0

I have a project that is hosted via Azure Function app, and sits behind APIM. One of the requirement is to log all successful and failed login requests from both APIM and Function.

Application Insights seems an option. However, it recommends NOT to use 100% sampling rate. If 100% sampling rate is not used, how is it possible to log all successful and failed login requests.

It seems Microsoft recommends Application Insights for Azure APIM and Funtions, even though I cannot find any offiical document.

Pingpong
  • 7,681
  • 21
  • 83
  • 209

1 Answers1

0

Logging all events when enabling Application Insights for your API with in APIM might have performance implications depending on incoming request rate.Based on internal load tests, enabling this feature caused a 40%-50% reduction in throughput when request rate exceeded 1,000 requests per second.Azure Application Insights is designed to use statistical analysis for assessing application performances. It is not intended to be an audit system and is not suited for logging each individual request for high-volume APIs.

You can manipulate the number of requests being logged by adjusting the Sampling setting (see the steps above). Value 100% means all requests are logged, while 0% reflects no logging at all. Sampling helps to reduce volume of telemetry, effectively preventing from significant performance degradation, while still carrying the benefits of logging. Skipping logging of headers and body of requests and responses will also have positive impact on alleviating performance issues.

Documentation Reference

You can also view metrics of your API's by enabling Diagnostic logging for your APIM instance. Please see if the below suffices your requirement.

API Management emits metrics every minute, giving you near real-time visibility into the state and health of your APIs. Following is a summary of some of the available metrics:

  • Capacity (preview): helps you make decisions about upgrading/downgrading your APIM services. The metric is emitted per minute and reflects the gateway capacity at the time of reporting. The metric ranges from 0-100 calculated based on gateway resources such as CPU and memory utilization.
  • Total Gateway Requests: the number of API requests in the period.
  • Successful Gateway Requests: the number of API requests that received successful HTTP
    response codes including 304, 307, and anything smaller than 301 (for example, 200).
  • Failed Gateway Requests: the number of API requests that received erroneous HTTP response codes including 400, and anything larger than 500.
  • Unauthorized Gateway Requests: the number of API requests that received HTTP response codes including 401, 403, and 429.
  • Other Gateway Requests: the number of API requests that received HTTP response codes that do not belong to any of the preceding categories (for example, 418).

Documentation Reference

Hope this helps !

bharathn-msft
  • 877
  • 5
  • 10