Azure : Deploy Diagnostic Settings using Bicep

Azure Diagnostic Settings is used to send Azure resource’s platform logs and metrics to the destination of your choice. We can use this to connect a resource to a Log Analytics Workspace for log gathering.

We can add the Diagnostic Settings manually under each resource. The challenge is that when we try to do export template, the diagnostic settings is not included in the template. It’s a bit hard to find documentation on how to deploy it automatically, so it took me a while to figure out how to do it. So, let’s see how to do it in bicep.

To create a Diagnostic Settings, we need to make use of Microsoft.Insights/diagnosticSettings. Let’s say we have a resource below that we want to attach Diagnostic Settings into it.

param logicAppName string
param logAnalyticsWorkspaceId string
param logicAppName string
param location string

resource resource_logicapp 'Microsoft.Logic/workflows@2017-07-01' = {
  name: logicAppName
  location: location
  properties: {
    state: 'Enabled'
    definition: {
      '$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#'
      contentVersion: '1.0.0.0'
      parameters: {
      }
      triggers: {
        manual: {
          type: 'Request'
          kind: 'Http'
          inputs: {
            schema: {
            }
          }
        }
      }
      actions: {
      }
      outputs: {
      }
    }
    parameters: {
    }
  }
}

We just need to add below Diagnostic Settings under it.

resource resource_logicapp_diagnosticsettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  scope: resource_logicapp
  name: logicAppName
  properties: {
    workspaceId: logAnalyticsWorkspaceId
    logs: [
      {
        categoryGroup: 'allLogs'
        enabled: true
        retentionPolicy: {
          enabled: true
          days: 90
        }
      }
    ]
    metrics: [
      {
        category: 'AllMetrics'
        enabled: true
      }
    ]
  }
}

There are four points to pay attention here:
1. Scope: This is a reference to the resource that you want to connect.
2. Name: This is the resource name that we want to connect to the Log Analytics Workspace.
3. WorkspaceId: This is the Log Analytics Workspace Id.
4. Logs / metrics: This is what we want to log. Each resource has different types of log. You will need to go see the resource and figure out what is available for each resource. We can use allLogs or AllMetrics to record all types of log and metric.

When we deploy the bicep, the Diagnostic Settings will be added automatically.

thatnavguy

Experienced NZ-based NAV Developer and Consultant with 15+ years of experience leading multiple IT projects, performing business analyst, developing, implementing, and upgrading Dynamics NAV and Business Central. Passionate to deliver solution that focuses on user-friendly interface while keeping high standard of compliance with the needs.

You may also like...

2 Responses

  1. Nina says:

    How can we enable diagnostic setting in Azure active directory via Bicep code. Also is it possible to use service principle authentication to enable diagnostic setting via bicep code using devops pipeline.

    • thatnavguy says:

      Hi Nina,

      The post is about enabling diagnostic setting using Bicep.
      resource_logicapp_diagnosticsettings is the code needed for diagnostic setting.
      You should be able to use service principle authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *