Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow Monitor infrastructurebreadcrumb arrow Cloud Provider Observabilitybreadcrumb arrow Microsoft Azure observabilitybreadcrumb arrow Troubleshoot metrics collection
Grafana Cloud

Troubleshoot metrics collection

This page provides solutions to common issues when configuring Azure monitoring with Cloud Provider Observability.

Verify Azure service principal permissions

If you receive errors when creating a credential or metrics aren’t being collected, verify that your Azure service principal has the correct permissions.

Symptoms

  • Error message examples: “Unable to authenticate with Azure”, “Insufficient permissions to access Azure resources”
  • Metrics aren’t appearing in Grafana Cloud
  • Status shows “Authentication failed”

Solution

To verify and correct service principal permissions:

  1. Open a terminal or Azure Cloud Shell.

  2. Log in to your Azure account:

    Bash 
    az login

  3. List the role assignments for your service principal.

    Replace <app-id> with your service principal’s Client ID:

    Bash 
    az role assignment list --assignee <app-id> --output table

  4. Verify that the service principal has the Monitoring Reader role assigned for the subscriptions you want to monitor.

  5. If the role is missing or incorrect, assign the Monitoring Reader role:

    Bash 
    az role assignment create --assignee <app-id> --role "Monitoring Reader" --scope "/subscriptions/<subscription-id>"

  6. Return to Grafana Cloud and test the connection again.

Additional considerations

  • Ensure the service principal hasn’t been deleted or disabled in Azure Active Directory
  • Verify that the client secret hasn’t expired (Azure service principal secrets expire after a set period)
  • Check that you’re using the correct Tenant ID for your Azure organization

For more information about Azure role assignments, refer to Assign Azure roles using Azure CLI in the Azure documentation.

Check Azure subscription access

If some Azure resources aren’t appearing or you’re not collecting metrics from all expected subscriptions, verify that your service principal has access to all relevant subscriptions.

Symptoms

  • Some Azure resources don’t appear in the Services tab
  • Metrics are collected from some subscriptions but not others
  • Error message: “No resources found in subscription”
  • Expected services aren’t listed in Autodiscovery step

Solution

To verify and grant subscription access:

  1. Open a terminal or Azure Cloud Shell.

  2. Log in to your Azure account:

    Bash 
    az login

  3. List all subscriptions in your Azure account:

    Bash 
    az account list --output table

  4. For each subscription you want to monitor, verify the service principal has access:

    Bash 
    az role assignment list --assignee <app-id> --scope "/subscriptions/<subscription-id>" --output table

  5. If the service principal doesn’t have access to a subscription, grant the Monitoring Reader role:

    Bash 
    az role assignment create --assignee <app-id> --role "Monitoring Reader" --scope "/subscriptions/<subscription-id>"

  6. In Grafana Cloud, edit your Azure credential to verify the subscription IDs are correctly configured.

  1. Wait up to one hour for autodiscovery to detect resources in newly accessible subscriptions.

Additional considerations

  • Verify that the subscriptions contain Azure resources that are running and active
  • Check that resources have been tagged appropriately if you’re using tag-based filtering
  • Ensure the subscription isn’t disabled or expired in Azure

For more information about Azure subscriptions, refer to Azure subscription management in the Azure documentation.