Updates as per conversations with Francis

Author: normesta

.openpublishing.redirection.json

@@ -40727,9 +40727,14 @@
     },
     {
       "source_path": "articles/storage/common/storage-enable-and-view-metrics.md",
-      "redirect_url": "/azure/storage/common/storage-metrics-in-azure-monitor",
+      "redirect_url": "/azure/storage/common/monitor-storage",
       "redirect_document_id": true
     },
+    {
+      "source_path": "articles/storage/common/storage-metrics-in-azure-monitor.md",
+      "redirect_url": "/azure/storage/common/monitor-storage",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/azure-stack/partner/azure-stack-vaas-set-up-account.md",
       "redirect_url": "/azure/azure-stack/partner/azure-stack-vaas-set-up-resources",

articles/storage/blobs/storage-blob-scalable-app-verify-metrics.md

@@ -19,7 +19,7 @@ In part four of the series, you learn how to:
 > * Configure charts in the Azure portal
 > * Verify throughput and latency metrics
 
-[Azure storage metrics](../common/storage-metrics-in-azure-monitor.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) uses Azure monitor to provide a unified view into the performance and availability of your storage account.
+[Azure storage metrics](../common/monitor-storage.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) uses Azure monitor to provide a unified view into the performance and availability of your storage account.
 
 ## Configure metrics
 
@@ -47,7 +47,7 @@ Charts can have more than one metric assigned to them, but assigning more than o
 
 ## Dimensions
 
-[Dimensions](../common/storage-metrics-in-azure-monitor.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#metrics-dimensions) are used to look deeper into the charts and get more detailed information. Different metrics have different dimensions. One dimension that is available is the **API name** dimension. This dimension breaks out the chart into each separate API call. The first image below shows an example chart of total transactions for a storage account. The second image shows the same chart but with the API name dimension selected. As you can see, each transaction is listed giving more details into how many calls were made by API name.
+[Dimensions](../common/monitor-storage-reference.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#metrics-dimensions) are used to look deeper into the charts and get more detailed information. Different metrics have different dimensions. One dimension that is available is the **API name** dimension. This dimension breaks out the chart into each separate API call. The first image below shows an example chart of total transactions for a storage account. The second image shows the same chart but with the API name dimension selected. As you can see, each transaction is listed giving more details into how many calls were made by API name.
 
 ![Storage account metrics - transactions without a dimension](./media/storage-blob-scalable-app-verify-metrics/transactionsnodimensions.png)
 

articles/storage/common/monitor-storage-reference.md

@@ -78,6 +78,8 @@ Azure Storage provides the following transaction metrics in Azure Monitor.
 | SuccessE2ELatency | The average end-to-end latency of successful requests made to a storage service or the specified API operation. This value includes the required processing time within Azure Storage to read the request, send the response, and receive acknowledgment of the response. <br/><br/> Unit: Milliseconds <br/> Aggregation Type: Average <br/> Applicable dimensions: GeoType, ApiName, and Authentication ([Definition](#metrics-dimensions)) <br/> Value example: 1024 |
 | Availability | The percentage of availability for the storage service or the specified API operation. Availability is calculated by taking the total billable requests value and dividing it by the number of applicable requests, including those requests that produced unexpected errors. All unexpected errors result in reduced availability for the storage service or the specified API operation. <br/><br/> Unit: Percent <br/> Aggregation Type: Average <br/> Applicable dimensions: GeoType, ApiName, and Authentication ([Definition](#metrics-dimensions)) <br/> Value example: 99.99 |
 
+<a id="metrics-dimensions" />
+
 ## Metrics dimensions
 
 Azure Storage supports following dimensions for metrics in Azure Monitor.
@@ -102,7 +104,23 @@ The following table lists the properties for Azure Storage resource logs when th
 
 ### Fields that describe the operation
 
-The following table contains properties that describe the operation.
+```json
+{
+    "time": "2019-02-28T19:10:21.2123117Z",
+    "resourceId": "/subscriptions/12345678-2222-3333-4444-555555555555/resourceGroups/mytestrp/providers/Microsoft.Storage/storageAccounts/testaccount1/blobServices/default",
+    "category": "StorageWrite",
+    "operationName": "PutBlob",
+    "operationVersion": "2017-04-17",
+    "schemaVersion": "1.0",
+    "statusCode": 201,
+    "statusText": "Success",
+    "durationMs": 5,
+    "callerIpAddress": "192.168.0.1:11111",
+    "correlationId": "ad881411-201e-004e-1c99-cfd67d000000",
+    "location": "uswestcentral",
+    "uri": "http://mystorageaccount.blob.core.windows.net/cont1/blobname?timeout=10"
+}
+```
 
 | Property | Description |
 |:--- |:---|
@@ -123,7 +141,34 @@ The following table contains properties that describe the operation.
 
