Fix warnings and reorg metrics sections.

Author: TimShererWithAquent

articles/application-gateway/monitor-application-gateway-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Monitoring data reference for Azure Application Gateway
 description: This article contains important reference material you need when you monitor Azure Application Gateway.
-ms.date: 06/04/2024
+ms.date: 06/17/2024
 ms.custom: horz-monitor, subject-monitoring
 ms.topic: reference
 author: greg-lindsay
@@ -25,19 +25,21 @@ The following table lists the all metrics available for the Microsoft.Network/ap
 
 [!INCLUDE[Microsoft.Network/applicationgateways](~/reusable-content/ce-skilling/azure/includes/azure-monitor/reference/metrics/microsoft-network-applicationgateways-metrics-include.md)]
 
-### Timing metrics
+For available Web Application Firewall (WAF) metrics, see [Application Gateway WAF v2 metrics](../web-application-firewall/ag/application-gateway-waf-metrics.md#application-gateway-waf-v2-metrics) and [Application Gateway WAF v1 metrics](../web-application-firewall/ag/application-gateway-waf-metrics.md#application-gateway-waf-v1-metrics).
 
-Application Gateway provides many built‑in timing metrics related to the request and response, which are all measured in milliseconds. What follows is an expanded description of the timing metrics already listed in the previous metrics table [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
+### Timing metrics for Application Gateway v2 SKU
+
+Application Gateway v2 SKU provides many built‑in timing metrics related to the request and response, which are all measured in milliseconds. What follows is expanded descriptions of the timing metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 - **Backend connect time**. This value includes the network latency and the time taken by the backend server's TCP stack to establish new connections. For TLS, it also includes the time spent on handshake.
 - **Backend first byte response time**. This value approximates the sum of *Backend connect time*, time taken by the request to reach the backend from Application Gateway, time taken by backend application to respond, which is the time the server takes to generate content and potentially fetch database queries, and the time taken by first byte of the response to reach the Application Gateway from the backend.
 - **Backend last byte response time**. This value approximates the sum of backend first byte response time and data transfer time. This number varies greatly depending on the size of objects requested and the latency of the server network.
 - **Application gateway total time**. This interval is the time from Application Gateway receives the first byte of the HTTP request to the time when the last response byte was sent to the client.
 - **Client RTT**. Average round-trip time between clients and Application Gateway.
 
-### Application Gateway metrics
+### Metrics for Application Gateway v2 SKU
 
-For Application Gateway, the following metrics are available. For details, see the [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
+For Application Gateway v2 SKU, the following metrics are available. What follows is expanded descriptions of the metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 - **Bytes received**. This metric accounts for only the Request content size observed by the Application Gateway. It doesn't include data transfers such as TLS header negotiations, TCP/IP packet headers, or retransmissions.
 - **Bytes sent**. This metric accounts for only the Response Content size served by the Application Gateway. It doesn't include data transfers such as TCP/IP packet headers or retransmissions.
@@ -53,18 +55,18 @@ For Application Gateway, the following metrics are available. For details, see t
 - **Throughput**. This metric accounts for only the Content size served by the Application Gateway. It doesn't include data transfers such as TLS header negotiations, TCP/IP packet headers, or retransmissions.
 - **Total Requests**. Successful requests that Application Gateway served. The request count can be filtered to show count per each/specific backend pool-http setting combination.
 
-### Backend metrics
+### Backend metrics for Application Gateway v2 SKU
 
-The following backend metrics are available. What follows is a list and expanded descriptions of the backend metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
+For Application Gateway v2 SKU, the following backend metrics are available. What follows is expanded descriptions of the backend metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 - **Backend response status**. Count of HTTP response status codes returned by the backends, not including any response codes generated by the Application Gateway. The response status code distribution can be categorized to show responses in 2xx, 3xx, 4xx, and 5xx categories.|
 - **Healthy host count**. The number of hosts that are determined healthy by the health probe. You can filter on a per backend pool basis to show the number of healthy hosts in a specific backend pool.
 - **Unhealthy host count**. The number of hosts that are determined unhealthy by the health probe. You can filter on a per backend pool basis to show the number of unhealthy hosts in a specific backend pool.
 - **Requests per minute per Healthy Host**. The average number of requests received by each healthy member in a backend pool in a minute. Specify the backend pool using the *BackendPool HttpSettings* dimension.
 
