Connect to Azure Data Explorer (ADX)
A connection to your Azure Data Explorer (Kusto) clusters so your agent can query logs and telemetry. The wizard tests connectivity per-cluster before saving. Learn more → Kusto Tools.
Prerequisites
- An Azure Data Explorer cluster with at least one database
- Admin access to grant database permissions (or someone who can)
- An agent created in the SRE Agent portal with a managed identity
Steps
Step 1: Get cluster details
Find your cluster URL in the Azure portal or from your team:
https://{cluster-name}.{region}.kusto.windows.net
Note the database name you want to query — you'll need both the cluster URL and database name in the format https://{cluster-url}/{database-name}.
Step 2: Grant agent permissions
Your agent's managed identity needs database access. Run this KQL command in the Azure Data Explorer web UI or Kusto Explorer:
.add database {database-name} viewers ('aadapp={agent-managed-identity-id}')
Replace {agent-managed-identity-id} with your agent's managed identity client ID (found in the Azure portal under your agent resource → Identity).
Step 3: Open the connector wizard
- In the SRE Agent portal, go to Builder > Connectors in the left sidebar
- Click Add connector
- Select the Azure Data Explorer card from the Telemetry category
- Click Next
Step 4: Set up the connector
In the Set up connector step:
- Enter a Name for the connector (e.g.,
production-logs) - Select a Managed identity — choose the identity that has permissions on your ADX clusters
- Click Next
Step 5: Configure your clusters
In the Add clusters step, the Cluster Group heading describes how clusters within a group share the same managed identity:
- To add a cluster group, click + Create new group at the top of the step — the new group appears at the top of the list
- Enter a Group name (default:
ClusterGroup) — this labels the cluster group - Under Clusters, enter your cluster URL in the format
https://{cluster-url}/{database-name}- A new row appears automatically when you fill the current one — add as many cluster URIs as needed
- Select the Managed identity for this group (default:
(inherit)uses the connector-level identity) - Repeat steps 1–4 to add additional cluster groups with different identities
- Click Next
Step 6: Test connection and save
In the Review + test connection step:
- Review your connector configuration — the connector name, identity, and cluster groups are displayed
- Each cluster group shows a Not tested badge
- Click Test connection — the button changes to Testing connection... while each cluster is probed individually
- Review the per-cluster results:
- ✅ Green checkmark — cluster is reachable
- ❌ Red X — cluster failed with an error message displayed inline
- Once testing completes, the button changes to Add connector — click it to save
If any cluster fails, check the Troubleshooting section. Fix the failing clusters and re-run Test connection before saving — the connector works best when all clusters pass connectivity checks.
Checkpoint: The connector appears in your Connectors list.
When you edit an existing Azure Data Explorer connector, the wizard opens directly at the Add clusters step — you can update clusters and re-test without reconfiguring the connector name or identity.
Step 7: Verify access
Ask your agent:
List the tables in the production-logs database
The agent should return a list of tables from your connected cluster.
What you learned
- How to find your ADX cluster URL and grant the agent database access
- How to configure cluster groups with multiple cluster URIs
- How to test connectivity per-cluster before saving
- How to verify the connection by querying tables through chat
Troubleshooting
| Issue | Solution |
|---|---|
| Red X on a specific cluster | Verify the cluster URL format (https://{cluster-url}/{database-name}), ensure managed identity has Viewer role on that cluster, check firewall rules |
| All clusters fail | Confirm the managed identity has permissions — run .show database {db} principals in ADX to verify |
| "Not tested" badge doesn't clear | Click Test connection to run connectivity checks — the badge clears after testing completes |
| Identity dropdown empty | Your agent needs a managed identity configured — go to Azure portal → your agent resource → Identity |
Next steps
- Create a Kusto tool to build reusable parameterized queries
- Diagnose with observability data using your connected clusters
Related
| Resource | What you'll learn |
|---|---|
| Create Kusto Tool | Build reusable parameterized queries |
| Kusto Tools | Understand deterministic vs. flexible query approaches |
| Diagnose with 3P Observability | Use Kusto data for incident diagnosis |