 ### Fields that describe how the operation was authenticated
 
-The following table contains properties that describe the operation.
+```json
+{
+    "identity": {
+        "authorization": [
+            {
+                "action": "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
+                "principals": [
+                    {
+                        "id": "fde5ba15-4355-4223-b811-cccccccccccc",
+                        "type": "User"
+                    }
+                ],
+                "roleAssignmentId": "ecf75cb8-491c-4a25-ad6e-aaaaaaaaaaaa",
+                "roleDefinitionId": "b7e6dc6d-f1e8-4753-8033-ffffffffffff"
+            }
+        ],
+        "requester": {
+            "appId": "691458b9-1327-4635-9f55-bbbbbbbbbbbb",
+            "audience": "https://storage.azure.com/",
+            "objectId": "fde5ba15-4355-4223-b811-cccccccccccc",
+            "tenantId": "72f988bf-86f1-41af-91ab-dddddddddddd",
+            "tokenIssuer": "https://sts.windows.net/72f988bf-86f1-41af-91ab-eeeeeeeeeeee/"
+           },
+        "type": "OAuth"
+    },
+}
+
+```
 
 | Property | Description |
 |:--- |:---|
@@ -144,7 +189,41 @@ The following table contains properties that describe the operation.
 
 ### Fields that describe the service
 
-The following table contains properties that describe the operation.
+```json
+{
+    "properties": {
+        "accountName": "testaccount1",
+        "requestUrl": "https://testaccount1.blob.core.windows.net:443/upload?restype=container&comp=list&prefix=&delimiter=%2F&marker=&maxresults=30&include=metadata&_=1551405598426",
+        "userAgentHeader": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134",
+        "referrerHeader": "blob:https://ms.portal.azure.com/6f50025f-3b88-488d-b29e-3c592a31ddc9",
+        "clientRequestId": "",
+        "etag": "",
+        "serverLatencyMs": 63,
+        "serviceType": "blob",
+        "operationCount": 0,
+        "requestHeaderSize": 2658,
+        "requestBodySize": 0,
+        "responseHeaderSize": 295,
+        "responseBodySize": 2018,
+        "contentLengthHeader": 0,
+        "requestMd5": "",
+        "serverMd5": "",
+        "lastModifiedTime": "",
+        "conditionsUsed": "",
+        "smbTreeConnectID" : "0x3",
+        "smbPersistentHandleID" : "0x6003f",
+        "smbVolatileHandleID" : "0xFFFFFFFF00000065",
+        "smbMessageID" : "0x3b165",
+        "smbCreditsConsumed" : "0x3",
+        "smbCommandDetail" : "0x2000 bytes at offset 0xf2000",
+        "smbFileId" : " 0x9223442405598953",
+        "smbSessionID" : "0x8530280128000049",
+        "smbCommandMajor" : "0x6",
+        "smbCommandMinor" : "DirectoryCloseAndDelete"
+    }
+
+}
+```
 
 | Property | Description |
 |:--- |:---|

articles/storage/common/monitor-storage.md

@@ -66,7 +66,7 @@ Log entries are created only if there are requests made against the service endp
 - Timeout errors for both client and server
 - Failed GET requests with error code 304 (Not Modified)
 
-  All other failed anonymous requests are not logged. A full list of the logged data is documented in the [Storage Logged Operations and Status Messages](/rest/api/storageservices/storage-analytics-logged-operations-and-status-messages) and [Storage Log Format](/rest/api/storageservices/storage-analytics-log-format) topics.
+All other failed anonymous requests are not logged. A full list of the logged data is documented in the [Storage Logged Operations and Status Messages](/rest/api/storageservices/storage-analytics-logged-operations-and-status-messages) and [Storage Log Format](/rest/api/storageservices/storage-analytics-log-format) topics.
 
