I want to collect Azure web application firewall logs and represent them in the Grafana dashboard. I tried doing it using the Azure Monitor plugin but couldn’t get logs. How to do it? Can anyone help?
I’m hoping you found the answer by now. Anyway, it could be useful for others to know the following query. It can be used with the Azure Monitor data source, in a Table panel using the Azure Log Analytics service:
| where ResourceProvider == “MICROSOFT.NETWORK” and Category == “ApplicationGatewayFirewallLog” and $__timeFilter()
| project timeStamp_t, action_s, hostname_s, requestUri_s, Message, details_message_s, details_data_s, clientIp_s, clientPort_s, ruleSetVersion_s, ruleId_s, details_file_s, details_line_s, transactionId_g
Note, the logs need to be enabled on Azure’s side to be available.