Snippets

KQL snippet: diagnose Container Apps private ingress and revisions

A short query to correlate Azure Container Apps system and console logs when private ingress, probes or revision traffic fail.

09 Jun 2026 kqlazurecontainer-appsprivate-endpointdnslogsmonitoringrunbookrollback

Use this query when a private Azure Container Apps endpoint returns 404, 502, timeouts or intermittent failures after a deployment or ingress change. It joins platform events and application logs around the same app, environment and time window.

kusto container-apps-private-ingress-revision-triage.kql

let Window = 2h;
let App = "orders-api";
let Env = "aca-prod-weu";
let System =
ContainerAppSystemLogs_CL
| where TimeGenerated > ago(Window)
| where ContainerAppName_s == App or EnvironmentName_s == Env
| project TimeGenerated,
        Source="system",
        Environment=EnvironmentName_s,
        App=ContainerAppName_s,
        Revision=RevisionName_s,
        Replica="",
        Message=Log_s;
let Console =
ContainerAppConsoleLogs_CL
| where TimeGenerated > ago(Window)
| where ContainerAppName_s == App
| project TimeGenerated,
        Source="console",
        Environment=EnvironmentName_s,
        App=ContainerAppName_s,
        Revision=RevisionName_s,
        Replica=tostring(ContainerGroupName_g),
        Message=Log_s;
System
| union Console
| where Message has_any ("ingress", "probe", "revision", "error", "failed", "timeout", "502", "404")
| order by TimeGenerated desc

Quick read: system events without console logs suggest platform, ingress or revision lifecycle; one failing revision points to traffic shift or rollback; no Container Apps signal points back to DNS, private endpoint, gateway or the caller network.