-It's possible to use the Azure AD user provisioning service to provision B2B (or guest) users in Azure AD to SaaS applications.

-> The userPrincipalName for a guest user is often displayed as "alias#EXT#@domain.com". When the userPrincipalName is included in your attribute mappings as a source attribute, the #EXT# is stripped from the userPrincipalName. If you require the #EXT# to be present, replace userPrincipalName with originalUserPrincipalName as the source attribute.

-userPrincipalName = alias@domain.com

-originalUserPrincipalName = alias#EXT#@domain.com

-|| Cloud app discovery (Microsoft Cloud App Security) | ✅ |

- The following PowerShell script uses the `$dbusers`, `$db_match_column_name`, and `$azuread_match_attr_name` values specified earlier. It will query Azure AD to locate a user that has a matching value for each record in the source file. If there are many users in the database, this script might take several minutes to finish.

- $ul = @(Get-MgUser -Filter $filter -All -ErrorAction Stop)

- Write-Error "Unable to locate $dbu_match_ambiguous_count records in Azure AD."

- if ($dbu_not_queried_count -ne 0 -or $dbu_not_matched_count -ne 0 -or $dbu_match_ambiguous_count -ne 0 -or $dbu_query_failed_count -ne 0) {

-1. If there were users who couldn't be located in Azure AD, but you want to have their access reviewed or their attributes updated in the database, you need to create Azure AD users for them. You can create users in bulk by using either:

- $ul = @(Get-MgUser -Filter $filter -All -ErrorAction Stop)

- Write-Error "Unable to locate $dbu_match_ambiguous_count records in Azure AD."

- if ($dbu_not_queried_count -ne 0 -or $dbu_not_matched_count -ne 0 -or $dbu_match_ambiguous_count -ne 0 -or $dbu_query_failed_count -ne 0) {

-> | [Cloud App Security Administrator](#cloud-app-security-administrator) | Can manage all aspects of the Cloud App Security product. | 892c5842-a9a6-463a-8041-72aa08ca3cf6 |

-Users with this role have full permissions in Cloud App Security. They can add administrators, add Microsoft Cloud App Security (MCAS) policies and settings, upload logs, and perform governance actions.

-> | microsoft.directory/cloudAppSecurity/allProperties/allTasks | Create and delete all resources, and read and update standard properties in Microsoft Cloud App Security |

-> | microsoft.directory/cloudAppSecurity/allProperties/allTasks | Create and delete all resources, and read and update standard properties in Microsoft Cloud App Security |

-> | microsoft.directory/cloudAppSecurity/allProperties/allTasks | Create and delete all resources, and read and update standard properties in Microsoft Cloud App Security |

-> | microsoft.directory/cloudAppSecurity/allProperties/read | Read all properties for Cloud app security |

-| [GraphQL APIs](graphql-api.md) | Yes | Yes | Yes | Yes | Yes |

-| [GraphQL resolvers (preview)](graphql-schema-resolve-api.md) | Yes | Yes | Yes | Yes | Yes |

-⁴The following policies aren't available in the Consumption tier: rate limit by key and quota by key.

-To use the Azure Monitor Dependency agent extension, the following sample is provided to run on Windows and Linux. If you are unfamiliar with the Dependency agent, see [Overview of Azure Monitor agents](../../azure-monitor/agents/agents-overview.md#dependency-agent).

-To reboot one or more nodes of your cache, select the nodes and select **Reboot**. If you have a premium cache with clustering enabled, select the shards to reboot and then select **Reboot**. After a few minutes, the selected nodes reboot, and are back online a few minutes later.

-Only Redis server updates are made during the scheduled maintenance window. The maintenance window doesn't apply to Azure updates or updates to the VM operating system.

-> Azure Cache for Redis supports both classic deployment model and Azure Resource Manager virtual networks.

-You can mount existing Azure Files shares to your Linux function apps. By mounting a share to your Linux function app, you can leverage existing machine learning models or other data in your functions. You can use the [`az webapp config storage-account add`](/cli/azure/webapp/config/storage-account#az-webapp-config-storage-account-add) command to mount an existing share to your Linux function app.

-| | Azure Monitor agent | Diagnostics<br>extension (WAD) | Log Analytics<br>agent | Dependency<br>agent |

-|:|:-|:|:|:|

-| **Environments supported** | Azure<br><br>Other cloud (Azure Arc)<br><br>On-premises (Azure Arc)<br><br>[Windows Client OS (preview)](./azure-monitor-agent-windows-client.md) | Azure | Azure<br><br>Other cloud<br><br>On-premises | Azure<br><br>Other cloud<br><br>On-premises |

-| **Agent requirements** | None | None | None | Requires Log Analytics agent |

-| **Data collected** | Event logs<br><br>Performance<br><br>File-based logs (preview)<br> | Event logs<br><br>ETW events<br><br>Performance<br><br>File-based logs<br><br>IIS logs<br><br>.NET app logs<br><br>Crash dumps<br><br>Agent diagnostics logs | Event logs<br><br>Performance<br><br>File-based logs<br><br>IIS logs<br><br>Insights and solutions<br><br>Other services | Process dependencies<br><br>Network connection metrics |

-| **Data sent to** | Azure Monitor Logs<br><br>Azure Monitor Metrics¹ | Azure Storage<br><br>Azure Monitor Metrics<br><br>Event hub | Azure Monitor Logs | Azure Monitor Logs<br>(through Log Analytics agent) |

-| **Services and**<br>**features**<br>**supported** | Log Analytics<br><br>Metrics Explorer<br><br>Microsoft Sentinel ([view scope](./azure-monitor-agent-overview.md#supported-services-and-features)) | Metrics Explorer | VM insights<br><br>Log Analytics<br><br>Azure Automation<br><br>Microsoft Defender for Cloud<br><br>Microsoft Sentinel | VM insights<br><br>Service Map |

-| | Azure Monitor agent | Diagnostics<br>extension (LAD) | Telegraf<br>agent | Log Analytics<br>agent | Dependency<br>agent |

-|:|:-|:|:|:|:|

-| **Environments supported** | Azure<br><br>Other cloud (Azure Arc)<br><br>On-premises (Azure Arc) | Azure | Azure<br><br>Other cloud<br><br>On-premises | Azure<br><br>Other cloud<br><br>On-premises | Azure<br><br>Other cloud<br><br>On-premises |

-| **Agent requirements** | None | None | None | None | Requires Log Analytics agent |

-| **Data collected** | Syslog<br><br>Performance<br><br>File-based logs (preview)<br> | Syslog<br><br>Performance | Performance | Syslog<br><br>Performance| Process dependencies<br><br>Network connection metrics |

-| **Data sent to** | Azure Monitor Logs<br><br>Azure Monitor Metrics¹ | Azure Storage<br><br>Event hub | Azure Monitor Metrics | Azure Monitor Logs | Azure Monitor Logs<br>(through Log Analytics agent) |

-| **Services and**<br>**features**<br>**supported** | Log Analytics<br><br>Metrics Explorer<br><br>Microsoft Sentinel ([view scope](./azure-monitor-agent-overview.md#supported-services-and-features)) | | Metrics Explorer | VM insights<br><br>Log Analytics<br><br>Azure Automation<br><br>Microsoft Defender for Cloud<br><br>Microsoft Sentinel | VM insights<br><br>Service Map |

-## Dependency agent

-The Dependency agent collects discovered data about processes running on the machine and external process dependencies.