-### Application Gateway metrics for Application Gateway V1 SKU
+### Metrics for Application Gateway v1 SKU
 
-For Application Gateway V1 SKU, the following metrics are available:
+For Application Gateway v1 SKU, the following metrics are available. What follows is expanded descriptions of the metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 - **CPU Utilization**. Displays the utilization of the CPUs allocated to the Application Gateway.  Under normal conditions, CPU usage should not regularly exceed 90%, as this may cause latency in the websites hosted behind the Application Gateway and disrupt the client experience. You can indirectly control or improve CPU utilization by modifying the configuration of the Application Gateway by increasing the instance count or by moving to a larger SKU size, or doing both.
 
@@ -78,9 +80,9 @@ For Application Gateway V1 SKU, the following metrics are available:
 
 - **Total Requests**. Count of successful requests that Application Gateway has served. The request count can be further filtered to show count per each/specific backend pool-http setting combination.
 
-### Backend metrics for Application Gateway V1 SKU
+### Backend metrics for Application Gateway v1 SKU
 
-The following metrics are available:
+For Application Gateway v1 SKU, the following backend metrics are available. What follows is expanded descriptions of the backend metrics already listed in the previous [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 - **Healthy host count**. The number of backends that are determined healthy by the health probe. You can filter on a per backend pool basis to show the number of healthy hosts in a specific backend pool.
 
