers. ||

-> [!NOTE]

-> If you can't find the certificate under Current User\Personal\Certificates, you may have accidentally opened "Certificates - Local Computer", rather than "Certificates - Current User").

-1. In the Wizard, click **Next**.

-1. Select **No, do not export the private key**, and then click **Next**.

-1. On the **Export File Format** page, select **Base-64 encoded X.509 (.CER).**, and then click **Next**.

-1. For **File to Export**, **Browse** to the location to which you want to export the certificate. For **File name**, name the certificate file. Then, click **Next**.

-1. Click **Finish** to export the certificate.

-1. Your certificate is successfully exported.

-1. If you open the exported certificate using Notepad, you see something similar to this example. The section in blue contains the information that is uploaded to application gateway. If you open your certificate with Notepad and it doesn't look similar to this, typically this means you didn't export it using the Base-64 encoded X.509(.CER) format. Additionally, if you want to use a different text editor, understand that some editors can introduce unintended formatting in the background. This can create problems when uploaded the text from this certificate to Azure.

-| Functionality - basic | HTTP/HTTP2/HTTPS<br>Websocket<br>Public/Private IP<br>Cookie Affinity<br>Path-based affinity<br>Wildcard<br>Multisite<br>KeyVault<br>AKS (via AGIC)<br>Zone<br>Header rewrite | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br> | &#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713;<br>&#x2713; |

-> Eventually, a major version update (v2.x.x) for the `microsoft.flux` extension will be released. When this happens, clusters won't be auto-upgraded to this version, since [auto-upgrade is only supported for minor version releases](extensions.md#upgrade-extension-instance). If you're still using an older API version when the next major version is released, you'll need to update your manifests to the latest API versions, perform any necessary testing, then upgrade your extension manually. For more information about the new API versions (breaking changes) and how to update your manifests, see the [Flux v2 release notes](https://github.com/fluxcd/flux2/releases/tag/v2.0.0).

- [!INCLUDE [azure-lighthouse-supported-service](../../../includes/azure-lighthouse-supported-service.md)]

- >[!NOTE]

- >Activation of ESU is planned for the third quarter of 2023. Using Azure services such as Azure Update Manager and Azure Policy to support managing ESU-eligible Windows Server 2012/2012 R2 machines are also planned for the third quarter.

-You have the flexibility to start with either option, or incorporate the other one later without any disruption. With both options, you'll enjoy the same consistent experience.

-Azure Cache for Redis offers three built-in access policies: _Owner_, _Contributor_, and _Reader_. If the built-in access policies don't satisfy your data protection and isolation requirements, you can create and use your own custom data access policy as described in [Configure custom data access policy](#configure-a-custom-data-access-policy-for-your-application).

- // rediss for TLS

- url: `rediss://${cacheHostName}:6380`,

-By default, extension bundles are used by Java, JavaScript, PowerShell, Python, C# script, and Custom Handler function apps to work with binding extensions. In cases where extension bundles can't be used, you can explicitly install binding extensions with your function app project. Extension bundles are supported for version 2.x and later version of the Functions runtime.

-> Even though host.json supports custom ranges for `version`, you should use a version range value from this table, such as `[4.0.0, 5.0.0)`.

-For compiled C# class library projects ([in-process](functions-dotnet-class-library.md) and [isolated worker process](dotnet-isolated-process-guide.md)), you install the NuGet packages for the extensions that you need as you normally would. For examples see either the [Visual Studio Code developer guide](functions-develop-vs-code.md?tabs=csharp#install-binding-extensions) or the [Visual Studio developer guide](functions-develop-vs.md#add-bindings).

-You also need an active Azure subscription. [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

-* An [Azure account](https://azure.microsoft.com/). [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)]

-Portal editing is only supported for [Python version 1](functions-reference-python.md?pivots=python-mode-configuration), which uses the function.json file.

-¹ Linux is the only supported operating system for the [Python runtime stack](./functions-reference-python.md).

-² Windows deployments are code-only. Functions doesn't currently support Windows containers.

-¹ During scale-out, there's currently a limit of 500 instances per subscription per hour for Linux apps on a Consumption plan. <br/>

-² In some regions, Linux apps on a Premium plan can scale to 100 instances. For more information, see the [Premium plan article](functions-premium-plan.md#region-max-scale-out). <br/>

-³ For specific limits for the various App Service plan options, see the [App Service plan limits](../azure-resource-manager/management/azure-subscription-service-limits.md#app-service-limits).

-| **[Consumption plan]** | Apps can scale to zero when idle, meaning some requests might have more latency at startup. The consumption plan does have some optimizations to help decrease cold start time, including pulling from prewarmed placeholder functions that already have the function host and language processes running. |

-*Last updated: January 2024*

-| [Azure API for FHIR](../../healthcare-apis/azure-api-for-fhir/index.yml) | &#x2705; | &#x2705; |

-| [Power Virtual Agents](/power-virtual-agents/) | &#x2705; | &#x2705; |

-*Last updated: November 2023*

-| [Power Virtual Agents](/power-virtual-agents/) | &#x2705; | &#x2705; | &#x2705; | | |

- For more information, see [How to set up data collection endpoints based on your deployment](../essentials/data-collection-endpoint-overview.md#how-to-set-up-data-collection-endpoints-based-on-your-deployment).

-You can configure if log search alerts are [stateful or stateless](alerts-overview.md#alerts-and-state). This feature is currently in preview.

- * [Python](opentelemetry-enable.md?tabs=python): Enabled by default.

-2. Open the Application Insigwhts resource for your application in the [Azure portal](https://portal.azure.com). Select **Live metrics**, which is listed under **Investigate** in the left hand menu.

-| Python | **Not supported** | **Not supported** | **Not supported** | **Not supported** | **Not supported** |

-##### [Java-Native](#tab/java-native)

-The APIs from the Application Insights SDK 2.X aren't available in the Azure Monitor OpenTelemetry Distro. You can access these APIs through a nonbreaking upgrade path in the Application Insights SDK 3.X.

- [!INCLUDE [azure-monitor-log-analytics-rebrand](../../../includes/azure-monitor-instrumentation-key-deprecation.md)]

-The agent uses the [Docker JSON file logging driver](https://docs.docker.com/config/containers/logging/json-file/) to capture the stdout and stderr of containers. This logging driver splits log lines [larger than 16 KB](https://github.com/moby/moby/pull/22982) into multiple lines when they're copied from stdout or stderr to a file.

- Using a wildcard filter such as `Microsoft.ResourceId eq '*'` causes the API to return a time series for every resourceId in the subscription and region. If the subscription and region combination contains no resources, an empty time series is returned. The same query without the wildcard filter would return a single time series, aggregating the requested metric over the requested dimensions, for example subscription and region. If there are no resources in the subscription and region combination, the API returns a single time series with a single data point of `0`.