-Use the Dependency agent if you need to:

-* Use the Map feature [VM insights](../vm/vminsights-overview.md) or the [Service Map](../vm/service-map.md) solution.

-Consider the following factors when you use the Dependency agent:

-The [Azure Monitor agent](./azure-monitor-agent-manage.md#virtual-machine-extension-details) is only available as a virtual machine extension. The Log Analytics extension for [Windows](../../virtual-machines/extensions/oms-windows.md) and [Linux](../../virtual-machines/extensions/oms-linux.md) installs the Log Analytics agent on Azure virtual machines. The Azure Monitor Dependency extension for [Windows](../../virtual-machines/extensions/agent-dependency-windows.md) and [Linux](../../virtual-machines/extensions/agent-dependency-linux.md) installs the Dependency agent on Azure virtual machines. These are the same agents previously described, but they allow you to manage them through [virtual machine extensions](../../virtual-machines/extensions/overview.md). You should use extensions to install and manage the agents whenever possible.

-| Operating system | Azure Monitor agent | Log Analytics agent | Dependency agent | Diagnostics extension |

-| Windows Server 2022 | X | | | |

-| Windows Server 2022 Core | X | | | |

-| Windows Server 2019 | X | X | X | X |

-| Windows Server 2019 Core | X | | | |

-| Windows Server 2016 | X | X | X | X |

-| Windows Server 2016 Core | X | | | X |

-| Windows Server 2012 R2 | X | X | X | X |

-| Windows Server 2012 | X | X | X | X |

-| Windows Server 2008 R2 SP1 | X | X | X | X |

-| Windows Server 2008 R2 | | | | X |

-| Windows Server 2008 SP2 | | X | | |

-| Windows 11 client OS | X² | | | |

-| Windows 10 1803 (RS4) and higher | X² | | | |

-| Windows 10 Enterprise<br>(including multi-session) and Pro<br>(Server scenarios only¹) | X | X | X | X |

-| Windows 8 Enterprise and Pro<br>(Server scenarios only¹) | | X | X | |

-| Windows 7 SP1<br>(Server scenarios only¹) | | X | X | |

-| Azure Stack HCI | | X | | |

-> [!NOTE]

-> For Dependency agent, check for supported kernel versions. For more information, see the "Dependency agent Linux kernel support" table.

-| Operating system | Azure Monitor agent ¹ | Log Analytics agent ¹ | Dependency agent | Diagnostics extension |

-| AlmaLinux | X | X | | |

-| Amazon Linux 2017.09 | | X | | |

-| Amazon Linux 2 | | X | | |

-| CentOS Linux 8 | X ² | X | X | |

-| CentOS Linux 7 | X | X | X | X |

-| CentOS Linux 6 | | X | | |

-| CentOS Linux 6.5+ | | X | X | X |

-| Debian 11 ¹ | X | | | |

-| Debian 10 ¹ | X | | | |

-| Debian 9 | X | X | X | X |

-| Debian 8 | | X | X | |

-| Debian 7 | | | | X |

-| OpenSUSE 13.1+ | | | | X |

-| Oracle Linux 8 | X ² | X | | |

-| Oracle Linux 7 | X | X | | X |

-| Oracle Linux 6 | | X | | |

-| Oracle Linux 6.4+ | | X | | X |

-| Red Hat Enterprise Linux Server 8.5, 8.6 | X | X | | |

-| Red Hat Enterprise Linux Server 8, 8.1, 8.2, 8.3, 8.4 | X ² | X | X | |

-| Red Hat Enterprise Linux Server 7 | X | X | X | X |

-| Red Hat Enterprise Linux Server 6 | | X | X | |

-| Red Hat Enterprise Linux Server 6.7+ | | X | X | X |

-| Rocky Linux | X | X | | |

-| SUSE Linux Enterprise Server 15.2 | X ² | | | |

-| SUSE Linux Enterprise Server 15.1 | X ² | X | | |

-| SUSE Linux Enterprise Server 15 SP1 | X | X | X | |

-| SUSE Linux Enterprise Server 15 | X | X | X | |

-| SUSE Linux Enterprise Server 12 SP5 | X | X | X | X |

-| SUSE Linux Enterprise Server 12 | X | X | X | X |

-| Ubuntu 22.04 LTS | X | | | |

-| Ubuntu 20.04 LTS | X | X | X | X ³ |

-| Ubuntu 18.04 LTS | X | X | X | X |

-| Ubuntu 16.04 LTS | X | X | X | X |

-| Ubuntu 14.04 LTS | | X | | X |

-#### Dependency agent Linux kernel support

-Because the Dependency agent works at the kernel level, support is also dependent on the kernel version. As of Dependency agent version 9.10.*, the agent supports * kernels. The following table lists the major and minor Linux OS release and supported kernel versions for the Dependency agent.

