It is possible to stream Azure VM's diagnostics to EventHub. This article https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-streaming-azure-diags-data explain how to do it. The data I receive in EventHub is next:
{
"records" : [{
"time" : "2016-12-08T01:27:42.7908225Z",
"dimensions" : {
"DeploymentId" : "45db964e-ae11-4f2b-a342-xxxxxxxx",
"Role" : "IaaS",
"RoleInstance" : "_xxxxserver01"
},
"metricName" : "\\Processor Information(_Total)\\Processor Frequency",
"last" : 2397.0,
"timeGrain" : "PT15S"
}
]
}
There is no information about the subscription, resource group, or resource it came from, how can I get this information based on this data above? "DeploymentId" looks promising but I couldn't find any information what it refers to. If I send data to EventHub from two different resource groups but from the vms with the same names, how can I know where the perf log came from? Basically how can I correlate this perf log to actual azure vm (resource)?
Any guidance would be greatly appreciated.
Depending if you are dealing with Classic or ARM/v2 Virtual Machines, the answer is somewhat different, but in both cases it relies on DeploymentId.
For Classic VMs, DeploymentId can be retrieved from Azure Management API For ARM/v2 VMs, DeploymentId is hidden in the registry of the monitored VM
We do a number of "hacks" in CloudMonix to figure this out (ie: look at storage for already saved diagnostic data that matches the data by VM name), but it's not reliable as VM names can be duplicated across ARM groups. So, in the case of a latter scenario you're forced to look into the registry of monitored VMs for this
HTH