-

-To fetch multiple time series with specific dimension values, specify a filter query parameter that specifies both dimension values such as `"&$filter=ApiName eq 'ListContainers' or ApiName eq 'GetBlobServiceProperties'"`.

-To return a time series for every value of a given dimension, use an `*` filter such as `"&$filter=ApiName eq '*'"`. The `Top` and `OrderBy` query parameters can be used to limit and order the number of time series returned.

-> A `Microsoft.ResourceId eq '*'` filter is added in the example for the multi resource metrics requests. The filter tells the API to return a separate time series per virtual machine resource in the subscription and region. Without the filter the API would return a single time series aggregating the average CPU for all VMs. The times series for each resource is differentiated by the `Microsoft.ResourceId` metadata value on each time series entry, as can be seen in the following sample return value. If there are no resourceIds retrieved by this query an empty time series`"timeseries": []` is returned.

- Using a wildcard filter such as `Microsoft.ResourceId eq '*'` causes the API to return a time series for every resourceId in the subscription and region. If the subscription and region combination contains no resources, an empty time series is returned. The same query without the wildcard filter would return a single time series, aggregating the requested metric over the requested dimensions, for example subscription and region. If there are no resources in the subscription and region combination, the API returns a single time series with a single data point of `0`.

-Running into issues? Check the [Troubleshooting guide](/troubleshoot/azure/azure-monitor/app-insights/code-optimizations-troubleshooting)

-> [Troubleshoot Code Optimizations](/troubleshoot/azure/azure-monitor/app-insights/code-optimizations-troubleshooting)

- - **Cluster (default)**--The costs for your cluster are attributed to the cluster resource.

- - **Workspaces**--The costs for your cluster are attributed proportionately to the workspaces in the Cluster, with the cluster resource being billed some of the usage if the total ingested data for the day is under the commitment tier. See [Log Analytics Dedicated Clusters](./cost-logs.md#dedicated-clusters) to learn more about the cluster pricing model.

-## Get all clusters in resource group

-### Update billingType in cluster

-The *billingType* property determines the billing attribution for the cluster and its data:

-#### [Portal](#tab/azure-portal)

-#### [CLI](#tab/cli)

-```azurecli

-az account set --subscription "cluster-subscription-id"

-az monitor log-analytics cluster update --resource-group "resource-group-name" --name "cluster-name" --billing-type {Cluster, Workspaces}

-```

-#### [PowerShell](#tab/powershell)

-```powershell

-Select-AzSubscription "cluster-subscription-id"

-Update-AzOperationalInsightsCluster -ResourceGroupName "resource-group-name" -ClusterName "cluster-name" -BillingType "Workspaces"

-```

-#### [REST API](#tab/restapi)

-*Call*

-```rest

-PATCH https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.OperationalInsights/clusters/<cluster-name>?api-version=2022-10-01

-Authorization: Bearer <token>

-Content-type: application/json

-{

- "properties": {

- "billingType": "Workspaces"

- },

- "location": "region"

-}

-```

-description: Sample Azure Resource Manager templates to deploy Log Analytics clusters.

-# Resource Manager template samples for Log Analytics clusters in Azure Monitor

-This article includes sample [Azure Resource Manager templates](../../azure-resource-manager/templates/syntax.md) to create and configure Log Analytics clusters in Azure Monitor. Each sample includes a template file and a parameters file with sample values to provide to the template.

-## Template references

-## Create a Log Analytics cluster

-The following sample creates a new empty Log Analytics cluster.

-### Template file

-# [Bicep](#tab/bicep)

-```bicep

-@description('Specify the name of the Log Analytics cluster.')

-param clusterName string

-@description('Specify the location of the resources.')

-param location string = resourceGroup().location

-@description('Specify the capacity reservation value.')

-@allowed([

- 100

- 200

- 300

- 400

- 500

- 1000

- 2000

- 5000

-])

-param CommitmentTier int

-@description('Specify the billing type settings. Can be \'Cluster\' (default) or \'Workspaces\' for proportional billing on workspaces.')

-@allowed([

- 'Cluster'

- 'Workspaces'

-])

-param billingType string

-resource cluster 'Microsoft.OperationalInsights/clusters@2021-06-01' = {

- name: clusterName

- location: location

- identity: {

- type: 'SystemAssigned'

- }

- sku: {

- name: 'CapacityReservation'

- capacity: CommitmentTier

- }

- properties: {

- billingType: billingType

- }

-}

-```

-# [JSON](#tab/json)

-```json

-{

- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "clusterName": {

- "type": "string",

- "metadata": {

- "description": "Specify the name of the Log Analytics cluster."

- }

- },

- "location": {

- "type": "string",

- "defaultValue": "[resourceGroup().location]",

- "metadata": {

- "description": "Specify the location of the resources."

- }

- },

- "CommitmentTier": {

- "type": "int",

- "allowedValues": [

- 100,

- 200,

- 300,

- 400,

- 500,

- 1000,

- 2000,

- 5000

- ],

- "metadata": {

- "description": "Specify the capacity reservation value."

- }

- },

- "billingType": {

- "type": "string",

- "allowedValues": [

- "Cluster",

- "Workspaces"

- ],

- "metadata": {

- "description": "Specify the billing type settings. Can be 'Cluster' (default) or 'Workspaces' for proportional billing on workspaces."

- }

- }

- },

- "resources": [

- {

- "type": "Microsoft.OperationalInsights/clusters",

- "apiVersion": "2021-06-01",

- "name": "[parameters('clusterName')]",

- "location": "[parameters('location')]",

- "identity": {

- "type": "SystemAssigned"

- },

- "sku": {

- "name": "CapacityReservation",

- "capacity": "[parameters('CommitmentTier')]"

- },

- "properties": {

- "billingType": "[parameters('billingType')]"

- }

- }

- ]

-}

-```

-### Parameter file

-```json

-{

- "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentParameters.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "clusterName": {

- "value": "MyCluster"

- },

- "CommitmentTier": {

- "value": 500

- },

- "billingType": {

- "value": "Cluster"

- }

- }

-}

-```

-## Update a Log Analytics cluster

-The following sample updates a Log Analytics cluster to use customer-managed key.

-### Template file

-# [Bicep](#tab/bicep)

-```bicep

-@description('Specify the name of the Log Analytics cluster.')

-param clusterName string

-@description('Specify the location of the resources')

-param location string = resourceGroup().location

-@description('Specify the key vault name.')

-param keyVaultName string

-@description('Specify the key name.')