-| Distribution | OS version | Kernel version |

-|:|:|:|

-| Red Hat Linux 8 | 8.5 | 4.18.0-348.\*el8_5.x86_644.18.0-348.\*el8.x86_64 |

-| | 8.4 | 4.18.0-305.\*el8.x86_64, 4.18.0-305.\*el8_4.x86_64 |

-| | 8.3 | 4.18.0-240.\*el8_3.x86_64 |

-| | 8.2 | 4.18.0-193.\*el8_2.x86_64 |

-| | 8.1 | 4.18.0-147.\*el8_1.x86_64 |

-| | 8.0 | 4.18.0-80.\*el8.x86_64<br>4.18.0-80.\*el8_0.x86_64 |

-| Red Hat Linux 7 | 7.9 | 3.10.0-1160 |

-| | 7.8 | 3.10.0-1136 |

-| | 7.7 | 3.10.0-1062 |

-| | 7.6 | 3.10.0-957 |

-| | 7.5 | 3.10.0-862 |

-| | 7.4 | 3.10.0-693 |

-| Red Hat Linux 6 | 6.10 | 2.6.32-754 |

-| | 6.9 | 2.6.32-696 |

-| CentOS Linux 8 | 8.5 | 4.18.0-348.\*el8_5.x86_644.18.0-348.\*el8.x86_64 |

-| | 8.4 | 4.18.0-305.\*el8.x86_64, 4.18.0-305.\*el8_4.x86_64 |

-| | 8.3 | 4.18.0-240.\*el8_3.x86_64 |

-| | 8.2 | 4.18.0-193.\*el8_2.x86_64 |

-| | 8.1 | 4.18.0-147.\*el8_1.x86_64 |

-| | 8.0 | 4.18.0-80.\*el8.x86_64<br>4.18.0-80.\*el8_0.x86_64 |

-| CentOS Linux 7 | 7.9 | 3.10.0-1160 |

-| | 7.8 | 3.10.0-1136 |

-| | 7.7 | 3.10.0-1062 |

-| CentOS Linux 6 | 6.10 | 2.6.32-754.3.5<br>2.6.32-696.30.1 |

-| | 6.9 | 2.6.32-696.30.1<br>2.6.32-696.18.7 |

-| Ubuntu Server | 20.04 | 5.8<br>5.4\* |

-| | 18.04 | 5.3.0-1020<br>5.0 (includes Azure-tuned kernel)<br>4.18*<br>4.15* |

-| | 16.04.3 | 4.15.\* |

-| | 16.04 | 4.13.\*<br>4.11.\*<br>4.10.\*<br>4.8.\*<br>4.4.\* |

-| SUSE Linux 12 Enterprise Server | 12 SP5 | 4.12.14-122.\*-default, 4.12.14-16.\*-azure|

-| | 12 SP4 | 4.12.\* (includes Azure-tuned kernel) |

-| | 12 SP3 | 4.4.\* |

-| | 12 SP2 | 4.4.\* |

-| SUSE Linux 15 Enterprise Server | 15 SP1 | 4.12.14-197.\*-default, 4.12.14-8.\*-azure |

-| | 15 | 4.12.14-150.\*-default |

-| Debian | 9 | 4.9 |

- "convertRuleTag": "hidden-link:/subscriptions/1234-56789-1234-567a/resourceGroups/resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName",

- "tags": {

- "[variables('convertRuleTag')]": "Resource"

- },

- "convertRuleTag": "hidden-link:/subscriptions/1234-56789-1234-567a/resourceGroups/resourceGroupName/providers/Microsoft.OperationalInsights/workspaces/workspaceName",

- "tags": {

- "[variables('convertRuleTag')]": "Resource"

- },

-Download the [applicationinsights-agent-3.3.0.jar](https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.3.0/applicationinsights-agent-3.3.0.jar) file.

-> If you're upgrading from 3.2.x to 3.3.0:

-> - Starting from 3.3.0, `LoggingLevel` is not captured by default as part of Traces' custom dimension since that data is already captured in the `SeverityLevel` field. For details on how to re-enable this if needed, please see the [config options](./java-standalone-config.md#logginglevel)

-Add `-javaagent:"path/to/applicationinsights-agent-3.3.0.jar"` to your application's JVM args.

- - Or you can create a configuration file named `applicationinsights.json`. Place it in the same directory as `applicationinsights-agent-3.3.0.jar` with the following content:

-Add the JVM arg `-javaagent:"path/to/applicationinsights-agent-3.3.0.jar"` somewhere before `-jar`, for example:

-java -javaagent:"path/to/applicationinsights-agent-3.3.0.jar" -jar <myapp.jar>

-If you're using the *exec* form, add the parameter `-javaagent:"path/to/applicationinsights-agent-3.3.0.jar"` to the parameter list somewhere before the `"-jar"` parameter, for example:

-ENTRYPOINT ["java", "-javaagent:path/to/applicationinsights-agent-3.3.0.jar", "-jar", "<myapp.jar>"]

-If you're using the *shell* form, add the JVM arg `-javaagent:"path/to/applicationinsights-agent-3.3.0.jar"` somewhere before `-jar`, for example:

-ENTRYPOINT java -javaagent:"path/to/applicationinsights-agent-3.3.0.jar" -jar <myapp.jar>

- <version>3.3.0</version>

-JAVA_OPTS="$JAVA_OPTS -javaagent:path/to/applicationinsights-agent-3.3.0.jar"

-CATALINA_OPTS="$CATALINA_OPTS -javaagent:path/to/applicationinsights-agent-3.3.0.jar"

-If the file `<tomcat>/bin/setenv.sh` already exists, then modify that file and add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to `CATALINA_OPTS`.

-set CATALINA_OPTS=%CATALINA_OPTS% -javaagent:path/to/applicationinsights-agent-3.3.0.jar

-set "CATALINA_OPTS=%CATALINA_OPTS% -javaagent:path/to/applicationinsights-agent-3.3.0.jar"

-If the file `<tomcat>/bin/setenv.bat` already exists, just modify that file and add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to `CATALINA_OPTS`.

-Locate the file `<tomcat>/bin/tomcat8w.exe`. Run that executable and add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to the `Java Options` under the `Java` tab.

-Add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to the existing `JAVA_OPTS` environment variable in the file `JBOSS_HOME/bin/standalone.conf` (Linux) or `JBOSS_HOME/bin/standalone.conf.bat` (Windows):

- JAVA_OPTS="-javaagent:path/to/applicationinsights-agent-3.3.0.jar -Xms1303m -Xmx1303m ..."

-Add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to the existing `jvm-options` in `JBOSS_HOME/domain/configuration/host.xml`:

- <option value="-javaagent:path/to/applicationinsights-agent-3.3.0.jar"/>

-Add `-javaagent:path/to/applicationinsights-agent-3.3.0.jar` to the existing `jvm-options` in `glassfish/domains/domain1/config/domain.xml`:

- -javaagent:path/to/applicationinsights-agent-3.3.0.jar>

-By default, Application Insights Java 3.x expects the configuration file to be named `applicationinsights.json`, and to be located in the same directory as `applicationinsights-agent-3.3.0.jar`.

-If you specify a relative path, it will be resolved relative to the directory where `applicationinsights-agent-3.3.0.jar` is located.

-If you specify a relative path, it will be resolved relative to the directory where `applicationinsights-agent-3.3.0.jar` is located.

-This feature is in preview, starting from 3.3.0.

-Starting from version 3.3.0, `LoggingLevel` is not captured by default as part of Traces' custom dimension since that data is aleady captured in the `SeverityLevel` field.

-Starting from version 3.3.0, you can capture request and response headers on your server (request) telemetry:

-Starting from version 3.3.0, you can change this behavior to capture them as success if you prefer:

-> Vertx HTTP Library instrumentation is available starting from version 3.3.0

-longer network or ingestion service outages, you can increase this limit starting from version 3.3.0:

-`applicationinsights-agent-3.3.0.jar` is located.

-# How to upgrade the VM insights Dependency agent

-After initial deployment of the VM insights Dependency agent, updates are released that include bug fixes or support of new features or functionality. This article helps you understand the methods available and how to perform the upgrade manually or through automation.

-## Upgrade options

-The Dependency agent for Windows and Linux can be upgraded to the latest release manually or automatically depending on the deployment scenario and environment the machine is running in. The following methods can be used to upgrade the agent.

