Splunk Observability Cloud
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I use Azure resource name instead of azure_resource_id

slozenkov
Observer
‎02-20-2025 11:37 AM

Hi.

We started using Splunk Observability Cloud for our Azure infrazrtucture. We already setup Azure integration with Splunk and now in the process of creation dashboards and charts.

I met an issue while creating any chart that contains several objects in it.

If I want to see dtu_consumption_percent for SQL databases on my SQL Server (tens of databases) I can easily create a time chart, and it contains data for all databases, but I do not understand what line represents what database.

Because the name of any database looks like /SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE

I do not see this full name even on legend. And hovering the mouse over the line shows only a small part, like  "/SUBSCRIPTIONS/FULL_ID_OF_SU"

 

I would like to have THE_NAME_OF_DATABASE aka resource name instead of full azure_resource_id.

 

Is it possible?

Thank You

0 Karma
Reply

bishida
Splunk Employee
Splunk Employee
‎02-21-2025 01:26 PM

You can set a custom property such as 'the_name_of_the_database' and map it to a current dimension's name/value pair. You can do this in settings -> metric metadata. In your case, you would likely key off of "DatabaseResourceId=/SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE" and then set a custom property of "the_name_of_the_database=THE_NAME_OF_THE_DATABASE". To get started, search for 'DatabaseResourceId' in the metric metadata.

Metric Metadata:
https://docs.splunk.com/observability/en/metrics-and-metadata/metrics-finder-metadata-catalog.html

You may also want to leverage the SignalFlow promote() function (depending on what you want to do with that custom property). You can filter/search without using promote() but if you want to display the_name_of_the_database on a chart, you'll likely need to use promote().

https://dev.splunk.com/observability/docs/signalflow/methods/promote_stream_method/

bishida_3-1740173050196.png

bishida_4-1740173144089.png

 

bishida_1-1740172592444.png

bishida_2-1740172678860.png

 

0 Karma
Reply

slozenkov
Observer
‎02-21-2025 03:16 PM

Thank You.

I discovered the options with the custom property before. 

But as I understand it is static mapping.  I can add custom property not to dimension but to the particular value of this dimension.

Am I right?


Lets suppose, I have 3 databases with the azure_resource_id like:

/SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE1

/SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE2

/SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE3

To use custom property I need to choose particular value /SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE1 in the Metric Metadata and add new custom property DBNAME=THE_NAME_OF_DATABASE1.
The same I need to do for the second and the third database.

After that I can use custom property DBNAME in the chart only for these three databases.

But I need to have ability make correlation between any /SUBSCRIPTIONS/FULL_ID_OF_SUBSCRIPRTION/RESOURCEGROUPS/RESOURCE_GROUP_NAME/PROVIDERS/MICROSOFT.SQL/SERVERS/THE_NAME_OF_SQL_SERVER/DATABASES/THE_NAME_OF_DATABASE_N and THE_NAME_OF_DATABASE_N without N addition of custom property.

Please could You answer this?

 

 

 

0 Karma
Reply

bishida
Splunk Employee
Splunk Employee
‎02-22-2025 07:09 PM

I think your understanding of your current scenario is all correct. 

It's possible that Azure monitor has a way to create this new dimension there. So, when you export the metric through an integration like the one used by Splunk Observability Cloud, the custom DBNAME dimension is already there. That's just an idea--I don't know if Azure Monitor has a feature to do this or not, but it seems possible they might.

Another possibility would be to collect this metric with an OpenTelemetry collector instead of using the Azure Cloud integration. There is a new OTel receiver being developed called azuremonitor. 
https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/azuremonitorrec...

If you can collect this metric with OTel, then you can use an OTel processor to extract the short name of the database and add it to your metric using an OTel attributes processor.
https://docs.splunk.com/observability/en/gdi/opentelemetry/components/attributes-processor.html

0 Karma
Reply

slozenkov
Observer
‎02-23-2025 05:56 AM

Thank You for the response.

I will investigate option You suggested.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...