Friday, 12 July 2024

Use Change Analysis in Azure Monitor

 

Use Change Analysis in Azure Monitor

While standard monitoring solutions might alert you to a live site issue, outage, or component failure, they often don't explain the cause. Let's say your site worked five minutes ago, and now it's broken. What changed in the last five minutes?

Change Analysis is designed to answer that question in Azure Monitor.

Building on the power of Azure Resource Graph, Change Analysis:

  • Provides insights into your Azure application changes.
  • Increases observability.
  • Reduces mean time to repair (MTTR).

Change Analysis architecture

Change Analysis detects various types of changes, from the infrastructure layer through application deployment. Change Analysis is a subscription-level Azure resource provider that:

  • Checks resource changes in the subscription.
  • Provides data for various diagnostic tools to help users understand what changes caused issues.

The following diagram illustrates the architecture of Change Analysis:

Architecture diagram of how Change Analysis gets change data and provides it to client tools.

Supported resource types

Azure Monitor Change Analysis service supports resource property level changes in all Azure resource types, including common resources like:

  • Virtual Machine
  • Virtual machine scale set
  • App Service
  • Azure Kubernetes Service (AKS)
  • Azure Function
  • Networking resources:
    • Network Security Group
    • Virtual Network
    • Application Gateway, etc.
  • Data services:
    • Storage
    • SQL
    • Redis Cache
    • Azure Cosmos DB, etc.

Data sources

Azure Monitor's Change Analysis queries for:

Change Analysis also tracks resource dependency changes to diagnose and monitor an application end-to-end.

Azure Resource Manager resource properties changes

Using Azure Resource Graph, Change Analysis provides a historical record of how the Azure resources that host your application changed over time. The following basic configuration settings are set using Azure Resource Manager and tracked by Azure Resource Graph:

  • Managed identities
  • Platform OS upgrade
  • Hostnames

Resource configuration changes

In addition to the settings set via Azure Resource Manager, you can set configuration settings using the CLI, Bicep, etc., such as:

  • IP Configuration rules
  • TLS settings
  • Extension versions

Azure Resource Graph doesn't capture these setting changes. Change Analysis fills this gap by capturing snapshots of changes in those main configuration properties, like changes to the connection string, etc. Snapshots are taken of configuration changes and change details every up to 6 hours.

See known limitations regarding resource configuration change analysis.

Changes in Azure Function and Web Apps (in-guest changes)

Every 30 minutes, Change Analysis captures the configuration state of a web application. For example, it can detect changes in the application environment variables, configuration files, and WebJobs. The tool computes the differences and presents the changes.

Screenshot of the selecting the Refresh button to view latest changes.

Refer to our troubleshooting guide if you don't see:

  • File changes within 30 minutes
  • Configuration changes within 6 hours

See known limitations regarding in-guest change analysis.

Currently, all text-based files under site root wwwroot with the following extensions are supported:

  • *.json
  • *.xml
  • *.ini
  • *.yml
  • *.config
  • *.properties
  • *.html
  • *.cshtml
  • *.js
  • requirements.txt
  • Gemfile
  • Gemfile.lock
  • config.gemspec

No comments:

Post a Comment