-## Upgrade Windows agent

-To update the agent on a Windows VM to the latest version not installed using the Dependency agent VM extension, you either run from the Command Prompt, script or other automation solution, or by using the InstallDependencyAgent-Windows.exe Setup Wizard.

-You can download the latest version of the Windows agent from [here](https://aka.ms/dependencyagentwindows).

-### Using the Setup Wizard

-### From the command line

-## Upgrade Linux agent

-If you want to stop monitoring your VMs for a period of time or remove VM insights entirely, see [Disable monitoring of your VMs in VM insights](../vm/vminsights-optout.md).

-For example, imagine you have one Azure Web PubSub service instance with 5 units, scale up to 10 units from 10:00 AM to 16:00 PM and then scale back to 5 units after 16:00 PM. It turns out 5 units for 18 hours and 10 units for 6 hours in a specific day.

-> Usage of the units for billing = (5 units * 18 hours + 10 units * 6 hours) / 24 hours = 6.25 Unit/Day

-For billing, only the outbound traffic is counted.

-For example, imagine you have an application with Azure Web PubSub service and Azure Functions. One user broadcast 4 KB data to 10 connections in a group. It turns out 4 KB for upstream from service to function and 40 KB from service broadcast to 10 connections.

-The Azure Web PubSub service also offers daily free quota of outbound traffic (message count) based on the usage of the units. The outbound traffic (message count) beyond the free quota is the additional outbound traffic (additional messages). Taking standard tier as example, the free quota is 2,000,000-KB outbound traffic (1,000,000 messages) per unit/day.

-Using the previous unit usage example, the application use 6.25 units per day that ensures the daily free quota as 12,500,000-KB outbound traffic (6.25 million messages). Imaging the daily outbound traffic is 30,000,000 KB (15 million messages), the additional messages will be 17,500,000-KB outbound traffic (8.75 million messages). As a result, you'll be billed with 6.25 standard units and 8.75 additional message units for the day.

-The Azure Web PubSub service offers multiple tiers with different pricing. Once you understand how the number of units and size of outbound traffic (message count) are counted with billing model, you could learn more pricing details from [Azure Web PubSub service pricing](https://azure.microsoft.com/pricing/details/web-pubsub).

-description: Learn how to get and troubleshoot with resource logs

-This how-to guide shows you the options to get the resource logs and how to troubleshoot with them.

-## What's the resource logs?

-The resource logs provide richer view of connectivity, messaging and HTTP request information to the Azure Web PubSub service instance. They can be used for issue identification, connection tracking, message tracing, HTTP request tracing and analysis.

-There are three types of logs: connectivity log, messaging log and HTTP request logs.

-### Connectivity logs

-Connectivity logs provide detailed information for Azure Web PubSub hub connections. For example, basic information (user ID, connection ID, and so on) and event information (connect, disconnect, and abort event, and so on). That's why the connectivity log is helpful to troubleshoot connection-related issues.

-### Messaging logs

-Messaging logs provide tracing information for the Azure Web PubSub hub messages received and sent via Azure Web PubSub service. For example, tracing ID and message type of the message. Typically the message is recorded when it arrives at or leaves from service. So messaging logs are helpful for troubleshooting message-related issues.

-### HTTP request logs

-Http request logs provide tracing information for HTTP requests to the Azure Web PubSub service. For example, HTTP method and status code. Typically the HTTP request is recorded when it arrives at or leave from service. So HTTP request logs are helpful for troubleshooting request-related issues.

-## Capture resource logs with live trace tool

-The Azure Web PubSub service live trace tool has ability to collect resource logs in real time, and is helpful to trace with customer's development environment. The live trace tool could capture connectivity logs, messaging logs and HTTP request logs.

-> [!NOTE]

-> The real-time resource logs captured by live trace tool will be billed as messages (outbound traffic).

-> The Azure Web PubSub service instance created as free tier has the daily limit of messages (outbound traffic).

-1. Go to the Azure portal.

-2. On the **Live trace settings** page of your Azure Web PubSub service instance, check **Enable Live Trace** if it's disabled.

-3. Check any log category you need.

-4. Click **Save** button and wait until the settings take effect.

-5. Click *Open Live Trace Tool*

-> Azure Active Directory access to live trace tool is not yet supported, please enable `Access Key` in `Keys` menu.

-The live trace tool provides some fundamental functionalities to help you capture the resource logs for troubleshooting.

-* **Capture**: Begin to capture the real-time resource logs from Azure Web PubSub instance with live trace tool.

-* **Log filter**: The live trace tool allows you filtering the captured real-time resource logs with one specific key word. The common separator (for example, space, comma, semicolon, and so on) will be treated as part of the key word.

-| Log Level | Log event level (Trace/Debug/Informational/Warning/Error) |

-| Message | Detailed message of log event |

-| Hub | User-defined Hub Name |

-| User ID | Identity of the user |

-| IP | The IP address of client |

-| Duration | The duration between the request is received and processed |

-After the Azure Web PubSub service is GA, the live trace tool will also support to export the logs as a specific format and then help you share with others for troubleshooting.

-Currently Azure Web PubSub supports integrate with [Azure Storage](../azure-monitor/essentials/resource-logs.md#send-to-azure-storage).

-2. On **Diagnostic settings** page of your Azure Web PubSub service instance, click **+ Add diagnostic setting** link.

-3. In **Diagnostic setting name**, input the setting name.

-4. In **Category details**, select any log category you need.

-5. In **Destination details**, check **Archive to a storage account**.

-6. Click **Save** button to save the diagnostic setting.

-> The storage account should be the same region to Azure Web PubSub service.

-### Archive to Azure Storage Account

-Logs are stored in the storage account that configured in **Diagnostics setting** pane. A container named `insights-logs-<CATEGORY_NAME>` is created automatically to store resource logs. Inside the container, logs are stored in the file `resourceId=/SUBSCRIPTIONS/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/RESOURCEGROUPS/XXXX/PROVIDERS/MICROSOFT.SIGNALRSERVICE/SIGNALR/XXX/y=YYYY/m=MM/d=DD/h=HH/m=00/PT1H.json`. Basically, the path is combined by `resource ID` and `Date Time`. The log files are split by `hour`. Therefore, the minutes always be `m=00`.

-callerIpAddress | IP address of your server/client

-Once you check `Send to Log Analytics`, and select target Azure Log Analytics, the logs will be stored in the target. To view resource logs, follow these steps:

-2. Enter `WebPubSubConnectivity`, `WebPubSubMessaging` or `WebPubSubHttpRequest` and select time range to query [connectivity log](#connectivity-logs), [messaging log](#messaging-logs) or [http request logs](#http-request-logs) correspondingly. For advanced query, see [Get started with Log Analytics in Azure Monitor](../azure-monitor/logs/log-analytics-tutorial.md)

-To use sample query for SignalR service, please follow the steps below:

-2. Select `Queries` to open query explorer.