-param keyName string

-@description('Specify the key version. When empty, latest key version is used.')

-param keyVersion string

-var keyVaultUri = format('{0}{1}', keyVaultName, environment().suffixes.keyvaultDns)

-resource cluster 'Microsoft.OperationalInsights/clusters@2021-06-01' = {

- name: clusterName

- location: location

- identity: {

- type: 'SystemAssigned'

- }

- properties: {

- keyVaultProperties: {

- keyVaultUri: keyVaultUri

- keyName: keyName

- keyVersion: keyVersion

- }

- }

-}

-```

-# [JSON](#tab/json)

-```json

-{

- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "clusterName": {

- "type": "string",

- "metadata": {

- "description": "Specify the name of the Log Analytics cluster."

- }

- },

- "location": {

- "type": "string",

- "defaultValue": "[resourceGroup().location]",

- "metadata": {

- "description": "Specify the location of the resources"

- }

- },

- "keyVaultName": {

- "type": "string",

- "metadata": {

- "description": "Specify the key vault name."

- }

- },

- "keyName": {

- "type": "string",

- "metadata": {

- "description": "Specify the key name."

- }

- },

- "keyVersion": {

- "type": "string",

- "metadata": {

- "description": "Specify the key version. When empty, latest key version is used."

- }

- }

- },

- "variables": {

- "keyVaultUri": "[format('{0}{1}', parameters('keyVaultName'), environment().suffixes.keyvaultDns)]"

- },

- "resources": [

- {

- "type": "Microsoft.OperationalInsights/clusters",

- "apiVersion": "2021-06-01",

- "name": "[parameters('clusterName')]",

- "location": "[parameters('location')]",

- "identity": {

- "type": "SystemAssigned"

- },

- "properties": {

- "keyVaultProperties": {

- "keyVaultUri": "[variables('keyVaultUri')]",

- "keyName": "[parameters('keyName')]",

- "keyVersion": "[parameters('keyVersion')]"

- }

- }

- }

- ]

-}

-```

-### Parameter file

-```json

-{

- "$schema": "https://schema.management.azure.com/schemas/2019-08-01/deploymentParameters.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "clusterName": {

- "value": "MyCluster"

- },

- "keyVaultUri": {

- "value": "https://key-vault-name.vault.azure.net"

- },

- "keyName": {

- "value": "MyKeyName"

- },

- "keyVersion": {

- "value": ""

- }

- }

-}

-```

-## Next steps

-## Permissions required

-| Action | Permissions required |

-| | |

-| Create or update summary rule | `Microsoft.Operationalinsights/workspaces/summarylogs/write` permissions to the Log Analytics workspace, as provided by the [Log Analytics Contributor built-in role](manage-access.md#log-analytics-contributor), for example |

-| Create or update destination table | `Microsoft.OperationalInsights/workspaces/tables/write` permissions to the Log Analytics workspace, as provided by the [Log Analytics Contributor built-in role](manage-access.md#log-analytics-contributor), for example |

-| Enable query in workspace | `Microsoft.OperationalInsights/workspaces/query/read` permissions to the Log Analytics workspace, as provided by the [Log Analytics Reader built-in role](manage-access.md#log-analytics-reader), for example |

-| Query all logs in workspace | `Microsoft.OperationalInsights/workspaces/query/*/read` permissions to the Log Analytics workspace, as provided by the [Log Analytics Reader built-in role](manage-access.md#log-analytics-reader), for example |

-| Query logs in table | `Microsoft.OperationalInsights/workspaces/query/<table>/read` permissions to the Log Analytics workspace, as provided by the [Log Analytics Reader built-in role](manage-access.md#log-analytics-reader), for example |

-| Query logs in table (table action) | `Microsoft.OperationalInsights/workspaces/tables/query/read` permissions to the Log Analytics workspace, as provided by the [Log Analytics Reader built-in role](manage-access.md#log-analytics-reader), for example |

-| Use queries encrypted in a customer-managed storage account|`Microsoft.Storage/storageAccounts/*` permissions to the storage account, as provided by the [Storage Account Contributor built-in role](/azure/role-based-access-control/built-in-roles/storage#storage-account-contributor), for example|

-The cost you incur for summary rules consists of the cost of the query on the source table and the cost of ingesting the results to the destination table:

-Before you create a rule, experiment with the query in [Log Analytics](log-analytics-overview.md). Verify that the query doesn't reach or near the query limit. Check that the query produces the intended schema and expected results. If the query is close to the query limits, consider using a smaller `binSize` to process less data per bin. You can also modify the query to return fewer records or remove fields with higher volume.

-### Deleted data remains in workspace, subject to retention period

-When you [delete columns or a custom log table](create-custom-table.md), data remains in the workspace and is subjected to the [retention period](data-retention-archive.md) defined on the table or workspace. During the retention period, if you create a table with the same name and fields, Azure Monitor recreates the table with the old data. To delete old data, [update the table retention period](/rest/api/loganalytics/tables/update) with the minimum retention supported (four days) and then delete the table.

-<!-- [!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)] -->

-<!-- [!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)] -->

-Here's an example of enabling features 'compileTimeImports' and 'userDefinedFunctions`.

-Returns information about the Azure environment used for deployment.

-New-AzManagmentGroupDeploymentStack `

-Set-AzManagmentGroupDeploymentStack `

-New-AzManagmentGroupDeploymentStack `

-Save-AzManagmentGroupDeploymentStack `

-Additionally, you can also refence ARM templates using the [module](./modules.md) statement.

- "toolTip": "Must represent the identity as an Azure Resource Manager resource identifer format ex. /subscriptions/sub1/resourcegroups/myGroup/providers/Microsoft.Network/networkInterfaces/networkinterface1",

- "toolTip": "Must represent the identity as an Azure Resource Manager resource identifer format ex. /subscriptions/sub1/resourcegroups/myGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",

-If you need to programatically retrieve new tokens as part of your application, you can obtain an access token by [Registering your client application with Microsoft Entra ID](/rest/api/azure/#register-your-client-application-with-azure-ad).

-> | virtualnetworks | **Yes** | **Yes** | No |

-* For a complete PowerShell example, see [Check Resource Manager Limits for a Subscription](https://github.com/Microsoft/csa-misc-utils/tree/master/psh-GetArmLimitsViaAPI).

