Resource Specific logs enabled Firewall workbook still using AzureDiagnostics table
Closed this issue · 4 comments
Describe the bug
When deploying the Azure Firewall Workbook with Resource Specific logs enabled, the very first metrics in the Azure Firewall Overview tab are using the AzureDiagnostics table which is not populated when using diagnostics settings with Resource Specific tables.
Reproduce
Steps to reproduce the behavior:
- Enable Diagnostic settings 'allLogs' and 'allMetrics' on the Firewall with 'Resource specific' as Destination table
- Install the Azure Firewall_ResourceSpecific_ARM.json Workbook from this repo
- Go to the newly created workbook and select the configured Firewall
- Click on the Azure Firewall Overview tab
Expected behavior
All metrics should use Resource Specific Tables when deploying the Resource Specific Azure Firewall Workbook.
Screenshots
Environment- if applicable
used Azure Firewall_ResourceSpecific_Gallery.json
Desktop (please complete the following information if applicable):
N/A
Logs- if applicable
N/A
Additional context
If using both type of Diagnostic settings (AzureDiagnostics and Resource Specific) pointing to 2 different log analytics workspaces, I can manage to have the workbook work correctly if reading the 2 log analytics workspaces. But that means store twice the same kind of events in a different format
Thank you @EppO for the feedback. Please expect a response in the next 3 business days
Thanks for bringing this up @EppO. We will be checking the workbook and make the changes accordingly.
Hey @EppO - Could you re-test the workbooks to see if you are still facing the issues?
It works great now! Thanks for the fast fix, really appreciated.