-3. Select `Resource type` to group sample queries in resource type.

-4. Select `Run` to run the script.

-Archive log columns include elements listed in the following table:

-When finding connection unexpected growing or dropping situation, you can take advantage of resource logs to troubleshoot. Typical issues are often about connections' unexpected quantity changes, connections reach connection limits and authorization failure.

-### Unexpected connection number changes

-If a connection disconnects, the resource logs will record this disconnecting event with `ConnectionAborted` or `ConnectionEnded` in `operationName`.

-The difference between `ConnectionAborted` and `ConnectionEnded` is that `ConnectionEnded` is an expected disconnecting which is triggered by client or server side. While the `ConnectionAborted` is usually an unexpected connection dropping event, and aborting reason will be provided in `message`.

-#### Unexpected connection growing

-To troubleshoot about unexpected connection growing, the first thing you need to do is to filter out the extra connections. You can add unique test user ID to your test client connection. Then verify it in with resource logs, if you see more than one client connections have the same test user ID or IP, then it is likely the client side create and establish more connections than expectation. Check your client side.

-If you get 401 Unauthorized returned for client requests, check your resource logs. If you meet `Failed to validate audience. Expected Audiences: <valid audience>. Actual Audiences: <actual audience>`, it means all audiences in your access token are invalid. Try to use the valid audiences suggested in the log.

-If you find that you cannot establish client connections to Azure Web PubSub service, check your resource logs. If you meet `Connection count reaches limit` in resource log, you establish too many connections to Azure Web PubSub service, which reach the connection count limit. Consider scaling up your Azure Web PubSub service instance. If you meet `Message count reaches limit` in resource log, it means you use free tier, and you use up the quota of messages. If you want to send more messages, consider changing your Azure Web PubSub service instance to standard tier to send additional messages. For more information, see [Azure Web PubSub service Pricing](https://azure.microsoft.com/pricing/details/web-pubsub/).

-

-description: Provides an overview of all appliances available for use with Microsoft Defender for IoT OT sensors and on-premises management consoles.

-# OT monitoring appliance reference

-This article provides an overview of the OT monitoring appliances supported with Microsoft Defender for IoT.

-Each article provides details about the appliance and any extra software installation procedures required. For more information, see [Install OT system software](../how-to-install-software.md) and [Update Defender for IoT OT monitoring software](../update-ot-software.md).

-## Corporate environments

-The following OT monitoring appliances are available for corporate deployments:

-## Large enterprises

-The following OT monitoring appliances are available for large enterprise deployments:

-## Production line

-The following OT monitoring appliances are available for production line deployments:

-## Next steps

-For more information, see:

-## Pre-installation configuration

-Each appliance type comes with its own set of instructions that are required before installing Defender for IoT software.

-Make sure that you've completed the procedures as instructed in the **Reference > OT monitoring appliance** section of our documentation before installing Defender for IoT software.

-For more information, see:

-This procedure describes how to install OT sensor software on a physical or virtual appliance.

-> At the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.

-1. Select the installation language.

- :::image type="content" source="media/tutorial-install-components/language-select.png" alt-text="Screenshot of the sensor's language select screen.":::

-1. Select the sensor's architecture. For example:

- :::image type="content" source="media/tutorial-install-components/sensor-architecture.png" alt-text="Screenshot of the sensor's architecture select screen.":::

-1. The sensor will reboot, and the **Package configuration** screen will appear. Press the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.

-1. Select the monitor interface. For example:

-1. If one of the monitoring ports is for ERSPAN, select it. For example:

-1. Select the interface to be used as the management interface. For example:

-1. Enter the sensor's IP address. For example:

-1. Enter the path of the mounted logs folder. We recommend using the default path. For example:

-1. Enter the Subnet Mask IP address. For example:

-1. Enter the default gateway IP address.

-1. Enter the DNS Server IP address.

-1. Enter the sensor hostname. For example:

- :::image type="content" source="media/tutorial-install-components/sensor-hostname.png" alt-text="Screenshot of the screen where you enter a hostname for your sensor.":::

- The installation process runs.

-1. When the installation process completes, save the appliance ID, and passwords. Copy these credentials to a safe place as you'll need them to access the platform the first time you use it.

-For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device).

-Our OT monitoring appliance reference articles also include extra installation procedures in case you need to install software on your own appliances, or reinstall software on preconfigured appliances. For more information, see [OT monitoring appliance reference](appliance-catalog/appliance-catalog-overview.md).

- :::image type="content" source="./media/configure-firewall/networking-link.png" alt-text="Image showing the selection of Networking link at the bottom of the page. ":::

- :::image type="content" source="./media/configure-firewall/networking-page-public-access.png" alt-text="Image showing the selection of Public access option on the Networking page of the Create topic wizard. ":::

- :::image type="content" source="./media/configure-firewall/networking-page-private-access.png" alt-text="Image showing the selection of Private access option on the Networking page of the Create topic wizard. ":::

- :::image type="content" source="./media/custom-event-quickstart-portal/select-event-grid-topics.png" alt-text="Search for and select Event Grid Topics":::

-4. On the **Create Topic** page, follow these steps:

- :::image type="content" source="./media/custom-event-quickstart-portal/event-grid-topic-home-page.png" alt-text="Screenshot showing the Event Grid Topic home page":::

-On the **Advanced** tab of the topic or domain creation wizard, select **Enable system assigned identity**.

-1. On the **Advanced** page of the topic or domain creation wizard, select **Enable user-assigned identity**, and then select **Add user assigned identity**.

- :::image type="content" source="./media/managed-service-identity/create-page-add-user-assigned-identity-link.png" alt-text="Image showing the Enable user assigned identity option selected.":::

- :::image type="content" source="./media/managed-service-identity/user-assigned-identity-add-button.png" alt-text="Image showing the User Assigned Identity tab":::

-This tutorial walks you through the steps to add, resize, and remove a virtual network gateway for a pre-existing virtual network (VNet). The steps for this configuration apply to VNets that were created using the Resource Manager deployment model for an ExpressRoute configuration. For more information about virtual network gateways and gateway configuration settings for ExpressRoute, see [About virtual network gateways for ExpressRoute](expressroute-about-virtual-network-gateways.md).

-description: This tutorial helps you add VNet gateway to an already created Resource Manager VNet for ExpressRoute using Azure PowerShell.

-> * [Video - Azure portal](https://azure.microsoft.com/documentation/videos/azure-expressroute-how-to-create-a-vpn-gateway-for-your-virtual-network)

-This tutorial helps you add, resize, and remove a virtual network (VNet) gateway for a pre-existing VNet. The steps for this configuration apply to VNets that were created using the Resource Manager deployment model for an ExpressRoute configuration. For more information, see [About virtual network gateways for ExpressRoute](expressroute-about-virtual-network-gateways.md).

-1. Declare your variables for this exercise. Be sure to edit the sample to reflect the settings that you want to use.