-> | policyAssignments | scope of assignment | 1-128 display name<br><br>1-64 resource name<br><br>1-24 resource name at management group scope | Display name can contain any characters.<br><br>Resource name can't use:<br>`#<>*%&:\?.+/` or control characters. <br><br>Can't end with period or space. |

-> | policyDefinitions | scope of definition | 1-128 display name<br><br>1-64 resource name | Display name can contain any characters.<br><br>Resource name can't use:<br>`#<>*%&:\?+/` or control characters. <br><br>Can't end with period or space. |

-> | policyExemptions | scope of exemption | 1-128 display name<br><br>1-64 resource name | Display name can contain any characters.<br><br>Resource name can't use:<br>`#<>*%&:\?.+/` or control characters. <br><br>Can't end with period or space. |

-> | policySetDefinitions | scope of definition | 1-128 display name<br><br>1-64 resource name | Display name can contain any characters.<br><br>Resource name can't use:<br>`#<>*%&:\?.+/` or control characters. <br><br>Can't end with period or space. |

-> | workspaces / batchEndpoints | Yes | No |

-> | workspaces / batchEndpoints / deployments / jobs | No | No |

-> | workspaces / batchEndpoints / jobs | No | No |

-> [!NOTE]

-> Workspace tags don't propagate to compute clusters and compute instances. It is not supported with tracking cost at cluster/batch endpoint level.

-Returns information about the Azure environment used for deployment.

-| OperationNotAllowed | There can be several reasons for this error message.<br><br>1. The deployment is attempting an operation which is not allowed on spcecified SKU.<br><br>2. The deployment is attempting an operation that exceeds the quota for the subscription, resource group, or region. If possible, revise your deployment to stay within the quotas. Otherwise, consider requesting a change to your quotas. | [Resolve quotas](error-resource-quota.md) |

-| The AV64 SKU currently supports RAID-1 FTT1, RAID-5 FTT1, and RAID-1 FTT2 vSAN storage policies. For more information, see [AV64 supported RAID configuration](introduction.md#av64-supported-raid-configuration) | Nov 2023 | Use AV36, AV36P, or AV52 SKUs when RAID-6 FTT2 or RAID-1 FTT3 storage policies are needed. | N/A |

-> The current version of VMware Site Recovery Manager (SRM) in Azure VMware Solution is 8.5.0.3.

-## Modify resource while restoring backups to AKS cluster

-You can use the *Resource Modification* feature to modify backed-up Kubernetes resources during restore by specifying *JSON* patches as `configmap` deployed in the AKS cluster.

-### Create and apply a resource modifier configmap during restore

-To create and apply resource modification, follow these steps:

-1. Create resource modifiers configmap.

- You need to create one configmap in your preferred namespace from a *YAML* file that defined resource modifiers.

- **Example for creating command**:

- ```json

- version: v1

- resourceModifierRules:

- - conditions:

- groupResource: persistentvolumeclaims

- resourceNameRegex: "^mysql.*$"

- namespaces:

- - bar

- - foo

- labelSelector:

- matchLabels:

- foo: bar

- patches:

- - operation: replace

- path: "/spec/storageClassName"

- value: "premium"

- - operation: remove

- path: "/metadata/labels/test"

- ```

- - The above *configmap* applies the *JSON* patch to all the Persistent Volume Copies in the *namespaces* bar and *foo* with name that starts with `mysql` and `match label foo: bar`. The JSON patch replaces the `storageClassName` with `premium` and removes the label `test` from the Persistent Volume Copies.

- - Here, the *Namespace* is the original namespace of the backed-up resource, and not the new namespace where the resource is going to be restored.

- - You can specify multiple JSON patches for a particular resource. The patches are applied as per the order specified in the *configmap*. A subsequent patch is applied in order. If multiple patches are specified for the same path, the last patch overrides the previous patches.

- - You can specify multiple `resourceModifierRules` in the *configmap*. The rules are applied as per the order specified in the *configmap*.

-2. Creating a resource modifier reference in the restore configuration

- When you perform a restore operation, provide the *ConfigMap name* and the *Namespace* where it's deployed as part of restore configuration. These details need to be provided under **Resource Modifier Rules**.

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/resource-modifier-rules.png" alt-text="Screenshot shows the location to provide resource details." lightbox="./media/azure-kubernetes-service-backup-overview/resource-modifier-rules.png":::

- Operations supported by **Resource Modifier**

- - **Add**

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/add-resource-modifier.png" alt-text="Screenshot shows the addition of resource modifier. ":::

- - **Remove**

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/remove-resource-modifier.png" alt-text="Screenshot shows the option to remove resource.":::

- - **Replace**

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/replace-resource-modifier.png" alt-text="Screenshot shows the replacement option for resource modifier.":::

- - **Move**

- - **Copy**

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/copy-resource-modifier.png" alt-text="Screenshot shows the option to copy resource modifier.":::

- - **Test**

- You can use the **Test** operation to check if a particular value is present in the resource. If the value is present, the patch is applied. If the value isn't present, the patch isn't applied.

- :::image type="content" source="./media/azure-kubernetes-service-backup-overview/test-resource-modifier-value-present.png" alt-text="Screenshot shows the option to test if the resource value modifier is present.":::

-### JSON patch

-This *configmap* applies the JSON patch to all the deployments in the namespaces by default and `nginx` with the name that starts with `nginxdep`. The JSON patch updates the replica count to *12* for all such deployments.

-```json

-resourceModifierRules:

-groupResource: deployments.apps

-resourceNameRegex: "^nginxdep.*$"

-namespaces:

-patches:

-path: "/spec/replicas"

-value: "12"

-```

-```json

-version: v1

-resourceModifierRules:

- - conditions:

- groupResource: deployments.apps

- resourceNameRegex: "^nginxdep.*$"

- namespaces:

- - default

- - nginx

- mergePatches:

- - patchData: |

- {

- "metadata" : {

- "labels" : {

- "app" : "nginx1"

- }

- }

- }

-```

-```json

-version: v1

-resourceModifierRules:

- groupResource: pods

- resourceNameRegex: "^nginx.*$"

- namespaces:

- - default

- strategicPatches:

- - patchData: |

- {

- "spec": {

- "containers": [

- {

- "name": "nginx",

- "image": "mcr.microsoft.com/cbl-mariner/base/nginx:1.22"

- }

- ]

- }

- }

-```

-This error code can appear while you enable AKS backup to store backups in a vault standard datastore.

-As part of the AKS backup capability, you can back up all cluster resources or specific cluster resources. You can use the filters that are available for backup configuration to choose the resources to back up. The defined backup configurations are referenced by the values for **Backup Instance Name**. You can use the following options to choose the **Namespaces** values to back up:

- To select specific cluster resources to back up, you can use labels that are attached to the resources to include the resources in the backup. Only the resources that have the labels that you enter are backed up. You can use multiple labels.

- If you also want to back up cluster-scoped resources, secrets, and persistent volumes, select the items under **Other Options**.