@@ -105,13 +107,9 @@ GET
 https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/locations/region-name/operationResults/GUID?api-version=2021-08-01
 ```
 
-### Application Gateway TLS/TCP proxy monitoring
-
-Application Gateway supports TLS/TCP proxy monitoring.
-
-#### TLS/TCP proxy metrics
+### TLS/TCP proxy metrics
 
-With layer 4 proxy feature now available with Application Gateway, there are some Common metrics that apply to both layer 7 and layer 4. There are some layer 4 specific metrics. The following list summarizes the metrics are the applicable for layer 4 usage.
+Application Gateway supports TLS/TCP proxy monitoring. With layer 4 proxy feature now available with Application Gateway, there are some Common metrics that apply to both layer 7 and layer 4. There are some layer 4 specific metrics. The following list summarizes the metrics are the applicable for layer 4 usage.
 
 - Current Connections
 - New Connections per second
@@ -122,70 +120,19 @@ With layer 4 proxy feature now available with Application Gateway, there are som
 - Backend Connect Time
 - Backend First Byte Response Time. `BackendHttpSetting` dimension includes both layer 7 and layer 4 backend settings.
 
-See [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways) for details.
+For more information, see previous descriptions and the [metrics table](#supported-metrics-for-microsoftnetworkapplicationgateways).
 
 These metrics apply to layer 4 only.
 
 - **Backend Session Duration**. The total time of a backend connection. The average time duration from the start of a new connection to its termination. `BackendHttpSetting` dimension includes both layer 7 and layer 4 backend settings.
 - **Connection Lifetime**. The total time of a client connection to application gateway. The average time duration from the start of a new connection to its termination in milliseconds.
 
-#### TLS/TCP proxy logs
-
-Application Gateway’s Layer 4 proxy provides log data through access logs. These logs are only generated and published if they are configured in the diagnostic settings of your gateway. Also see: [Supported categories for Azure Monitor resource logs](/azure/azure-monitor/essentials/resource-logs-categories#microsoftnetworkapplicationgateways).
-
-> [!NOTE]
-> The columns with Mutual Authentication details for a TLS listener are currently available only through the [AzureDiagnostics table](/azure/azure-monitor/reference/tables/azurediagnostics).
-
-| Category | Resource log category |
-|:--------------|:----------------------------------------------------------------------|
-| ResourceGroup | The resource group to which the application gateway resource belongs. |
-| SubscriptionId |The subscription ID of the application gateway resource. |
-| ResourceProvider |This value is MICROSOFT.NETWORK for application gateway. |
-| Resource |The name of the application gateway resource. |
-| ResourceType |This value is APPLICATIONGATEWAYS. |
-| ruleName |The name of the routing rule that served the connection request. |
-| instanceId |Application Gateway instance that served the request. |
-| clientIP |Originating IP for the request. |
-| receivedBytes |Data received from client to gateway, in bytes. |
-| sentBytes |Data sent from gateway to client, in bytes. |
-| listenerName |The name of the listener that established the frontend connection with client. |
-| backendSettingName |The name of the backend setting used for the backend connection. |
-| backendPoolName |The name of the backend pool from which a target server was selected to establish the backend connection. |
-| protocol |TCP (Irrespective of it being TCP or TLS, the protocol value is always TCP). |
-| sessionTime |session duration, in seconds (this value is for the client->appgw session) |
-| upstreamSentBytes |Data sent to backend server, in bytes. |
-| upstreamReceivedBytes |Data received from backend server, in bytes. |
-| upstreamSessionTime |session duration, in seconds (this value is for the appgw->backend session) |
-| sslCipher |Cipher suite being used for TLS communication (for TLS protocol listeners). |
-| sslProtocol |SSL/TLS protocol being used (for TLS protocol listeners). |
-| serverRouted |The backend server IP and port number to which the traffic was routed. |
-| serverStatus |200 - session completed successfully. 400 - client data couldn't be parsed. 500 - internal server error. 502 - bad gateway. For example, when an upstream server couldn't be reached. 503 - service unavailable. For example, if access is limited by the number of connections. |
-| ResourceId |Application Gateway resource URI |
-
 ### TLS/TCP proxy backend health
 
 Application Gateway's layer 4 proxy provides the capability to monitor the health of individual members of the backend pools through the portal and REST API.
 
 :::image type="content" source="./media/monitor-application-gateway-reference/backend-health.png" alt-text="Screenshot shows health for individual members of backend pools.":::
 
-### Application Gateway v1 metrics
-
-The following descriptions apply to metrics collected when you are running an Application Gateway v1 instance.
-
-| Metric | Unit | Description|
-|:-------|:-----|:------------|
-|**CPU Utilization**|Percent|Displays the CPU usage allocated to the Application Gateway. Under normal conditions, CPU usage shouldn't regularly exceed 90%, because this situation might cause latency in the websites hosted behind the Application Gateway and disrupt the client experience. You can indirectly control or improve CPU usage by modifying the configuration of the Application Gateway by increasing the instance count or by moving to a larger SKU size, or doing both.|
-|**Current connections**|Count|Count of current connections established with Application Gateway.|
-|**Failed Requests**|Count|Number of requests that failed because of connection issues. This count includes requests that failed due to exceeding the *Request time-out* HTTP setting and requests that failed due to connection issues between Application Gateway and the backend. This count doesn't include failures due to no healthy backend being available. 4xx and 5xx responses from the backend are also not considered as part of this metric.|
-|**Response Status**|Status code|HTTP response status returned by Application Gateway. The response status code distribution can be further categorized to show responses in 2xx, 3xx, 4xx, and 5xx categories.|
