Azure blob storage (Beta)

Lightup account setup

Lightup needs an Azure account with read access to the data you want to monitor. You can use a Shared Key or Managed Identity for authentication, and assign the built-in Data Reader role to grant Lightup sufficient privileges.

Azure Shared Key Services

You can use a Shared Key for access to Azure blob storage. There are numerous possible formats and contents of an Azure Shared Key. All the information you need to employ this authentication method— including syntax examples— is available on the Microsoft page, Authorize with Shared Key.

Managed Identity access

If you decide to use a Managed Identity for Lightup, consider setting up a user-assigned managed identity as this will let you grant the identity access to multiple Azure resources.

Assign the built-in Azure Storage Blob Data Reader role

You can use Azure's built-in Storage Blob Data Reader role to grant sufficient privileges to the Lightup Azure account.

{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Configure connector

  1. If you're using a Managed Identity for access control, select Managed Identity.
  2. For Account Name, enter the name of the Lightup Azure user account.
  3. If present, enter the user Account Key.
  4. Select Test Connection. The test runs in the panel on the right.
  5. If you see Successful! you will also see a list of available containers (called schemas in Lightup). Select Save to complete the datasource configuration.

Note that Azure blob storage datasources use virtual tables and not tables.

Query Governance

Azure blob storage datasources support the Query History, Scheduling, Enable data storage, Maximum backfill duration, and Maximum distinct values settings. For steps, see Set query governance settings for a datasource.

Metadata metrics

Azure blob storage datasources currently do not support metadata metrics.

Date/time data types

These Azure blob storage date/time data types are supported:

  • TIMESTAMP WITH TIME ZONE

Object types

These Azure blob storage object types are supported:

Partitions

Azure blob storage datasources support partitions.

Deep metrics

Azure blob storage datasources support all deep metrics except for row by row and SQL metrics. However, the following metric features are not supported: