Skip to content

docs(azure-monitor): add Azure Monitor integration guide#999

Merged
hamzzaaamalik merged 3 commits intoTracer-Cloud:mainfrom
0xDevNinja:issue/997-azure-monitor-docs
Apr 27, 2026
Merged

docs(azure-monitor): add Azure Monitor integration guide#999
hamzzaaamalik merged 3 commits intoTracer-Cloud:mainfrom
0xDevNinja:issue/997-azure-monitor-docs

Conversation

@0xDevNinja
Copy link
Copy Markdown
Contributor

@0xDevNinja 0xDevNinja commented Apr 27, 2026

Fixes #997

Describe the changes you have made in this PR -

AzureMonitorLogsTool was the only major log-source integration without a docs/<name>.mdx page. This PR adds docs/azure-monitor.mdx modeled on the existing integration docs (Coralogix, Better Stack, etc.) and registers the new page under the Local integrations group in docs/docs.json so it shows up in the rendered nav.

The doc covers everything the issue asks for:

  • Overview of Azure Monitor Log Analytics and what query_azure_monitor_logs returns
  • Prerequisites: workspace, Entra ID app registration, Log Analytics Reader role, network egress
  • Step-by-step credential setup: Workspace ID lookup, app registration, role assignment, and the OAuth2 client-credentials curl snippet to mint a bearer token
  • Configuration via env vars (AZURE_LOG_ANALYTICS_WORKSPACE_ID, AZURE_LOG_ANALYTICS_TOKEN, AZURE_LOG_ANALYTICS_ENDPOINT, etc.) and via ~/.tracer/integrations.json
  • Verification with opensre integrations verify azure
  • Three example KQL queries (recent errors, severity histogram, failed dependencies by request id)
  • Troubleshooting matrix: 401, 403, empty results, sovereign-cloud endpoints, missing-credential errors
  • Security best practices: dedicated app registration, least-privilege role, secret hygiene, token rotation, read-only invariant

Variable names, defaults, and the 200-row hard cap are all sourced from the live code (app/integrations/catalog.py, app/tools/AzureMonitorLogsTool/__init__.py, app/integrations/verify.py) so the doc matches what the agent actually reads at runtime.

Commits are split atomically:

  1. 4c2ca0d docs(azure-monitor): add Azure Monitor integration guide — the new .mdx file
  2. 0abb3be docs(azure-monitor): register guide in docs navigation — the one-line docs/docs.json insertion

Demo/Screenshot for feature changes and bug fixes -

Docs-only PR. Local quality gate is clean against this branch:

$ make lint
ruff check app/ tests/
All checks passed!

$ make format-check
ruff format --check app/ tests/
904 files already formatted

$ make typecheck
.venv/bin/python -m mypy app/
Success: no issues found in 391 source files

$ make test-cov
3314 passed, 2 skipped, 1 xfailed, 1 warning in 43.92s

Code Understanding and AI Usage

Did you use AI assistance (ChatGPT, Claude, Copilot, etc.) to write any part of this code?

  • No, I wrote all the code myself
  • Yes, I used AI assistance (continue below)

Explain your implementation approach:

The issue spelled out the structure exactly — overview, prerequisites, credentials, configuration, verification, KQL examples, troubleshooting — so the work was mostly grounding each section in the real code paths instead of inventing flags. I read app/integrations/catalog.py to pin the env-var names (AZURE_LOG_ANALYTICS_WORKSPACE_ID, AZURE_LOG_ANALYTICS_TOKEN, AZURE_LOG_ANALYTICS_ENDPOINT, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID, AZURE_MAX_RESULTS) and the persistent-store schema; app/tools/AzureMonitorLogsTool/__init__.py for the 200-row hard cap, the default take clause, and the request shape OpenSRE actually emits (POST /v1/workspaces/<id>/query with timespan=PT<N>M); and app/integrations/verify.py:_verify_azure for the exact verify-output string the troubleshooting section refers back to. I considered following the Coralogix doc style verbatim (it's the shortest), but Better Stack is a closer fit — both are token-auth REST integrations with a sovereign-cloud endpoint variation — so I matched its layout (Setup → Investigation tool → Verify → Troubleshooting → Security) and added an explicit credential-acquisition section because Azure's OAuth2 client-credentials flow is the most error-prone step. The KQL examples are deliberately mundane (AppTraces, AppDependencies) so a reader can paste them straight into the Logs blade without tweaking schema names. The docs/docs.json change is the one-line nav registration that makes the page render in the docs site.