- If you are using a dual stack virtual network and plan to use IPv6-based private peering over ExpressRoute, create a dual stack gateway subnet instead.

- If you plan to use IPv6-based private peering over ExpressRoute, please set the IP SKU to Standard and the AllocationMethod to Static:

-There are a number of [Gateway SKUs](expressroute-about-virtual-network-gateways.md). You can use the following command to change the Gateway SKU at any time.

-> [!IMPORTANT]

-> This command doesn't work for UltraPerformance gateway. To change your gateway to an UltraPerformance gateway, first remove the existing ExpressRoute gateway, and then create a new UltraPerformance gateway. To downgrade your gateway from an UltraPerformance gateway, first remove the UltraPerformance gateway, and then create a new gateway.

->

-> [Link a Virtual Network to an ExpressRoute circuit](expressroute-howto-linkvnet-arm.md)

- }

-## Kafka 2.4 is now generally available

-## Map Datatype in HWC is now supported in HDInsight 4.0

-## Deprecation notices

-### Azure Virtual Machine Scale Sets on HDInsight

-### Scaling of Azure HDInsight HBase workloads will now be supported only using manual scale

-description: This article explains how to display MedTech service Metrics

-# How to display MedTech service metrics

-In this article, you'll learn how to display MedTech service metrics in the Azure portal.

-## Display metrics

-1. Within your Azure Health Data Services workspace, select **MedTech service**.

- :::image type="content" source="media\iot-metrics\iot-workspace-displayed-with-connectors-button.png" alt-text="Screenshot of select the MedTech service button." lightbox="media\iot-metrics\iot-connectors-button.png":::

- :::image type="content" source="media\iot-metrics\iot-connector-select.png" alt-text="Screenshot of select MedTech service you would like to display metrics for." lightbox="media\iot-metrics\iot-connector-select.png":::

- :::image type="content" source="media\iot-metrics\iot-select-metrics.png" alt-text="Screenshot of Select the Metrics button." lightbox="media\iot-metrics\iot-metrics-button.png":::

-4. From the metrics page, you can create the metrics that you want to display for your MedTech service. For this example, we'll be choosing the following selections:

- * **Scope** = MedTech service name (**Default**)

- * **Metric Namespace** = Standard Metrics (**Default**)

- * **Metric** = MedTech service metrics you want to display. For this example, we'll choose **Number of Incoming Messages**.

- :::image type="content" source="media\iot-metrics\iot-select-metrics-to-display.png" alt-text="Screenshpt of select metrics to display." lightbox="media\iot-metrics\iot-metrics-selection-close-up.png":::

- :::image type="content" source="media\iot-metrics\iot-metrics-add-button.png" alt-text="Screenshot of select Add metric button to add more metrics." lightbox="media\iot-metrics\iot-add-metric-button.png":::

- > If you leave the metrics page, the metrics settings are lost and will have to be recreated. If you would like to save your MedTech service metrics for future viewing, you can pin them to an Azure dashboard as a tile.

-## Pinning metrics tile on Azure portal dashboard

-1. To pin the metrics tile to an Azure portal dashboard, select the **Pin to dashboard** button.

- :::image type="content" source="media\iot-metrics\iot-metrics-select-add-pin-to-dashboard.png" alt-text="Screenshot of select the Pin to dashboard button." lightbox="media\iot-metrics\iot-pin-to-dashboard-button.png":::

-2. Select the dashboard you would like to display MedTech service metrics on. For this example, we'll use a private dashboard named `MedTech service Metrics`. Select **Pin** to add the metrics tile to the dashboard.

- :::image type="content" source="media\iot-metrics\iot-select-pin-to-dashboard.png" alt-text="Screenshot of select dashboard and Pin button to complete the dashboard pinning process." lightbox="media\iot-metrics\iot-select-pin-to-dashboard.png":::

-3. You'll receive a confirmation that the metrics tile was successfully added to the dashboard.

- :::image type="content" source="media\iot-metrics\iot-select-dashboard-pinned-successful.png" alt-text="Screenshot of metrics tile successfully pinned to dashboard." lightbox="media\iot-metrics\iot-select-dashboard-pinned-successful.png":::

-4. Once you've received a successful confirmation, select **Dashboard**.

- :::image type="content" source="media\iot-metrics\iot-select-dashboard-with-metrics-tile.png" alt-text="Screenshot of select the Dashboard button." lightbox="media\iot-metrics\iot-dashboard-button.png":::

-5. Select the dashboard that you pinned the metrics tile to. For this example, the dashboard is **MedTech service Metrics**. The dashboard will display the MedTech service metrics tile that you created in the previous steps.

- :::image type="content" source="media\iot-metrics\iot-dashboard-with-metrics-tile-displayed.png" alt-text="Screenshot of dashboard with pinned MedTech service metrics tile." lightbox="media\iot-metrics\iot-dashboard-with-metrics-tile-displayed.png":::

-To learn how to export MedTech service metrics, see

->[Configure diagnostic setting for MedTech service metrics exporting](./iot-metrics-diagnostics-export.md)

-(FHIR&#174;) is a registered trademark of HL7 and is used with the permission of HL7.

-Agent | No need to install agents on machines you want to cross-check. | Agents to be installed on each on-premises machine that you want to analyze: The [Microsoft Monitoring agent (MMA)](../azure-monitor/agents/agent-windows.md), and the [Dependency agent](../azure-monitor/agents/agents-overview.md#dependency-agent).

-For agent-based analysis, Azure Migrate: Discovery and assessment uses the [Service Map](../azure-monitor/vm/service-map.md) solution in Azure Monitor. You install the [Microsoft Monitoring Agent/Log Analytics agent](../azure-monitor/agents/agents-overview.md#log-analytics-agent) and the [Dependency agent](../azure-monitor/agents/agents-overview.md#dependency-agent), on each server you want to analyze.

-**Required agents** | On each server you want to analyze, install the following agents:<br/><br/> The [Microsoft Monitoring agent (MMA)](../azure-monitor/agents/agent-windows.md).<br/> The [Dependency agent](../azure-monitor/agents/agents-overview.md#dependency-agent).<br/><br/> If on-premises servers aren't connected to the internet, you need to download and install Log Analytics gateway on them.<br/><br/> Learn more about installing the [Dependency agent](how-to-create-group-machine-dependencies.md#install-the-dependency-agent) and [MMA](how-to-create-group-machine-dependencies.md#install-the-mma).

-**Required agents** | On each server you want to analyze, install the following agents:<br/><br/> The [Microsoft Monitoring agent (MMA)](../azure-monitor/agents/agent-windows.md).<br/> The [Dependency agent](../azure-monitor/agents/agents-overview.md#dependency-agent).<br/><br/> If on-premises servers aren't connected to the internet, you need to download and install Log Analytics gateway on them.<br/><br/> Learn more about installing the [Dependency agent](how-to-create-group-machine-dependencies.md#install-the-dependency-agent) and [MMA](how-to-create-group-machine-dependencies.md#install-the-mma).

