Add Logstash dictionary of LocalizedValue fields for operationName values #2
Description
Enrich data by including a Logstash dictionary of LocalizedValue fields for operationName as they are not supplied by the Azure Log streaming system and they will make the logs more readable.
e.g.
"operationName": {
"value": "Microsoft.Resourcehealth/healthevent/Activated/action",
"localizedValue": "Health Event Activated"
},
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema
Event Hub Explorer was showing no LocalizedValues are being streamed to Event Hub, so unless MS add them as additional fields in the future the only other option for readable operation names is a manually maintained dictionary file in Logstash.
Example operationNames used in a 48hr period:
operationName.keyword Count
MICROSOFT.STORAGE/STORAGEACCOUNTS/LISTKEYS/ACTION
2.87 K
MICROSOFT.AUTHORIZATION/POLICIES/AUDIT/ACTION 2.35 K
MICROSOFT.APIMANAGEMENT/SERVICE/GETSSOTOKEN/ACTION 2.19 K
MICROSOFT.APIMANAGEMENT/SERVICE/USERS/TOKEN/ACTION 2.18 K
Microsoft.Resourcehealth/healthevent/Updated/action 441.00
MICROSOFT.COMPUTE/VIRTUALMACHINES/DEALLOCATE/ACTION 323.00
MICROSOFT.COMPUTE/VIRTUALMACHINES/START/ACTION 204.00
MICROSOFT.INSIGHTS/ALERTRULES/DELETE 138.00
Microsoft.Resourcehealth/healthevent/Activated/action 112.00
MICROSOFT.WEB/SERVERFARMS/WRITE 111.00
Microsoft.Resourcehealth/healthevent/Resolved/action 109.00
MICROSOFT.APIMANAGEMENT/SERVICE/APIS/OPERATIONS/WRITE 86.00
MICROSOFT.ALERTSMANAGEMENT/SMARTDETECTORALERTRULES/WRITE 48.00
MICROSOFT.AUTHORIZATION/LOCKS/WRITE 38.00
MICROSOFT.DOCUMENTDB/DATABASEACCOUNTS/LISTKEYS/ACTION 38.00
Microsoft.Insights/AutoscaleSettings/Scaledown/Action 38.00
MICROSOFT.APIMANAGEMENT/SERVICE/APIS/OPERATIONS/POLICIES/WRITE 36.00
MICROSOFT.APIMANAGEMENT/SERVICE/PRODUCTS/APIS/WRITE 36.00
Microsoft.Insights/AutoscaleSettings/Scaleup/Action 36.00
MICROSOFT.COMPUTE/RESTOREPOINTCOLLECTIONS/RESTOREPOINTS/RETRIEVESASURIS/ACTION 32.00
MICROSOFT.STORAGE/STORAGEACCOUNTS/LISTACCOUNTSAS/ACTION 32.00
MICROSOFT.COMPUTE/RESTOREPOINTCOLLECTIONS/RESTOREPOINTS/DELETE 23.00
MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/LISTCLUSTERUSERCREDENTIAL/ACTION 22.00
MICROSOFT.INSIGHTS/METRICALERTS/WRITE 22.00
MICROSOFT.COMPUTE/DISKS/WRITE 18.00
MICROSOFT.COMPUTE/RESTOREPOINTCOLLECTIONS/RESTOREPOINTS/WRITE 18.00
MICROSOFT.DOCUMENTDB/DATABASEACCOUNTS/BACKUP/ACTION 18.00
Microsoft.Insights/AutoscaleSettings/ScaledownResult/Action 18.00
Microsoft.Insights/AutoscaleSettings/ScaleupResult/Action 18.00
MICROSOFT.COMPUTE/VIRTUALMACHINES/EXTENSIONS/WRITE 15.00
MICROSOFT.DOCUMENTDB/DATABASEACCOUNTS/READONLYKEYS/ACTION 14.00
MICROSOFT.APIMANAGEMENT/SERVICE/APIS/POLICIES/WRITE 12.00
MICROSOFT.APIMANAGEMENT/SERVICE/APIS/WRITE 12.00
MICROSOFT.APIMANAGEMENT/SERVICE/APIVERSIONSETS/WRITE 12.00
MICROSOFT.APIMANAGEMENT/SERVICE/PRODUCTS/WRITE 12.00
MICROSOFT.COMPUTE/VIRTUALMACHINES/WRITE 11.00
MICROSOFT.NETWORK/LOADBALANCERS/WRITE 9.00
MICROSOFT.APIMANAGEMENT/SERVICE/WRITE 8.00
MICROSOFT.APIMANAGEMENT/SERVICE/CERTIFICATES/WRITE 6.00
MICROSOFT.NETWORK/NETWORKINTERFACES/WRITE 6.00
MICROSOFT.COMPUTE/REGISTER/ACTION 4.00
MICROSOFT.NETWORK/REGISTER/ACTION 4.00
MICROSOFT.RESOURCES/DEPLOYMENTS/VALIDATE/ACTION 4.00
Microsoft.Advisor/recommendations/available/action 4.00
Microsoft.Insights/alert/proactivediagnostics 4.00
Microsoft.Security/tasks/write 4.00
MICROSOFT.APIMANAGEMENT/SERVICE/DELETE 3.00
MICROSOFT.COMPUTE/AVAILABILITYSETS/WRITE 3.00
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/WRITE 3.00
MICROSOFT.RESOURCES/DEPLOYMENTS/WRITE 3.00
RunFinished 3.00
MICROSOFT.APIMANAGEMENT/SERVICE/CERTIFICATES/DELETE 2.00
MICROSOFT.AUTHORIZATION/LOCKS/DELETE 2.00
MICROSOFT.CLASSICSTORAGE/STORAGEACCOUNTS/LISTKEYS/ACTION 2.00
MICROSOFT.EVENTHUB/NAMESPACES/EVENTHUBS/AUTHORIZATIONRULES/LISTKEYS/ACTION 2.00
MICROSOFT.KEYVAULT/VAULTS/WRITE 2.00
MICROSOFT.RESOURCES/SUBSCRIPTIONS/RESOURCEGROUPS/WRITE 2.00
Microsoft.ApiManagement/service/write 2.00
RunStarted 2.00
Microsoft.ServiceHealth/actionrequired/action 1.00