-Recommended Action: The backups will continue to fail as the source disk may be deleted or moved to a different location. Use the existing restore point to restore the disk if it's deleted by mistake. If the disk is moved to a different location, configure backup for the disk.

-Recommended Action: Grant the Backup vault's managed identity the appropriate permissions on the disk. Refer to [the documentation](backup-managed-disks.md) to understand what permissions are required by the Backup Vault managed identity and how to provide it.

-Recommended Action: Grant the Backup vault's managed identity the appropriate permissions on the snapshot data store resource group. The snapshot data store resource group is the location where the disk snapshots are stored. Refer to [the documentation](backup-managed-disks.md) to understand which is the resource group, what permissions are required by the Backup Vault managed identity and how to provide it.

-Recommended Action: The backups will continue to fail as the source disk may be deleted or moved to a different location. Use the existing restore point to restore the disk if it's deleted by mistake. If the disk is moved to a different location, configure backup for the disk. If the disk isn't deleted or moved, grant the Backup vault's managed identity the appropriate permissions on the disk. Refer to [the documentation](backup-managed-disks.md) to understand what permissions are required by the Backup vault's managed identity and how to provide it.

-Recommended Action: Create a resource group and grant the Backup vault's managed identity the appropriate permissions on the snapshot data store resource group. The snapshot data store resource group is the location where the disk snapshots are stored. Refer to [the documentation](backup-managed-disks.md) to understand what is the resource group, what permissions are required by the Backup vault's managed identity and how to provide it.

-Recommended Action: Grant the Backup vault's managed identity the appropriate permissions on the disk to be backed up and on the snapshot data store resource group where the snapshots are stored. Refer to [the documentation](backup-managed-disks.md) to understand what permissions are required by the Backup vault's managed identity and how to provide it.

-Recommended Action: Create the resource group and grant the Backup vault's managed identity the appropriate permissions on the snapshot data store resource group. The snapshot data store resource group is the location where the snapshots are stored. Refer to [the documentation](backup-managed-disks.md) to understand what is the resource group, what permissions are required by the Backup vault's managed identity, and how to provide it.

-Recommended Action: Grant the Backup vault's managed identity the appropriate permissions on the target resource group. The target resource group is the selected location where the disk is to be restored. Refer to the [restore documentation](restore-managed-disks.md) to understand what permissions are required by the Backup vault's managed identity, and how to provide it.

-Error Message: Operation has failed as the Disk quota maximum limit has been reached on the subscription.

-Error Message: Operation failed as the Target Resource Group does not exist. Or Azure Backup Service requires additional permissions on the Target Resource Group to do this operation.

-Recommended Action: Provide a valid resource group to restore, and grant the Backup vault's managed identity the appropriate permissions on the target resource group. The target resource group is the selected location where the disk is to be restored. Refer to the [restore documentation](restore-managed-disks.md) to understand what permissions are required by the Backup vault's managed identity, and how to provide it.

-Error Message: The disk snapshot for this Restore point has been deleted.

-Recommended Action: Snapshots are stored in the snapshot data store resource group within your subscription. It's possible that the snapshot related to the selected restore point might have been deleted or moved from this resource group. Consider using another Recovery point to restore. Also, follow the recommended guidelines for choosing Snapshot resource group mentioned in the [restore documentation](restore-managed-disks.md).

-Error Message: The disk snapshot metadata for this Restore point has been deleted

-Recommended Action: Backup Vault must be in a supported region. For region availability see the [the support matrix](disk-backup-support-matrix.md).

-Error Message: The disk you are trying to configure backup is already being protected. Disk is already associated with a backup instance in a Backup vault.

-Recommended Action: This disk is already associated with a backup instance in a Backup vault. If you want to re-protect this disk, then delete the backup instance from the Backup vault where it's currently protected and re-protect the disk in any other vault.

-Error Message: The disk you are trying to configure backup is already being protected. Disk is already associated with a backup instance in a Backup vault.

-Recommended Action: This disk is already associated with a backup instance in a Backup vault. If you want to re-protect this disk, then delete the backup instance from the Backup vault where it is currently protected and re-protect the disk in any other vault.

-Error Message: Unable to start the operation as maximum number of allowed concurrent backups has reached.

-Error Message: The subscription is not registered to use namespace ΓÇÿMicrosoft.ComputeΓÇÖ.

-Recommended Action: The required resource provider hasn't been registered for your subscription. Register both the resource providers' namespace (_Microsoft.Compute_ and _Microsoft.Storage_) using the steps in [Solution 3](../azure-resource-manager/templates/error-register-resource-provider.md#solution-3azure-portal).

-[Azure Disk Backup support matrix](disk-backup-support-matrix.md)

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-### <a name="dr"></a>How do I incorporate Azure Bastion in my Disaster Recovery plan?

-Azure Bastion is deployed within virtual networks or peered virtual networks, and is associated to an Azure region. You're responsible for deploying Azure Bastion to a Disaster Recovery (DR) site virtual network. If there's an Azure region failure, perform a failover operation for your VMs to the DR region. Then, use the Azure Bastion host that's deployed in the DR region to connect to the VMs that are now deployed there.

-### <a name="zone-redundant"></a>Does Bastion support zone redundancies?

-Currently, by default, new Bastion deployments don't support zone redundancies. Previously deployed bastions might or might not be zone-redundant. The exceptions are Bastion deployments in Korea Central and Southeast Asia, which do support zone redundancies.

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

->[!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)]

-All processing and resources are associated with a Batch account. When your application makes a request against the Batch service, it authenticates the request using the Azure Batch account name and the account URL. Additionally, it can use either an access key or a Microsoft Entra token.

-## Batch service APIs

-| **Batch Management .NET** |[Azure SDK for .NET - Docs](/dotnet/api/overview/azure/batch/management/management-batch(deprecated)) |[NuGet](https://www.nuget.org/packages/Microsoft.Azure.Management.Batch/) | [Tutorial](batch-management-dotnet.md) |[GitHub](https://github.com/Azure-Samples/azure-batch-samples/tree/master/CSharp) |

-> If the Shared Image is not in the same subscription as the Batch account, you must [register the Microsoft.Batch resource provider](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider) for that subscription. The two subscriptions must be in the same Microsoft Entra tenant.

-In an Azure Batch workflow, a *compute node* (or *node*) is a virtual machine that processes a portion of your application's workload. A *pool* is a collection of these nodes for your application to runs on. This article explains more about nodes and pools, along with considerations when creating and using them in an Azure Batch workflow.

- - [Cloud Services Configuration](#cloud-services-configuration)

-There are two types of pool configurations available in Batch.

