--- title: Azure Native Service logs and metrics description: The Elastic Cloud Azure Native Service simplifies logging for Azure services with the Elastic Stack. This integration supports: Azure subscription logs,... url: https://www.elastic.co/elastic/docs-builder/docs/3369/deploy-manage/deploy/elastic-cloud/azure-native-isv-service-logs-metrics products: - Elastic Cloud Hosted - Elastic Cloud Serverless applies_to: - Elastic Cloud Serverless: Generally available - Elastic Cloud Hosted: Generally available --- # Azure Native Service logs and metrics The Elastic Cloud Azure Native Service simplifies logging for Azure services with the Elastic Stack. This integration supports: - Azure subscription logs - Azure resources logs (check [Supported categories for Azure Resource Logs](https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories?WT.mc_id=Portal-Azure_Marketplace_Elastic) for examples) If you want to send platform logs to a deployment that has [network security policies](https://www.elastic.co/elastic/docs-builder/docs/3369/deploy-manage/security/network-security) applied, then you need to contact [the Elastic Support Team](/elastic/docs-builder/docs/3369/deploy-manage/deploy/elastic-cloud/azure-native-isv-service-troubleshooting#azure-integration-support) to perform additional configurations. Refer support to the article [Azure++ Resource Logs blocked by Traffic Filters](https://support.elastic.co/knowledge/18603788). ## Unsupported log types The following log types are not supported as part of this integration: - Azure tenant logs - Logs from Azure compute services, such as Virtual Machines ## Configure log ingestion If your Azure resources and Elastic deployment or project are in different subscriptions, before creating diagnostic settings confirm that the `Microsoft.Elastic` resource provider is registered in the subscription in which the Azure resources exist. If not, register the resource provider following these steps: 1. In Azure, navigate to **Subscriptions → Resource providers**. 2. Search for `Microsoft.Elastic` and check that it is registered. If you already created diagnostic settings before the `Microsoft.Elastic` resource provider was registered, delete and add the diagnostic setting again. In the Azure portal, configure the ingestion of Azure logs into either a new or existing Elastic Cloud deployment or project: - When creating a new deployment or project, use the **Logs & metrics** tab in Azure to specify the log type and a key/value tag pair. Any Azure resources that match on the tag value automatically send log data to the Elastic Cloud deployment or project, once it's been created. ![The Logs & Metrics tab on the Create Elastic Resource page](https://www.elastic.co/elastic/docs-builder/docs/3369/deploy-manage/images/cloud-ec-marketplace-azure004.png) - For existing deployments or projects, configure Azure logs from the [resource overview page](https://portal.azure.com/#browse/Microsoft.Elastic%2Fmonitors) in the Azure portal. Note the following restrictions for logging: - Only logs from non-compute Azure services are ingested as part of the configuration detailed in this document. Logs from compute services, such as Virtual Machines, into the Elastic Stack will be added in a future release. - The Azure services must be in one of the [supported regions](https://docs-v3-preview.elastic.dev/elastic/docs-builder/docs/3369/reference/cloud-hosted/ec-regions-templates-instances#ec-azure_regions). All regions will be supported in the future. Your Azure logs might sometimes contain references to a user `Liftr_Elastic`. This user is created automatically by Azure as part of the integration with Elastic Cloud. ## Monitor ingestion status To check which of your Azure resources are currently being monitored, navigate to your Elasticsearch deployment or project and open the **Monitored resources** tab. Each resource shows one of the following status indicators: | Status | Description | |--------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Sending** | Logs are currently being sent to the Elasticsearch cluster. | | **Logs not configured** | Log collection is currently not configured for the resource. Open the **Edit tags** link to configure which logs are collected. For details about tagging resources, check [Use tags to organize your Azure resources and management hierarchy](https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json) in the Azure documentation. | | **N/A** | Monitoring is not available for this resource type. | | **Limit reached** | Azure resources can send diagnostic data to a maximum of five outputs. Data is not being sent to the Elasticsearch cluster because the output limit has already been reached. | | **Failed** | Logs are configured but failed to ship to the Elasticsearch cluster. For help resolving this problem you can [contact Support](/elastic/docs-builder/docs/3369/deploy-manage/deploy/elastic-cloud/azure-native-isv-service-troubleshooting#azure-integration-support). | | **Region not supported** | The Azure resource must be in one of the [supported regions](https://docs-v3-preview.elastic.dev/elastic/docs-builder/docs/3369/reference/cloud-hosted/ec-regions-templates-instances#ec-azure_regions). | ## Ingest metrics Metrics are not supported as part of the current Elastic Cloud Azure Native Service. This will be implemented in a future phase. Metrics can still be collected from all Azure services using Metricbeat. For details, check [Ingest other Azure metrics using the Metricbeat Azure module](/elastic/docs-builder/docs/3369/solutions/observability/cloud/monitor-microsoft-azure-with-beats#azure-step-four). ## Monitor virtual machines You can monitor your Azure virtual machines by installing the Elastic Agent VM extension. Once enabled, the VM extension downloads the Elastic Agent, installs it, and enrols it to Fleet Server. The Elastic Agent will then send system related logs and metrics to the Elastic Cloud deployment or project, where you can find pre-built system dashboards showing the health and performance of your virtual machines. ![A dashboard showing system metrics for the VM](https://www.elastic.co/elastic/docs-builder/docs/3369/deploy-manage/images/cloud-ec-marketplace-azure010.png) ### Enable and disable VM extensions To enable or disable a VM extension: 1. In Azure, navigate to your Elasticsearch deployment or project. 2. Select the **Virtual machines** tab. 3. Select one or more virtual machines. 4. Choose **Install Extension** or **Uninstall Extension**. ![The Virtual Machines page in Azure](https://www.elastic.co/elastic/docs-builder/docs/3369/deploy-manage/images/cloud-ec-marketplace-azure011.png) While it's possible to enable or disable a VM extension directly from the VM itself, we recommend always enabling or disabling your Elasticsearch VM extensions from within the context of your Elasticsearch deployment or project. ### Manage the Elastic Agent VM extension Once installed on the virtual machine, you can manage Elastic Agent either from Fleet or locally on the host where it's installed. We recommend managing the VM extension through Fleet, because it makes handling and upgrading the agents considerably easier. For more information on Elastic Agent, check [Manage your Elastic Agents](https://www.elastic.co/elastic/docs-builder/docs/3369/reference/fleet/install-elastic-agents). ### Operating system compatibility The Azure Elastic Agent VM extension is supported on the following operating systems: | **Platform** | **Version** | |--------------|-------------| | Windows | 2008r2+ | | CentOS | 6.10+ | | Debian | 9,10 | | Oracle | 6.8+ | | RHEL | 7+ | | Ubuntu | 16+ |