Giter Club home page Giter Club logo

aztail's Introduction

aztail - cli to retrieve Azure logs

tests

aztail is an opinionated tool to retrieve logs from Azure App Insights and Azure Monitor Logs (also known as Log Analytics). These services are exposed as databases, but when debugging, you typically want to retrieve a the logs as a stream. aztail retrieves records from these databases and presents them as a log stream, picking fields that are likely to be relevant for each particular service. It also allows you to "tail" a log stream.

aztail demo

Currently supported Azure services:

  • Azure Functions
  • Azure API Management
  • Azure Container Apps

Several more services are in the works: see the sources page for details on how filters are applied and what data is retrieved.

Please understand that aztail is an opinionated debugging tool and not a generic Kusto client. It allows you to scan a log stream for relevant information, but as soon as you start asking "How often does this occur?", you should probably use the Azure Portal and formulate a proper Kusto query.

Install

aztail is a single binary and can be downloaded from the repository release page. aztail currently supports MacOS X, Linux and Windows x86-64. aztail depends on Azure CLI as it does not itself handle authentication, but expect you to have used az login and az account set to provide it with a session.

Tutorial

This simple aztail query returns logs for the last two minutes and proceeds to periodically requests logs that are newer than those already seen. This will request logs from all services that aztail knows how to present.

aztail --app-id 45cb2850-a0ed-4a3f-b616-c5fa650951d9 --start-time='-2 min' --follow

You can pass filters to scope down what logs are returned. Filters are OR:ed together so this returns logs from all functions in two function apps, but no logs from e.g. API management.

aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --start-time='-2 min' --function-app this-app --function-app that-app --follow

Start and end times accept both RFC3339 timestamps and colloquial time string, courtesy of chrono-english which tries to emulate the behavior of GNU date. This gives you logs for the last 24 hours.

aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --start-time='yesterday' --end-time='today'

If you want to explore the queries aztail asks, and the raw results that are returned, you can turn on debugging. Also useful when you want to report bugs.

aztail --workspace d5886821-9c0d-4f08-b2f3-d6621f15c6f8 --debug --follow

Usage

Query tables in a App Insights or Log Analytics workspace and presents the result as a human-
readable log stream. When executed with only an App ID or Workspace ID, aztail retrieves logs from
all known services. If one or more filter arguments are used, only logs matching those filters will
be retrieved. Multiple filters can be used and will retrieve the union of matching data

USAGE:
    aztail [OPTIONS]

OPTIONS:
    -a, --app-id <APP_ID>
            The "Application ID" of the App Insight where logs reside

        --api-name <API_NAME>...
            Show only logs for a particular API

        --api-operation <API_OPERATION>...
            Show only logs for a particular operation (regardless of owning API)

        --container-group <CONTAINER_GROUP>...
            Show only logs for a container group

        --container-name <CONTAINER_NAME>...
            Show only logs for a specific container

        --debug
            Debug log all queries and all entries received

    -e, --end-time <END_TIME>
            Retrieve logs older than this. Can be RFC3339 or informal such as "30min ago"

    -f, --follow
            Tail a log query. Incompatible with --end-time

        --format <FORMAT>
            One of text, json [default: text]

        --function <FUNCTION>...
            Show only logs for a specific function

        --function-app <FUNCTION_APP>...
            Show only logs for a specific app

    -h, --help
            Print help information

    -s, --start-time <START_TIME>
            Retrieve logs newer than this. Can be RFC3339 or informal such as "yesterday"

    -V, --version
            Print version information

    -w, --workspace <WORKSPACE>
            The ID of the Log Analytics workspace where logs reside

Developing

aztail is written in Rust and uses cargo. Pushing a semver-compliant tag will trigger a release build.

Contributing

Contributions are welcome. Please file an issue and/or a pull request.

License

For the time being, aztail is licensed under GPLv3. If you have a use case that is hampered by this license, please file an issue.

Credits

aztail is inspired by awslogs.

aztail's People

Contributors

bittrance avatar

Stargazers

avatar avatar

Watchers

avatar avatar

aztail's Issues

Support AppInsights and Log Analyrics in the same run

AppInsights is being deprecated and customers can seamlessly migrate to Log Analytics. When they do this, both AppInsights and Log Analytics show the same events (e.g. traces is duplicated as AppTraces). Thus, a permissive query across both would yield duplicates. This makes it problematic to allow both in the same run; some sort of de-duplication is needed. Is it possible to detect that an AppInsight workspace has been migrated?

Support multiple Log Analytics workspaces in the same run

Technically speaking, it is easy to add LogSource objects different workspaces, but the current CLI arg style has no way to tell which args concerns a certain workspace. The tables may not even exist in that workspace, causing query failures. We either need a different arg style or we need to ignore certain kinds of failures when running with multiple workspaces, resulting in fiddly "It's ok for either to fail, but not both."

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.