Connect with Application Insights in ‘not Local auth mode’ using OpenTelemetry

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

TOC

  1. What is it
  2. How to use it
  3. References

 

What is it

Azure Web Apps or Azure Function Apps frequently communicate with Application Insights to log various levels of data, which can later be reviewed and filtered in the Log Analytics Workspace.

 

Taking Python as an example, the official documentation mentions that the OpenCensus package will no longer be supported after 2024-09-30.

theringe_0-1721270610203.png

 

 

The article suggests OpenTelemetry as the latest alternative. In response to the growing cybersecurity awareness among many companies, many users have disabled the 'Local Authentication' feature in Application Insights to enhance security.

theringe_1-1721270610206.png

 

 

Therefore, this article will focus on how Web Apps/Function Apps can use Managed Identity to communicate with Application Insights and utilize the latest OpenTelemetry package to avoid the predicament of unsupported packages.

 

How to use it

According to Microsoft Entra authentication for Application Insights - Azure Monitor | Microsoft Learn, sample code with "OpenCensus" will EOS after 2024-09-30 which means this method is deprecatedfrom now. (will show up in further code snippet with method 1)

Currently, Microsoft officially suggest user apply OpenTelemetry as the new method. (will show up in further code snippet with method 2).

 

Step 1:

Function App should use system/user assigned managed identity to issue credential for accessing AI (i.e., Application Insights), I choose system assigned managed identity in this sample.

theringe_2-1721270664143.png

 

In the "Role Assignment", please add the "Monitoring Metrics Publisher" to the target AI resource, I add the parent RG (i.e., resource group) from that AI in this experiment.

theringe_3-1721270664145.png

 

Step 2:

In code level, I use Function App python V1 architecture from the python code, but I think V1 and V2 could achieve the same goal.

theringe_4-1721270720141.png

[requirements.txt]

 

# Method 2: opentelemetry azure-monitor-opentelemetry azure-identity

 

 

theringe_5-1721270778008.png

[<TriggerName>/__init__.py]

 

# Method 2: opentelemetry from azure.monitor.opentelemetry import configure_azure_monitor from logging import INFO, getLogger from azure.identity import ManagedIdentityCredential credential = ManagedIdentityCredential() configure_azure_monitor( connection_string='InstrumentationKey=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX;IngestionEndpoint=https://XXXXXX-X.in.applicationinsights.azure.com/;LiveEndpoint=https://XXXXXX.livediagnostics.monitor.azure.com/;ApplicationId=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', credential=credential ) # Method 2: opentelemetry logger2 = getLogger(__name__) logger2.setLevel(INFO) logger2.info("Method 2: opentelemetry") logger2.handlers.clear()

 

 

The connection_string mentioned in the code can be obtained through the AI's overview page.

theringe_6-1721270833328.png

 

 

Step 3:

After the deployment to the Function App, we could use online Code+Test from Azure portal

theringe_7-1721270833333.png

 

 

And the corresponding AI will got the log.

theringe_8-1721270833338.png

 

References:

azure-monitor-opentelemetry · PyPI

Enable Azure Monitor OpenTelemetry for .NET, Java, Node.js, and Python applications - Azure Monitor | Microsoft Learn

azure-sdk-for-python/sdk/monitor/azure-monitor-opentelemetry/samples/metrics/instruments.py at main · Azure/azure-sdk-for-python (github.com)

Enable Azure Monitor OpenTelemetry for .NET, Java, Node.js, and Python applications - Azure Monitor | Microsoft Learn

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.