-|**Throughput**|Bytes/sec|Number of bytes per second the Application Gateway served.|
-|**Total Requests**|Count|Count of successful requests that Application Gateway served. The request count can be further filtered to show count per each/specific backend pool-http setting combination.|
-|**Web Application Firewall Blocked Requests Count**|Count|Number of requests blocked by WAF.|
-|**Web Application Firewall Blocked Requests Distribution**|Count|Number of requests blocked by WAF filtered to show count per each/specific WAF rule group or WAF rule ID combination.|
-|**Web Application Firewall Total Rule Distribution**|Count|Number of requests received per each specific WAF rule group or WAF rule ID combination.|
-
-For more information, see a list of [all platform metrics supported in Azure Monitor](../azure-monitor/essentials/metrics-supported.md).
-
 [!INCLUDE [horz-monitor-ref-metrics-dimensions-intro](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-metrics-dimensions-intro.md)]
 
 [!INCLUDE [horz-monitor-ref-metrics-dimensions](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-metrics-dimensions.md)]
@@ -508,6 +455,40 @@ Azure Application Gateway uses the [Azure Diagnostics](/azure/azure-monitor/refe
 - [AGWFirewallLogs](/azure/azure-monitor/reference/tables/agwfirewalllogs#columns)
 - [AzureDiagnostics](/azure/azure-monitor/reference/tables/azurediagnostics#columns)
 
+### TLS/TCP proxy logs
+
+Application Gateway's Layer 4 proxy provides log data through access logs. These logs are only generated and published if they are configured in the diagnostic settings of your gateway. Also see: [Supported categories for Azure Monitor resource logs](/azure/azure-monitor/essentials/resource-logs-categories#microsoftnetworkapplicationgateways).
+
+> [!NOTE]
+> The columns with Mutual Authentication details for a TLS listener are currently available only through the [AzureDiagnostics table](/azure/azure-monitor/reference/tables/azurediagnostics).
+
+| Category | Resource log category |
+|:--------------|:----------------------------------------------------------------------|
+| ResourceGroup | The resource group to which the application gateway resource belongs. |
+| SubscriptionId |The subscription ID of the application gateway resource. |
+| ResourceProvider |This value is MICROSOFT.NETWORK for application gateway. |
+| Resource |The name of the application gateway resource. |
+| ResourceType |This value is APPLICATIONGATEWAYS. |
+| ruleName |The name of the routing rule that served the connection request. |
+| instanceId |Application Gateway instance that served the request. |
+| clientIP |Originating IP for the request. |
+| receivedBytes |Data received from client to gateway, in bytes. |
+| sentBytes |Data sent from gateway to client, in bytes. |
+| listenerName |The name of the listener that established the frontend connection with client. |
+| backendSettingName |The name of the backend setting used for the backend connection. |
+| backendPoolName |The name of the backend pool from which a target server was selected to establish the backend connection. |
+| protocol |TCP (Irrespective of it being TCP or TLS, the protocol value is always TCP). |
+| sessionTime |session duration, in seconds (this value is for the client->appgw session) |
+| upstreamSentBytes |Data sent to backend server, in bytes. |
+| upstreamReceivedBytes |Data received from backend server, in bytes. |
+| upstreamSessionTime |session duration, in seconds (this value is for the appgw->backend session) |
+| sslCipher |Cipher suite being used for TLS communication (for TLS protocol listeners). |
+| sslProtocol |SSL/TLS protocol being used (for TLS protocol listeners). |
+| serverRouted |The backend server IP and port number to which the traffic was routed. |
+| serverStatus |200 - session completed successfully. 400 - client data couldn't be parsed. 500 - internal server error. 502 - bad gateway. For example, when an upstream server couldn't be reached. 503 - service unavailable. For example, if access is limited by the number of connections. |
+| ResourceId |Application Gateway resource URI |
+
+
 [!INCLUDE [horz-monitor-ref-activity-log](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-ref-activity-log.md)]
 
 - [applicationGateways resource provider operations](/azure/role-based-access-control/resource-provider-operations#networking)

articles/application-gateway/monitor-application-gateway.md

@@ -55,6 +55,8 @@ The **Overview** page in the Azure portal for each Application Gateway includes
 
 For a list of available metrics for Azure Application Gateway, see [Application Gateway monitoring data reference](monitor-application-gateway-reference.md#metrics).
 
+For available Web Application Firewall (WAF) metrics, see [Application Gateway WAF v2 metrics](../web-application-firewall/ag/application-gateway-waf-metrics.md#application-gateway-waf-v2-metrics) and [Application Gateway WAF v1 metrics](../web-application-firewall/ag/application-gateway-waf-metrics.md#application-gateway-waf-v1-metrics).
+
 [!INCLUDE [horz-monitor-resource-logs](~/reusable-content/ce-skilling/azure/includes/azure-monitor/horizontals/horz-monitor-resource-logs.md)]
 
 Data in Azure Monitor Logs is stored in tables where each table has its own set of unique properties.  

articles/application-gateway/mutual-authentication-overview.md

@@ -114,7 +114,7 @@ Azure portal support is currently not available.
 
 ---
 
-To verify OCSP revocation status has been evaluated for the client request, [access logs](monitor-application-gateway-reference.md#access-log) will contain a property called "sslClientVerify", with the status of the OCSP response.
+To verify OCSP revocation status has been evaluated for the client request, [access logs](monitor-application-gateway-reference.md#access-log-category) will contain a property called "sslClientVerify", with the status of the OCSP response.
 
 It is critical that the OCSP responder is highly available and network connectivity between Application Gateway and the responder is possible. In the event Application Gateway is unable to resolve the fully qualified domain name (FQDN) of the defined responder or network connectivity is blocked to/from the responder, certificate revocation status will fail and Application Gateway will return a 400 HTTP response to the requesting client.