-**Required agents** | On each server that you want to analyze, install the following agents:<br />- [Microsoft Monitoring Agent (MMA)](../azure-monitor/agents/agent-windows.md)<br />- [Dependency agent](../azure-monitor/agents/agents-overview.md#dependency-agent)<br /><br /> If on-premises servers aren't connected to the internet, download and install the Log Analytics gateway on them.<br /><br /> Learn more about installing the [Dependency agent](how-to-create-group-machine-dependencies.md#install-the-dependency-agent) and the [MMA](how-to-create-group-machine-dependencies.md#install-the-mma).

-## Prepare a virtual machine (VM) to receive the downlinked AQUA data

-5. Edit the [Network Security Group](../virtual-network/network-security-groups-overview.md) for the subnet that your virtual machine is using to allow inbound connections from the following IPs over TCP port 56001:

- | IP Address | Enter the Public IP address of the virtual machine you created above (VM) |

-> In the section [Prepare a virtual machine (VM) to receive the downlinked AQUA data](downlink-aqua.md#prepare-a-virtual-machine-vm-to-receive-the-downlinked-aqua-data), use the following values:

-An Azure Orbital Ground station emits telemetry events that can be used to analyze the ground station operation during the contact. You can configure your contact profile to send such telemetry events to Azure Event Hubs. The steps below describe how to create Event Hubs and grant Azure Orbital access to send events to it.

-1. In your subscription, go to **Resource Provider** settings and register Microsoft.Orbital as a provider.  

-2. [Create Azure Event Hubs](../event-hubs/event-hubs-create.md) in your subscription.

-3. From the left menu, select **Access Control (IAM)**. Under **Grant Access to this Resource**, select **Add Role Assignment**.

-4. Select **Azure Event Hubs Data Sender**.  

-5. Assign access to '**User, group, or service principal**'.

-6. Click '**+ Select members**'. 

-7. Search for '**Azure Orbital Resource Provider**' and press **Select**. 

-8. Press **Review + Assign** to grant Azure Orbital the rights to send telemetry into your event hub.

-9. To confirm the newly added role assignment, go back to the Access Control (IAM) page and select **View access to this resource**.

-Congrats! Orbital can now communicate with your hub. 

-### Enable telemetry for a contact profile in the Azure portal 

-1. Go to **Contact Profile** resource, and click **Create**. 

-2. Choose a namespace using the **Event Hubs Namespace** dropdown. 

-3. Choose an instance using the **Event Hubs Instance** dropdown that appears after namespace selection. 

-### Test telemetry on a contact 

-1. Schedule a contact using the Contact Profile that you previously configured for Telemetry. 

-2. Once the contact begins, you should begin to see data in your Event Hubs soon after. 

-To verify that events are being received in your Event Hubs, you can check the graphs present on the Event Hubs namespace **Overview** page. The graphs show data across all Event Hubs instances within a namespace. You can navigate to the Overview page of a specific instance to see the graphs for that instance. 

-You can enable an Event Hubs [Capture feature](../event-hubs/event-hubs-capture-enable-through-portal.md) that will automatically deliver the telemetry data to an Azure Blob storage account of your choosing. 

-Once enabled, you can check your container and view or download the data. 

- 

-The Event Hubs documentation provides a great deal of guidance on how to write simple consumer apps to receive events from Event Hubs: 

-Other helpful resources: 

-In Cognitive Search, facets are one layer deep and cannot be hierarchical. If you aren't familiar with faceted navigation structured, the following example shows one on the left. Counts indicate the number of matches for each facet. The same document can be represented in multiple facets.

-As a best practice, check fields for null values, misspellings or case discrepancies, and single and plural versions of the same word. Filters and facets do not undergo lexical analysis or [spell check](speller-how-to-add.md), which means that all values of a "facetable" field are potential facets, even if the words differ by one character.

-If you are using one of the Azure SDKs, your code must specify all field attributes. In contrast, the REST API has defaults for field attributes based on the [data type](/rest/api/searchservice/supported-data-types). The following data types are "filterable" and "facetable" by default:

-You cannot use `Edm.GeographyPoint` or `Collection(Edm.GeographyPoint)` fields in faceted navigation. Facets work best on fields with low cardinality. Due to the resolution of geo-coordinates, it is rare that any two sets of coordinates will be equal in a given dataset. As such, facets are not supported for geo-coordinates. You would need a city or region field to facet by location.

-> [!Tip]

-For each faceted navigation tree, there is a default limit of 10 facets. This default makes sense for navigation structures because it keeps the values list to a manageable size. You can override the default by assigning a value to "count". For example, `"Tags,count:5"` reduces the number of tags under the Tags section to the top five.

-For Numeric and DateTime values only, you can explicitly set values on the facet field (for example, `facet=Rating,values:1|2|3|4|5`) to separate results into contiguous ranges (either ranges based on numeric values or time periods). Alternatively, you can add "interval:, as in `facet=Rating,interval:1`.

-Under certain circumstances, you might find that facet counts do not match the result sets (see [Faceted navigation in Azure Cognitive Search (Microsoft Q&A question page)](/answers/topics/azure-cognitive-search.html)).

-Facet counts can be inaccurate due to the sharding architecture. Every search index has multiple shards, and each shard reports the top N facets by document count, which is then combined into a single result. If some shards have many matching values, while others have fewer, you may find that some facet values are missing or under-counted in the results.

-Although this behavior could change at any time, if you encounter this behavior today, you can work around it by artificially inflating the count:\<number> to a large number to enforce full reporting from each shard. If the value of count: is greater than or equal to the number of unique values in the field, you are guaranteed accurate results. However, when document counts are high, there is a performance penalty, so use this option judiciously.

-Here is another example from the hotels sample. The following code snippet adds categorFacet to the filter if a user selects a value from the category facet.

-Facet results are documents found in the search results that match a facet term. In the following example, in search results for *cloud computing*, 254 items also have *internal specification* as a content type. Items are not necessarily mutually exclusive. If an item meets the criteria of both filters, it is counted in each one. This duplication is possible when faceting on `Collection(Edm.String)` fields, which are often used to implement document tagging.

-If your application uses faceted navigation exclusively (that is, no search box), you can mark the field as `searchable=false`, `filterable=true`, `facetable=true` to produce a more compact index. Your index will not include inverted indexes and there will be no text analysis or tokenization. Filters are made on exact matches at the character level.

-This article explains how to work with a query response in Azure Cognitive Search.

-The structure of a response is determined by parameters in the query itself, as described in [Search Documents (REST)](/rest/api/searchservice/Search-Documents) or [SearchResults Class (Azure for .NET)](/dotnet/api/azure.search.documents.models.searchresults-1). Parameters on the query determine:

-+ Fields in each result

-+ Order of items in results

-+ Highlighting of terms within a result, matching on either the whole or partial term in the body of the result

-While a search document might consist of a large number of fields, typically only a few are needed to represent each document in the result set. On a query request, append `$select=<field list>` to specify which fields show up in the response. A field must be attributed as **Retrievable** in the index to be included in a result.