 ## Configuration
 
@@ -120,21 +120,19 @@ You can list the metric definition of your storage account, or the individual st
 
 In this example, replace the `<resource-ID>` placeholder with the resource ID of the entire storage account, or the resource ID of an individual storage service such as the as the blob, file, table or queue service. You can find these resource IDs in the **Properties** pages of your storage account on the Azure portal.
 
-  ```powershell
-    $resourceId = "<resource-ID>"
-    Get-AzMetricDefinition -ResourceId $resourceId
-  ```
+```powershell
+   $resourceId = "<resource-ID>"
+   Get-AzMetricDefinition -ResourceId $resourceId
+```
 
 #### Read metric values
 
 You can read account-level metric values of your storage account, or the individual storage service such as the blob, file, table or queue service. Use the [Get-AzMetric](https://docs.microsoft.com/powershell/module/Az.Monitor/Get-AzMetric?view=azps-3.3.0) cmdlet.
 
-In this example, replace the `<resource-ID>` placeholder with the resource ID of the entire storage account, or the resource ID of an individual storage service such as the as the blob, file, table or queue service. You can find these resource IDs in the **Properties** pages of your storage account on the Azure portal.
-
-  ```powershell
-    $resourceId = "<resource-ID>"
-    Get-AzMetric -ResourceId $resourceId -MetricNames "UsedCapacity" -TimeGrain 01:00:00
-  ```
+```powershell
+   $resourceId = "<resource-ID>"
+   Get-AzMetric -ResourceId $resourceId -MetricNames "UsedCapacity" -TimeGrain 01:00:00
+```
 
 ### [Azure CLI](#tab/azure-cli)
 
@@ -151,8 +149,6 @@ In this example, replace the `<resource-ID>` placeholder with the resource ID of
 #### Read account-level metric values
 
