What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The Application Insights Integration allows users to retrieve application insights metrics from specified applications.

Integration level configuration options

Application ID:: ([]string) ID of the application. This is Application ID from the API Access settings blade in the Azure portal.

Api Key:: ([]string) The API key which will be generated, more on the steps here https://dev.applicationinsights.io/documentation/Authorization/API-key-and-App-ID.

Configuration options

Metrics:: List of different metrics to collect information

id:: ([]string) IDs of the metrics that's being reported. Usually, the id is descriptive enough to help identify what's measured. Default metrics include a curated selection of requests counters, performance, and service availability. The list of options can be found here https://docs.microsoft.com/en-us/rest/api/application-insights/metrics/get#metricid

interval:: (string) The time interval to use when retrieving metric values. This is an ISO8601 duration. If interval is omitted, the metric value is aggregated across the entire timespan. If interval is supplied, the result may adjust the interval to a more appropriate size based on the timespan used for the query.

aggregation:: ([]string) The aggregation to use when computing the metric values. To retrieve more than one aggregation at a time, separate them with a comma. If no aggregation is specified, then the default aggregation for the metric is used.

segment:: ([]string) The name of the dimension to segment the metric values by. This dimension must be applicable to the metric you are retrieving. In this case, the metric data will be segmented in the order the dimensions are listed in the parameter.

top:: (int) The number of segments to return. This value is only valid when segment is specified.

order_by:: (string) The aggregation function and direction to sort the segments by. This value is only valid when segment is specified.

filter:: (string) An expression used to filter the results. This value should be a valid OData filter expression where the keys of each clause should be applicable dimensions for the metric you are retrieving.

Example configuration:

 - id: ["requests/count", "requests/failed"]
   segment: "request/name"
   aggregation: ["sum"]

Additional notes about metrics and costs

Costs: Metric queries are charged based on the number of standard API calls. More information on pricing here https://azure.microsoft.com/en-us/pricing/details/monitor/.

An example event for app_insights looks as following:

    "agent": {
        "hostname": "docker-fleet-agent",
        "name": "docker-fleet-agent",
        "id": "d979a8cf-ddeb-458f-9019-389414e0ab47",
        "ephemeral_id": "4162d5df-ab00-4c1b-b4f3-7db2e3b599d4",
        "type": "metricbeat",
        "version": "7.15.0"
    "elastic_agent": {
        "id": "d979a8cf-ddeb-458f-9019-389414e0ab47",
        "version": "7.15.0",
        "snapshot": true
    "cloud": {
        "provider": "azure"
    "@timestamp": "2021-08-23T14:37:42.268Z",
    "ecs": {
        "version": "1.12.0"
    "service": {
        "type": "azure"
    "data_stream": {
        "namespace": "default",
        "type": "metrics",
        "dataset": "azure.app_insights"
    "host": {
        "hostname": "docker-fleet-agent",
        "os": {
            "kernel": "4.19.128-microsoft-standard",
            "codename": "Core",
            "name": "CentOS Linux",
            "family": "redhat",
            "type": "linux",
            "version": "7 (Core)",
            "platform": "centos"
        "containerized": true,
        "ip": [
        "name": "docker-fleet-agent",
        "id": "1642d255f9a32fc6926cddf21bb0d5d3",
        "mac": [
        "architecture": "x86_64"
    "metricset": {
        "period": 300000,
        "name": "app_insights"
    "event": {
        "duration": 503187300,
        "agent_id_status": "verified",
        "ingested": "2021-08-23T14:37:41Z",
        "module": "azure",
        "dataset": "azure.app_insights"
    "azure": {
        "app_insights": {
            "end_date": "2021-08-23T14:37:42.268Z",
            "start_date": "2021-08-23T14:32:42.268Z"
        "metrics": {
            "requests_count": {
                "sum": 4
        "application_id": "42cb59a9-d5be-400b-a5c4-69b0a0026ac6",
        "dimensions": {
            "request_name": "GET Home/Index",
            "request_url_host": "demoappobs.azurewebsites.net"