Επεξεργασία

Κοινή χρήση μέσω


Migrate from diagnostic settings storage retention to Azure Storage lifecycle management

The Diagnostic Settings Storage Retention feature is being deprecated. To configure retention for logs and metrics sent to an Azure Storage account, use Azure Storage Lifecycle Management.

This guide walks you through migrating from using Azure diagnostic settings storage retention to using Azure Storage lifecycle management for retention. For logs sent to a Log Analytics workspace, retention is set for each table on the Tables page of your workspace. For more information on Log Analytics workspace retention, see Manage data retention in a Log Analytics workspace.

Important

Deprecation Timeline.

  • March 31, 2023 – The Diagnostic Settings Storage Retention feature will no longer be available to configure new retention rules for log data. This includes using the portal, CLI PowerShell, and ARM and Bicep templates. If you have configured retention settings, you'll still be able to see and change them in the portal.
  • September 30, 2025 – All retention functionality for the Diagnostic Settings Storage Retention feature will be disabled across all environments.

Prerequisites

An existing diagnostic setting logging to a storage account.

Migration procedures

Note

  • When you change your retention settings, the new settings only apply to new logs ingested after the change. Existing logs are subject to the previous retention settings.
  • Deleting a diagnostic setting doesn't delete the logs in the storage account. The retention settings will continue to apply to the logs created before the diagnostic settings were deleted.

Use the following CLI command to check if a resource has a diagnostic setting:

 az monitor diagnostic-settings list --resource <resource Id>

The output shows whether the diagnostic setting sends the data to a storage account, for example:

[
  {
    "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourcegroups/rg-001/providers/microsoft.insights/datacollectionrules/dcr-east2/providers/microsoft.insights/diagnosticSettings/dsetting-1",
    "logs": [
      {
        "categoryGroup": "allLogs",
        "enabled": true,
        "retentionPolicy": {
          "days": 0,
          "enabled": false
        }
      }
    ],
    "metrics": [
      {
        "category": "AllMetrics",
        "enabled": false,
        "retentionPolicy": {
          "days": 0,
          "enabled": false
        }
      }
    ],
    "name": "dsetting-1",
    "resourceGroup": "rg-001",
    "storageAccountId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/rg-DCR/providers/Microsoft.Storage/storageAccounts/logs001",
    "type": "Microsoft.Insights/diagnosticSettings"
  }
]

To migrate your diagnostics settings retention rules, follow the steps below:

  1. Go to the Diagnostic Settings page for your logging resource and locate the diagnostic setting you wish to migrate

  2. Set the retention for your logged categories to 0

  3. Select Save A screenshot showing a diagnostics setting page.

  4. Navigate to the storage account you're logging to

  5. Under Data management, select Lifecycle Management to view or change lifecycle management policies

  6. Select List View, and select Add a rule A screenshot showing the lifecycle management screen for a storage account.

  7. Enter a Rule name

  8. Under Rule Scope, select Limit blobs with filters

  9. Under Blob Type, select Append Blobs and Base blobs under Blob subtype.

  10. Select Next A screenshot showing the details tab for adding a lifecycle rule.

  11. Set your retention time, then select Next A screenshot showing the Base blobs tab for adding a lifecycle rule.

  12. On the Filters tab, under Blob prefix set path or prefix to the container or logs you want the retention rule to apply to. The path or prefix can be at any level within the container and will apply to all blobs under that path or prefix. For example, for all insight activity logs, use the container insights-activity-logs to set the retention for all of the logs in that container.
    To set the rule for a specific webapp app, use insights-activity-logs/ResourceId=/SUBSCRIPTIONS/<your subscription Id>/RESOURCEGROUPS/<your resource group>/PROVIDERS/MICROSOFT.WEB/SITES/<your webapp name>.

    Use the Storage browser to help you find the path or prefix.
    The example below shows the prefix for a specific web app: *insights-activity-logs/ResourceId=/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/RESOURCEGROUPS/rg-001/PROVIDERS/MICROSOFT.WEB/SITES/appfromdocker1.
    To set the rule for all resources in the resource group, use insights-activity-logs/ResourceId=/SUBSCRIPTIONS/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e7/RESOURCEGROUPS/rg-001. A screenshot showing the Storage browser and resource path.

  13. Select Add to save the rule. A screenshot showing the filters tab for adding a lifecycle rule.

Next steps

Configure a lifecycle management policy.