 You can read the metric values of your storage account, or the individual storage service such as the blob, file, table or queue service. Use the [az monitor metrics list](https://docs.microsoft.com/cli/azure/monitor/metrics?view=azure-cli-latest#az-monitor-metrics-list) command.
- 
-In this example, replace the `<resource-ID>` placeholder with the resource ID of the entire storage account, or the resource ID of an individual storage service such as the as the blob, file, table or queue service. You can find these resource IDs in the **Properties** pages of your storage account on the Azure portal.
 
 ```azurecli-interactive
    az monitor metrics list --resource <resource-ID> --metric "UsedCapacity" --interval PT1H
@@ -302,10 +298,38 @@ The following example shows how to read metric data on the metric supporting mul
 
 ## Analyzing log data
 
+You can access Resource logs either as a blob in a storage account, as event data, or through Log Analytic queries.
+
+See [Azure Storage monitoring data reference](monitor-storage-reference.md) for a detailed reference of the fields that appear in these logs.
+
 > [!NOTE]
 > Azure Storage logs in Azure Monitor is in public preview, and is available for preview testing in all public cloud regions. To enroll in the preview, see [this page](https://www.microsoft.com).  This preview enables logs for blobs (including Azure Data Lake Storage Gen2), files, queues, tables, premium storage accounts in general-purpose v1 and general-purpose v2 storage accounts. Classic storage accounts are not supported.
 
-Data in Azure Monitor Logs is stored in tables. Azure Storage stores data in the following tables.
+### Access logs in a storage account
+
+Logs appear as blobs stored to a container in the target storage account. Data is collected and stored inside a single blob as a line delimited JSON payload. The name of the blob follows the following naming convention:
+
+`https://<destination-storage-account>.blob.core.windows.net/insights-logs-<storage-operation>/resourceId=/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.Storage/storageAccounts/<source-storage-account>/blobServices/default/y=<year>/m=<month>/d=<day>/h=<hour>/m=<minute>/PT1H.json`
+
+Here's an example:
+
+`https://mylogstorageaccount.blob.core.windows.net/insights-logs-storagewrite/resourceId=/subscriptions/`<br>`208841be-a4v3-4234-9450-08b90c09f4/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount/blobServices/default/y=2019/m=07/d=30/h=23/m=12/PT1H.json`
+
+### Access logs in Event hub
+
+Logs sent to an event hub aren't stored as a file, but you can verify that the event hub received the log information. In the Azure portal, navigate to your event hub, and then verify that the **incoming messages** count is greater than zero. 
+
+![Audit logs](media/storage-logs-in-azure-monitor/event-hub-log.png)
+
+You can access and read log data that is sent to your event hub by using security information and event management and monitoring tools. For more information, see [What can I do with the monitoring data being sent to my event hub?](https://docs.microsoft.com/azure/azure-monitor/platform/stream-monitoring-data-event-hubs#what-can-i-do-with-the-monitoring-data-being-sent-to-my-event-hub).
+
+### Access logs in Log Analytics workspace
+
+You can access logs sent to a Log Analytics workspace, by using Azure Monitor log queries.
+
+See [Get started with Log Analytics in Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/log-query/get-started-portal).
+
+Data is stored in the following tables.
 
 | Table | Description |
 |:---|:---|
@@ -314,8 +338,6 @@ Data in Azure Monitor Logs is stored in tables. Azure Storage stores data in the
 |StorageQueueLogs | Logs that describe activity in queues.|
 |StorageTableLogs| Logs that describe activity in tables.|
 
-See [Azure Storage monitoring data reference](monitor-storage-reference.md) for a detailed reference of the fields that appear in these logs.
-
 ### Azure Storage Log Analytics queries in Azure Monitor
 
 Here are some queries that you can enter into the **Log search** search bar to help you monitor your Azure Storage accounts. These queries work with the [new language](https://docs.microsoft.com/azure/azure-monitor/log-query/log-query-overview).
@@ -368,6 +390,11 @@ Following are queries that you can use to help you monitor your Azure Storage ac
     | sort by count_ desc 
     | render piechart
     ```
+## FAQ
+
+**Does Azure Storage support metrics for Managed Disks or Unmanaged Disks?**
+
+No, Azure Compute supports the metrics on disks. See [article](https://azure.microsoft.com/blog/per-disk-metrics-managed-disks/) for more details.
 
 ## Next steps
 

articles/storage/common/storage-analytics-metrics.md

@@ -17,7 +17,7 @@ Storage Analytics can store metrics that include aggregated transaction statisti
 
 > [!NOTE]
 > Storage Analytics metrics are available for the Blob, Queue, Table, and File services.
-> Storage Analytics metrics are now Classic metrics. Microsoft recommends using [Storage Metrics in Azure Monitor](storage-metrics-in-azure-monitor.md) instead of Storage Analytics metrics.
+> Storage Analytics metrics are now Classic metrics. Microsoft recommends using [Storage Metrics in Azure Monitor](monitor-storage.md) instead of Storage Analytics metrics.
 
 ## Transaction metrics  
  A robust set of data is recorded at hourly or minute intervals for each storage service and requested API operation, including ingress/egress, availability, errors, and categorized request percentages. You can see a complete list of the transaction details in the [Storage Analytics Metrics Table Schema](/rest/api/storageservices/storage-analytics-metrics-table-schema) topic.  

articles/storage/common/storage-sas-overview.md

@@ -111,7 +111,7 @@ The following recommendations for using shared access signatures can help mitiga
 - **Understand that your account will be billed for any usage, including via a SAS.** If you provide write access to a blob, a user may choose to upload a 200 GB blob. If you've given them read access as well, they may choose to download it 10 times, incurring 2 TB in egress costs for you. Again, provide limited permissions to help mitigate the potential actions of malicious users. Use short-lived SAS to reduce this threat (but be mindful of clock skew on the end time).
 - **Validate data written using a SAS.** When a client application writes data to your storage account, keep in mind that there can be problems with that data. If your application requires that data be validated or authorized before it is ready to use, you should perform this validation after the data is written and before it is used by your application. This practice also protects against corrupt or malicious data being written to your account, either by a user who properly acquired the SAS, or by a user exploiting a leaked SAS.
 - **Know when not to use a SAS.** Sometimes the risks associated with a particular operation against your storage account outweigh the benefits of using a SAS. For such operations, create a middle-tier service that writes to your storage account after performing business rule validation, authentication, and auditing. Also, sometimes it's simpler to manage access in other ways. For example, if you want to make all blobs in a container publicly readable, you can make the container Public, rather than providing a SAS to every client for access.
-- **Use Azure Monitor and Azure Storage logs to monitor your application.** You can use Azure Monitor and storage analytics logging to observe any spike in authorization failures due to an outage in your SAS provider service or to the inadvertent removal of a stored access policy. For more information, see [Azure Storage metrics in Azure Monitor](storage-metrics-in-azure-monitor.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) and [Azure Storage Analytics logging](storage-analytics-logging.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json).
+- **Use Azure Monitor and Azure Storage logs to monitor your application.** You can use Azure Monitor and storage analytics logging to observe any spike in authorization failures due to an outage in your SAS provider service or to the inadvertent removal of a stored access policy. For more information, see [Azure Storage metrics in Azure Monitor](monitor-storage.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json) and [Azure Storage Analytics logging](storage-analytics-logging.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json).
 
 ## Get started with SAS