-> [!IMPORTANT]

-> While you can currently create pools using either configuration, new pools should be configured using Virtual Machine Configuration and not Cloud Services Configuration. All current and new Batch features will be supported by Virtual Machine Configuration pools. Cloud Services Configuration pools do not support all features and no new capabilities are planned. You won't be able to create new 'CloudServiceConfiguration' pools or add new nodes to existing pools [after February 29, 2024](https://azure.microsoft.com/updates/azure-batch-cloudserviceconfiguration-pools-will-be-retired-on-29-february-2024/).

-### Cloud Services Configuration

-> [!WARNING]

-> Cloud Services Configuration pools are [deprecated](https://azure.microsoft.com/updates/azure-batch-cloudserviceconfiguration-pools-will-be-retired-on-29-february-2024/). Please use Virtual Machine Configuration pools instead. For more information, see [Migrate Batch pool configuration from Cloud Services to Virtual Machine](batch-pool-cloud-service-to-virtual-machine-configuration.md).

-The **Cloud Services Configuration** specifies that the pool is composed of Azure Cloud Services nodes. Cloud Services provides only Windows compute nodes.

-Available operating systems for Cloud Services Configuration pools are listed in the [Azure Guest OS releases and SDK compatibility matrix](../cloud-services/cloud-services-guestos-update-matrix.md), and available compute node sizes are listed in [Sizes for Cloud Services](../cloud-services/cloud-services-sizes-specs.md). When you create a pool that contains Cloud Services nodes, you specify the node size and its *OS Family* (which determines which versions of .NET are installed with the OS). Cloud Services is deployed to Azure more quickly than virtual machines running Windows. If you want pools of Windows compute nodes, you may find that Cloud Services provide a performance benefit in terms of deployment time.

-As with worker roles within Cloud Services, you can specify an *OS Version*. We recommend that you specify `Latest (*)` for the *OS Version* so that the nodes are automatically upgraded, and there is no work required to cater to newly released versions. The primary use case for selecting a specific OS version is to ensure application compatibility, which allows backward compatibility testing to be performed before allowing the version to be updated. After validation, the *OS Version* for the pool can be updated and the new OS image can be installed. Any running tasks will be interrupted and requeued.

-In the above rule, *Cdn-endpoint-name* refers to the name that you configured for your content delivery network endpoint, which you can select from the dropdown list. The value for *origin-path* refers to the path within your origin storage account where your static content resides. If you're hosting all static content in a single container, replace *origin-path* with the name of that container.

-| Microsoft.Chaos/experiments/getExecutionDetails/action | Get the execution details (status and errors for each action) for a run of a chaos experiment. |

-| | Transfer a call to Voicemail | ❌ | ❌ | ❌ | ❌ |

-During an active call, you may want to transfer the call to another person or number. Let's learn how.

- az keyvault create -n keyVaultName -g myResourceGroup --enabled-for-disk-encryption true --sku premium --enable-purge-protection true

- r. Select the pink banner to grant permissions to Azure Key Vault.

-Custom containers allow you to build solutions tailored to your needs. They enable you to execute code or applications in environments that are fast and ephemeral and offer secure, sandboxed spaces with Hyper-V. Additionally, they can be configured with optional network isolation. Some examples include:

-* **Isolated execution**: When you need to run applications in hostile, multitenant scenarios where each tenant or user has their own sandboxed environment. These environments are isolated from each other and from the host application. Some examples include applications that run user-provided code, code that grants end user access to a cloud-based shell, and development environments.

-You communicate with each session using HTTP requests. The custom container must expose an HTTP server on a port that you specify to respond to these requests.

-Every request to the API requires query string parameter of `identifier` with value of the session ID. The session ID is a unique identifier for the session that allows you to interact with specific sessions. To learn more about session identifiers, see [Session identifiers](sessions.md#session-identifiers).

-POST https://<SESSION_POOL_NAME>.<ENVIRONMENT_ID>.<REGION>.azurecontainerapps.io/api/execute-command?identifier=<USER_ID>

-In the example, the session's container receives the request at `http://0.0.0.0:<INGRESS_PORT>/api/execute-command`.

-| Nvidia | Supports both authenticated and unauthenticated pulls. | Azure CLI |

-To restore the default behavior of the *myrepo* repository and all images so that they can be deleted and updated, run the following command:

-| Nvidia | Supports both authenticated and unauthenticated pulls. | Azure CLI |

-# Monitor Azure Cosmos DB data by using diagnostic settings in Azure

-Diagnostic settings in Azure are used to collect resource logs. Resources emit Azure resource Logs and provide rich, frequent data about the operation of that resource. These logs are captured per request and they're also referred to as "data plane logs." Some examples of the data plane operations include delete, insert, and readFeed. The content of these logs varies by resource type.

-1. Navigate to your Azure Cosmos DB account. Open the **Diagnostic settings** pane under the **Monitoring section** and then select the **Add diagnostic setting** option.

- :::image type="content" source="media/monitor/diagnostics-settings-selection.png" lightbox="media/monitor/diagnostics-settings-selection.png" alt-text="Sreenshot of the diagnostics selection page.":::

-1. In the **Diagnostic settings** pane, fill the form with your preferred categories. Included here's a list of log categories.

- | Category | API | Definition | Key Properties |

- | | | | |

- | **DataPlaneRequests** | Recommended for API for NoSQL | Logs back-end requests as data plane operations, which are requests executed to create, update, delete or retrieve data within the account. | `Requestcharge`, `statusCode`, `clientIPaddress`, `partitionID`, `resourceTokenPermissionId` `resourceTokenPermissionMode` |

- | **MongoRequests** | API for MongoDB | Logs user-initiated requests from the front end to serve requests to Azure Cosmos DB for MongoDB. When you enable this category, make sure to disable DataPlaneRequests. | `Requestcharge`, `opCode`, `retryCount`, `piiCommandText` |

- | **CassandraRequests** | API for Apache Cassandra | Logs user-initiated requests from the front end to serve requests to Azure Cosmos DB for Cassandra. | `operationName`, `requestCharge`, `piiCommandText` |

- | **GremlinRequests** | API for Apache Gremlin | Logs user-initiated requests from the front end to serve requests to Azure Cosmos DB for Gremlin. | `operationName`, `requestCharge`, `piiCommandText`, `retriedDueToRateLimiting` |

- | **QueryRuntimeStatistics** | API for NoSQL | This table details query operations executed against an API for NoSQL account. By default, the query text and its parameters are obfuscated to avoid logging persona l data with full text query logging available by request. | `databasename`, `partitionkeyrangeid`, `querytext` |

