Troubleshoot Azure Stream Analytics by using diagnostics logs
Occasionally, an Azure Stream Analytics job unexpectedly stops processing. It's important to be able to troubleshoot this kind of event. The event might be caused by an unexpected query result, by connectivity to devices, or by an unexpected service outage. The diagnostics logs in Stream Analytics can help you identify the cause of issues when they occur, and reduce recovery time.
Stream Analytics offers two types of logs:
- Activity logs (always on). Activity logs give insights into operations performed on jobs.
- Diagnostics logs (configurable). Diagnostics logs provide richer insights into everything that happens with a job. Diagnostics logs start when the job is created, and end when the job is deleted. They cover events when the job is updated and while it’s running.
You can use services like Azure Storage, Azure Event Hubs, and Azure Log Analytics to analyze nonconforming data. You are charged based on the pricing model for those services.
Turn on diagnostics logs
Diagnostics logs are off by default. To turn on diagnostics logs, complete these steps:
Sign in to the Azure portal, and go to the streaming job blade. Under Monitoring, select Diagnostics logs.
Select Turn on diagnostics.
On the Diagnostics settings page, for Status, select On.
Set up the archival target (storage account, event hub, Log Analytics) that you want. Then, select the categories of logs that you want to collect (Execution, Authoring).
Save the new diagnostics configuration.
The diagnostics configuration takes about 10 minutes to take effect. After that, the logs start appearing in the configured archival target (you can see these on the Diagnostics logs page):
For more information about configuring diagnostics, see Collect and consume diagnostics data from your Azure resources.
Diagnostics log categories
Currently, we capture two categories of diagnostics logs:
- Authoring. Captures log events that are related to job authoring operations: job creation, adding and deleting inputs and outputs, adding and updating the query, starting and stopping the job.
- Execution. Captures events that occur during job execution:
- Connectivity errors
- Data processing errors, including:
- Events that don’t conform to the query definition (mismatched field types and values, missing fields, and so on)
- Expression evaluation errors
- Other events and errors
Diagnostics logs schema
All logs are stored in JSON format. Each entry has the following common string fields:
|time||Timestamp (in UTC) of the log.|
|resourceId||ID of the resource that the operation took place on, in upper case. It includes the subscription ID, the resource group, and the job name. For example, /SUBSCRIPTIONS/6503D296-DAC1-4449-9B03-609A1F4A1C87/RESOURCEGROUPS/MY-RESOURCE-GROUP/PROVIDERS/MICROSOFT.STREAMANALYTICS/STREAMINGJOBS/MYSTREAMINGJOB.|
|category||Log category, either Execution or Authoring.|
|operationName||Name of the operation that is logged. For example, Send Events: SQL Output write failure to mysqloutput.|
|status||Status of the operation. For example, Failed or Succeeded.|
|level||Log level. For example, Error, Warning, or Informational.|
|properties||Log entry-specific detail, serialized as a JSON string. For more information, see the following sections.|
Execution log properties schema
Execution logs have information about events that happened during Stream Analytics job execution. The schema of properties varies, depending on the type of event. Currently, we have the following types of execution logs:
Any error that occurs while the job is processing data is in this category of logs. These logs most often are created during data read, serialization, and write operations. These logs do not include connectivity errors. Connectivity errors are treated as generic events.
|Source||Name of the job input or output where the error occurred.|
|Message||Message associated with the error.|
|Type||Type of error. For example, DataConversionError, CsvParserError, or ServiceBusPropertyColumnMissingError.|
|Data||Contains data that is useful to accurately locate the source of the error. Subject to truncation, depending on size.|
Depending on the operationName value, data errors have the following schema:
- Serialize events. Serialize events occur during event read operations. They occur when the data at the input does not satisfy the query schema for one of these reasons:
- Type mismatch during event (de)serialize: Identifies the field that's causing the error.
- Cannot read an event, invalid serialization: Lists information about the location in the input data where the error occurred. Includes blob name for blob input, offset, and a sample of the data.
- Send events. Send events occur during write operations. They identify the streaming event that caused the error.
Generic events cover everything else.
|Error||(optional) Error information. Usually, this is exception information, if it's available.|
|Type||Type of message. Maps to internal categorization of errors. For example, JobValidationError or BlobOutputAdapterInitializationFailure.|
|Correlation ID||GUID that uniquely identifies the job execution. All execution log entries from the time the job starts until the job stops have the same Correlation ID value.|