Checklist before requesting a review

  • I have added proper PR title and linked to the issue
  • I have performed a self-review of my code
  • I can explain the purpose of every function, class, and logic block I added
  • I understand why my changes work and have tested them thoroughly
  • I have considered potential edge cases and how my code handles them
  • If it is a core feature, I have added thorough tests
  • My code follows the project's style guidelines and conventions

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 27, 2026

Greptile Summary

This PR adds docs/azure-monitor.mdx, the missing integration guide for AzureMonitorLogsTool, and registers it in the nav via docs/docs.json. The env-var names, API endpoint shape, hard row cap, default limit, and verify detail string were all verified against the live source code and are accurate — with one exception: the expected verify output shows env in the SOURCE column but the code emits "local env" for every env-var-backed integration, so that snippet will not match what users actually see.

Confidence Score: 4/5

Safe to merge after fixing the verify SOURCE label in the expected output snippet.

One P1 factual inaccuracy: the verify snippet shows "env" but the code produces "local env", which will confuse users comparing terminal output against the docs. All other content (env vars, endpoint, cap, KQL examples, troubleshooting) is verified against the live code and correct.

docs/azure-monitor.mdx — the Verify section expected output block

Important Files Changed

Filename Overview
docs/azure-monitor.mdx New Azure Monitor integration guide — env var names, hard cap, API URL shape, and verify detail string all match the live code; the verify SOURCE column label shows "env" but the code emits "local env"
docs/docs.json One-line nav registration inserting "azure-monitor" in alphabetical order under the Local integrations group — correct and straightforward

Sequence Diagram

sequenceDiagram
    participant User
    participant OpenSRE
    participant EntraID as Microsoft Entra ID
    participant AzureLogAnalytics as Azure Log Analytics

    User->>EntraID: POST /oauth2/v2.0/token (client_credentials)
    EntraID-->>User: Bearer token (~60 min TTL)
    User->>OpenSRE: Set AZURE_LOG_ANALYTICS_TOKEN

    Note over OpenSRE: Investigation triggered

    OpenSRE->>OpenSRE: _ensure_take_clause(query, limit)
    OpenSRE->>AzureLogAnalytics: POST /v1/workspaces/{workspace_id}/query
    AzureLogAnalytics-->>OpenSRE: tables with columns and rows
    OpenSRE->>OpenSRE: flatten rows up to effective_limit
    OpenSRE-->>User: source, rows, total_returned
Loading

Reviews (1): Last reviewed commit: "docs(azure-monitor): register guide in d..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Apr 27, 2026
View reviewed changes
Comment thread docs/azure-monitor.mdx
Comment on lines +127 to +133
The verify step is a credential-shape check — it does not call the workspace. To exercise the live path, point OpenSRE at a synthetic alert that names `azure` as the source and inspect the resulting evidence.

## Example KQL queries

Recent application errors:

```kql
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Verify output SOURCE field is wrong

The expected output shows env in the SOURCE column, but catalog.py sets the source label to "local env" for all environment-variable–backed integrations (in _service_metadata). A user running opensre integrations verify azure with env vars configured will see local env in the output, not env, causing a mismatch when following the docs.

The correct expected output line should read:
azure local env passed Azure Log Analytics credentials are configured for workspace <id> at https://api.loganalytics.io

@0xDevNinja
docs(azure-monitor): correct verify SOURCE column to 'local env'
b3b1d66 
Env-var-backed integrations are emitted with source label
'local env' by app/integrations/catalog.py:_service_metadata,
not 'env'. Update the expected output snippet so users matching
the docs against terminal output see the same string.
@0xDevNinja
Copy link
Copy Markdown
Contributor Author

0xDevNinja commented Apr 27, 2026

Thanks for the catch — fixed in b3b1d66.

app/integrations/catalog.py:_service_metadata does emit "local env" for env-var-backed integrations, so the expected verify output now reads azure local env passed ... (with the column width adjusted accordingly). Local quality gate clean (lint, format-check, typecheck, test-cov 3314 passed).

@hamzzaaamalik
Copy link
Copy Markdown
Collaborator

hamzzaaamalik commented Apr 27, 2026

Verified the fix: docs/azure-monitor.mdx now shows local env in the SOURCE column, matching _service_metadata in catalog.py. Greptile finding resolved.

Re-confirming the rest of the docs against the codebase: env var names, default endpoint, 200-row hard cap, default limit 50 all match.

LGTM.

@hamzzaaamalik hamzzaaamalik merged commit b861912 into Tracer-Cloud:main Apr 27, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Azure Monitor integration documentation (docs/azure-monitor.mdx)

2 participants

@0xDevNinja @hamzzaaamalik