- | **PartitionKeyStatistics** | All APIs | Logs the statistics of logical partition keys by representing the estimated storage size (KB) of the partition keys. This table is useful when troubleshooting storage skews. This PartitionKeyStatistics log is only emitted if the following conditions are true: 1. At least 1% of the documents in the physical partition have same logical partition key. 2. Out of all the keys in the physical partition, the PartitionKeyStatistics log captures the top three keys with largest storage size. </li></ul> If the previous conditions aren't met, the partition key statistics data isn't available. It's okay if the above conditions aren't met for your account, which typically indicates you have no logical partition storage skew. **Note**: The estimated size of the partition keys is calculated using a sampling approach that assumes the documents in the physical partition are roughly the same size. If the document sizes aren't uniform in the physical partition, the estimated partition key size might not be accurate. | `subscriptionId`, `regionName`, `partitionKey`, `sizeKB` |

- | **PartitionKeyRUConsumption** | API for NoSQL or API for Apache Gremlin | Logs the aggregated per-second RU/s consumption of partition keys. This table is useful for troubleshooting hot partitions. Currently, Azure Cosmos DB reports partition keys for API for NoSQL accounts only and for point read/write, query, and stored procedure operations. | `subscriptionId`, `regionName`, `partitionKey`, `requestCharge`, `partitionKeyRangeId` |

- | **ControlPlaneRequests** | All APIs | Logs details on control plane operations, which include, creating an account, adding or removing a region, updating account replication settings etc. | `operationName`, `httpstatusCode`, `httpMethod`, `region` |

- | **TableApiRequests** | API for Table | Logs user-initiated requests from the front end to serve requests to Azure Cosmos DB for Table.| `operationName`, `requestCharge`, `piiCommandText` |

-1. Once you select your **Categories details**, then send your Logs to your preferred destination. If you're sending Logs to a **Log Analytics Workspace**, make sure to select **Resource specific** as the Destination table.

- :::image type="content" source="media/monitor/diagnostics-resource-specific.png" alt-text="Screenshot of the option to enable resource-specific diagnostics.":::

-Use the [az monitor diagnostic-settings create](/cli/azure/monitor/diagnostic-settings#az-monitor-diagnostic-settings-create) command to create a diagnostic setting with the Azure CLI. See the documentation for this command for descriptions of its parameters.

-> [!NOTE]

-> If you are using API for NoSQL, we recommend setting the **export-to-resource-specific** property to **true**.

-1. Create shell variables for `subscriptionId`, `diagnosticSettingName`, `workspaceName` and `resourceGroupName`.

- ```azurecli

- # Variable for subscription id

- subscriptionId="<subscription-id>"

- # Variable for resource group name

- resourceGroupName="<resource-group-name>"

-

- # Variable for workspace name

- workspaceName="<workspace-name>"

- # Variable for diagnostic setting name

- diagnosticSettingName="<diagnostic-setting-name>"

- ```

- ```azurecli

- --resource "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.DocumentDb/databaseAccounts/" \

- --name $diagnosticSettingName \

- --export-to-resource-specific true \

- --logs '[{"category": "QueryRuntimeStatistics","categoryGroup": null,"enabled": true,"retentionPolicy": {"enabled": false,"days": 0}}]' \

- --workspace "/subscriptions/$subscriptionId/resourcegroups/$resourceGroupName/providers/microsoft.operationalinsights/workspaces/$workspaceName"

-> [!NOTE]

-> We recommend setting the **logAnalyticsDestinationType** property to **Dedicated** for enabling resource specific tables.

-1. Create an HTTP `PUT` request.

- ```HTTP

- PUT

- https://management.azure.com/{resource-id}/providers/microsoft.insights/diagnosticSettings/service?api-version={api-version}

-1. Use these headers with the request.

- | Parameters/Headers | Value/Description |

- | | |

- | **name** | The name of your diagnostic setting. |

- | **resourceUri** | Microsoft Insights subresource URI for Azure Cosmos DB account. |

- | **api-version** | `2017-05-01-preview` |

- | **Content-Type** | `application/json` |

- > [!NOTE]

- > The URI for the Microsoft Insights subresource is in this format: `subscriptions/{SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.DocumentDb/databaseAccounts/{ACCOUNT_NAME}/providers/microsoft.insights/diagnosticSettings/{DIAGNOSTIC_SETTING_NAME}`. For more information about Azure Cosmos DB resource URIs, see [resource URI syntax for Azure Cosmos DB REST API](/rest/api/cosmos-db/cosmosdb-resource-uri-syntax-for-rest).

-1. Set the body of the request to this JSON payload.

- ```json

- {

- "id": "/subscriptions/{SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.DocumentDb/databaseAccounts/{ACCOUNT_NAME}/providers/microsoft.insights/diagnosticSettings/{DIAGNOSTIC_SETTING_NAME}",

- "type": "Microsoft.Insights/diagnosticSettings",

- "name": "name",

- "location": null,

- "kind": null,

- "tags": null,

- "properties": {

- "storageAccountId": null,

- "serviceBusRuleId": null,

- "workspaceId": "/subscriptions/{SUBSCRIPTION_ID}/resourcegroups/{RESOURCE_GROUP}/providers/microsoft.operationalinsights/workspaces/{WORKSPACE_NAME}",

- "eventHubAuthorizationRuleId": null,

- "eventHubName": null,

- "logs": [

- {

- "category": "DataPlaneRequests",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "enabled": false,

- "days": 0

- }

- },

- {

- "category": "QueryRuntimeStatistics",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "enabled": false,

- "days": 0

- }

- },

- {

- "category": "PartitionKeyStatistics",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "enabled": false,

- "days": 0

- }

- },

- {

- "category": "PartitionKeyRUConsumption",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "enabled": false,

- "days": 0

- }

- },

- {

- "category": "ControlPlaneRequests",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "enabled": false,

- "days": 0

- }

- }

- ],

- "logAnalyticsDestinationType": "Dedicated"

- },

- "identity": null

-Here, use an [Azure Resource Manager (ARM) template](../azure-resource-manager/templates/index.yml) to create a diagnostic setting.

-> [!NOTE]

-> Set the **logAnalyticsDestinationType** property to **Dedicated** to enable resource-specific tables.

-1. Create the following JSON template file to deploy diagnostic settings for your Azure Cosmos DB resource.

- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

- "settingName": {

- "type": "string",

- "metadata": {

- "description": "The name of the diagnostic setting."

- }

- },

- "dbName": {

- "type": "string",

- "metadata": {

- "description": "The name of the database."

- }

- },

- "workspaceId": {

- "description": "The resource Id of the workspace."

- "storageAccountId": {

- "description": "The resource Id of the storage account."

- "eventHubAuthorizationRuleId": {

- "description": "The resource Id of the event hub authorization rule."

- }

- },

- "eventHubName": {

- "type": "string",

- "metadata": {

- "description": "The name of the event hub."

- "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('dbName'))]",

- "name": "[parameters('settingName')]",

- "workspaceId": "[parameters('workspaceId')]",

- "storageAccountId": "[parameters('storageAccountId')]",

- "eventHubAuthorizationRuleId": "[parameters('eventHubAuthorizationRuleId')]",

- "eventHubName": "[parameters('eventHubName')]",

- "logAnalyticsDestinationType": "[parameters('logAnalyticsDestinationType')]",

- {

- "category": "DataPlaneRequests",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "MongoRequests",

- "categoryGroup": null,

- "enabled": false,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "PartitionKeyStatistics",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "PartitionKeyRUConsumption",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "ControlPlaneRequests",

- "categoryGroup": null,

- "enabled": true,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "CassandraRequests",

- "categoryGroup": null,

- "enabled": false,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "GremlinRequests",

- "categoryGroup": null,

- "enabled": false,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- },

- {

- "category": "TableApiRequests",

- "categoryGroup": null,

- "enabled": false,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- }

- }

- ],

- "metrics": [

- {

- "timeGrain": null,

- "enabled": false,

- "retentionPolicy": {

- "days": 0,

- "enabled": false

- },

- "category": "Requests"

-1. Create the following JSON parameter file with settings appropriate for your Azure Cosmos DB resource.