-By default, the search engine returns up to the first 50 matches. The top 50 are determined by search score, assuming the query is full text search or semantic search, or in an arbitrary order for exact match queries (where "@searchScore=1.0").

-+ Add `$count=true` to get a count of the total number of matching documents found within an index. Depending on your query and the content of your documents, the count could be as high as every document in the index.

-The results of paginated queries are not guaranteed to be stable if the underlying index is changing. Paging changes the value of `$skip` for each page, but each query is independent and operates on the current view of the data as it exists in the index at query time (in other words, there is no caching or snapshot of results, such as those found in a general purpose database).

-Search scores convey general sense of relevance, reflecting the strength of match relative to other documents in the same result set. But scores are not always consistent from one query to the next, so as you work with queries, you might notice small discrepancies in how search documents are ordered. There are several explanations for why this might occur.

-If consistent ordering is an application requirement, you can explicitly define an [**`$orderby`** expression](query-odata-filter-orderby-syntax.md) on a field. Only fields that are indexed as **`sortable`** can be used to order results.

-Hit highlighting refers to text formatting (such as bold or yellow highlights) applied to matching terms in a result, making it easy to spot the match. Highlighting is useful for longer content fields, such as a description field, where the match is not immediately obvious.

-| **Vendor documentation/<br>installation instructions** | [Microsoft Sentinel Integration Guide](https://www.watchguard.com/help/docs/help-center/en-us/Content/Integration-Guides/General/Microsoft_Azure_Sentinel.html) |

-

-

- 

- 

- 

- 

-

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/logs-entry.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/logs-query-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/metrics-basic-cpu-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/metrics-filter-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/metrics-split-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/tracing-entry.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/tracing-overview-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/tracing-call-steeltoe.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/tracing-performance-steeltoe.png#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/logs-streaming-cli.png#lightbox)

- 

- 

- 

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/logs-entry.png#lightbox)

- [  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/logs-query.png#lightbox)

-The chart below shows `gateway-requests` (Spring Cloud Gateway), `hikaricp_connections`

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-metrics.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-custom-metrics.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-availability.jpg#lightbox)

-Navigate to the `Live Metrics` blade - you can see live metrics on screen with low latencies < 1 second:

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-live-metrics.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/distributed-tracking-new-ai-agent.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-performance.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-insights-on-dependencies.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-end-to-end-transaction-details.jpg#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/petclinic-microservices-failures-exceptions.png#lightbox)

-[  ](media/spring-cloud-quickstart-logs-metrics-tracing/update-logs-metrics-tracing/end-to-end-transaction-details.jpg#lightbox)

- [](media/spring-cloud-quickstart-setup-log-analytics/diagnostic-settings-entry.png#lightbox)

- * **Diagnostic setting name**: Set a unique name for the configuration.

- * **Logs** > **Categories**: Select **ApplicationConsole** and **SystemLogs**. For more information on log categories and contents, see [Create diagnostic settings to send Azure Monitor platform logs and metrics to different destinations](../azure-monitor/essentials/diagnostic-settings.md).

- * **Destination details**: Select **Send to Log Analytics workspace** and specify the Log Analytics workspace that you created previously.

- [](media/spring-cloud-quickstart-setup-log-analytics/diagnostic-settings-edit-form.png#lightbox)

-The account failover feature is generally available, but still relies on a preview module for PowerShell. To use PowerShell to initiate an account failover, you must first install the Az.Storage [1.1.1-preview](https://www.powershellgallery.com/packages/Az.Storage/1.1.1-preview) module. Follow these steps to install the module:

-1. Uninstall any previous installations of Azure PowerShell:

- - Remove any previous installations of Azure PowerShell from Windows using the **Apps & features** setting under **Settings**.

- - Remove all **Azure** modules from `%Program Files%\WindowsPowerShell\Modules`.

-1. Make sure that you have the latest version of PowerShellGet installed. Open a Windows PowerShell window, and run the following command to install the latest version:

- ```powershell

- Install-Module PowerShellGet ΓÇôRepository PSGallery ΓÇôForce

- ```

-1. Close and reopen the PowerShell window after installing PowerShellGet.

-1. Install the latest version of Azure PowerShell:

- ```powershell

- Install-Module Az ΓÇôRepository PSGallery ΓÇôAllowClobber

- ```

-1. Install an Azure Storage preview module that supports account failover:

- ```powershell

- Install-Module Az.Storage ΓÇôRepository PSGallery -RequiredVersion 1.1.1-preview ΓÇôAllowPrerelease ΓÇôAllowClobber ΓÇôForce

- ```

-To initiate an account failover from PowerShell, execute the following command:

-To use Azure CLI to initiate an account failover, execute the following commands:

-> Deploying **VM applications in Azure Compute Gallery** do not currently support using Azure policies.

-az vm applicaction set \

- --app-version-ids <appversionID1> <appversionID2> \

- --treat-deployment-as-failure true

-To verify application VM deployment status:

-For verifying application VMSS deployment status:

-$ids = az vmss list-instances -g myResourceGroup -n $vmssName --query "[*].{id: id, instanceId: instanceId}" | ConvertFrom-Json

-> [!NOTE]

-> The VMSS deployment status contains PowerShell syntax. Refer to the 2nd [vm-extension-delete](/cli/azure/vm/extension#az-vm-extension-delete-examples) example as there is precedence for it.

-

-```powershell-interactive

-> Deploying **VM applications in Azure Compute Gallery** do not currently support using Azure policies.

-The VM application extension always returns a *success* regardless of whether any VM app failed while being installed/updated/removed. The VM Application extension will only report the extension status as failure when there's a problem with the extension or the underlying infrastructure. This is triggered by the "treat failure as deployment failure" flag which is set to `$false` by default and can be changed to `$true`. The failure flag can be configured in [PowerShell](/powershell/module/az.compute/add-azvmgalleryapplication#-treatfailureasdeploymentfailure) or [CLI](/cli/azure/vm/application#-treat-deployment-as-failure).

-A quick failure of provisioning is likely due to a prefix validation error. A prefix validation error indicates we're unable to verify your ownership of the range. A validation error can also indicate that we can't verify Microsoft permission to advertise the range, and or the association of the range with the given subscription. To view the specific error, you can use the **JSON view** of a custom IP prefix resource in the **Overview** section to see the **failedReason** field. The JSON view displays the Route Origin Authorization, the signed message on the prefix records, and other details of the submission. You should delete the custom IP prefix resource and create a new one with the correct information.

-If a custom IP prefix is unable to be fully advertised, it moves to a **CommissioningFailed** status. In these instances, it's recommended to execute the command to update the range to commissioned status again.