- ```json

- {

- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",

- "contentVersion": "1.0.0.0",

- "parameters": {

- "settingName": {

- "value": "{DIAGNOSTIC_SETTING_NAME}"

- },

- "dbName": {

- "value": "{ACCOUNT_NAME}"

- },

- "workspaceId": {

- "value": "/subscriptions/{SUBSCRIPTION_ID}/resourcegroups/{RESOURCE_GROUP}/providers/microsoft.operationalinsights/workspaces/{WORKSPACE_NAME}"

- },

- "storageAccountId": {

- "value": "/subscriptions/{SUBSCRIPTION_ID}/resourceGroups/{RESOURCE_GROUP}/providers/Microsoft.Storage/storageAccounts/{STORAGE_ACCOUNT_NAME}"

- },

- "eventHubAuthorizationRuleId": {

- "value": "/subscriptions/{SUBSCRIPTION_ID}/resourcegroups{RESOURCE_GROUP}/providers/Microsoft.EventHub/namespaces/{EVENTHUB_NAMESPACE}/authorizationrules/{EVENTHUB_POLICY_NAME}"

- },

- "eventHubName": {

- "value": "{EVENTHUB_NAME}"

- },

- "logAnalyticsDestinationType": {

- "value": "Dedicated"

- }

- }

- }

- ```

- ```azurecli

- --resource-group <resource-group-name> \

- --template-file <path-to-template>.json \

- --parameters @<parameters-file-name>.json

-> [!NOTE]

-> Enabling this feature may result in additional logging costs, for pricing details visit [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor/). It is recommended to disable this feature after troubleshooting.

-Azure Cosmos DB provides advanced logging for detailed troubleshooting. By enabling full-text query, you're able to view the deobfuscated query for all requests within your Azure Cosmos DB account. You also give permission for Azure Cosmos DB to access and surface this data in your logs.

-1. To enable this feature, navigate to the `Features` page in your Azure Cosmos DB account.

- :::image type="content" source="media/monitor/full-text-query-features.png" lightbox="media/monitor/full-text-query-features.png" alt-text="Screenshot of the navigation process to the Features page.":::

-2. Select `Enable`. This setting is applied within a few minutes. All newly ingested logs have the full-text or PIICommand text for each request.

- :::image type="content" source="media/monitor/select-enable-full-text.png" alt-text="Screenshot of the full-text feature being enabled.":::

-### [Azure CLI / REST API / ARM template](#tab/azure-cli+rest-api+azure-resource-manager-template)

-1. Ensure you're logged in to the Azure CLI. For more information, see [sign in with Azure CLI](/cli/azure/authenticate-azure-cli). Optionally, ensure that you've configured the active subscription for your CLI. For more information, see [change the active Azure CLI subscription](/cli/azure/manage-azure-subscriptions-azure-cli#change-the-active-subscription).

-1. Create shell variables for `accountName` and `resourceGroupName`.

- ```azurecli

- # Variable for resource group name

- resourceGroupName="<resource-group-name>"

-

- # Variable for account name

- accountName="<account-name>"

- ```

-1. Get the unique identifier for your existing account using [`az show`](/cli/azure/cosmosdb#az-cosmosdb-show).

- ```azurecli

- az cosmosdb show \

- --resource-group $resourceGroupName \

- --name $accountName \

- --query id

- ```

- Store the unique identifier in a shell variable named `$uri`.

- ```azurecli

- uri=$(

- az cosmosdb show \

- --resource-group $resourceGroupName \

- --name $accountName \

- --query id \

- --output tsv

- )

- ```

-1. Query the resource using the REST API and [`az rest`](/cli/azure/reference-index#az-rest) with an HTTP `GET` verb to check if full-text query is already enabled.

- ```azurecli

- az rest \

- --method GET \

- --uri "https://management.azure.com/$uri/?api-version=2021-05-01-preview" \

- --query "{accountName:name,fullTextQuery:{state:properties.diagnosticLogSettings.enableFullTextQuery}}"

- ```

- If full-text query isn't enabled, the output would be similar to this example.

- ```json

- {

- "accountName": "<account-name>",

- "fullTextQuery": {

- "state": "None"

- }

- }

- ```

-1. If full-text query isn't already enabled, enable it using `az rest` again with an HTTP `PATCH` verb and a JSON payload.

- ```azurecli

- --method PATCH \

- --uri "https://management.azure.com/$uri/?api-version=2021-05-01-preview" \

- --body '{"properties": {"diagnosticLogSettings": {"enableFullTextQuery": "True"}}}'

- > [!NOTE]

- > If you are using Azure CLI within a PowerShell prompt, you will need to escape the double-quotes using a backslash (`\`) character.

-1. Wait a few minutes for the operation to complete. Check the status of full-text query by using `az rest` again.

- ```azurecli

- --method GET \

- --uri "https://management.azure.com/$uri/?api-version=2021-05-01-preview" \

- --query "{accountName:name,fullTextQuery:{state:properties.diagnosticLogSettings.enableFullTextQuery}}"

- "fullTextQuery": {

- "state": "True"

- }

-## Query data

-To learn how to query using these newly enabled features, see:

-## Next steps

-> [!div class="nextstepaction"]

-> [Monitoring Azure Cosmos DB data reference](monitor-reference.md#resource-logs)