Azure SQL Database¶

By enabling this toolset, HolmesGPT can analyze Azure SQL Database performance, health, and operational issues using Azure REST APIs and Query Store data.

Warning

This toolset is in Experimental stage.

Prerequisites¶

Azure SQL Database instance
Azure authentication (Service Principal or Azure AD Workload Identity)
Appropriate Azure and SQL permissions

Configuration¶

Holmes CLIRobusta Helm Chart

Azure AD Workload Identity¶

Add the following to ~/.holmes/config.yaml, creating the file if it doesn't exist:

toolsets:
  azure/sql:
    enabled: true
    config:
      database:
        subscription_id: "your-subscription-id"
        resource_group: "your-resource-group"
        server_name: "your-azure-sql-server-name"
        database_name: "your-azure-sql-database-name"

Service Principal¶

toolsets:
  azure/sql:
    enabled: true
    config:
      tenant_id: "your-tenant-id"
      client_id: "your-client-id"
      client_secret: "your-client-secret"
      database:
        subscription_id: "your-subscription-id"
        resource_group: "your-resource-group"
        server_name: "your-azure-sql-server-name"
        database_name: "your-azure-sql-database-name"

Azure AD Workload Identity¶

holmes:
  toolsets:
    azure/sql:
      enabled: true
      config:
        database:
          subscription_id: "your-subscription-id"
          resource_group: "your-resource-group"
          server_name: "your-azure-sql-server-name"
          database_name: "your-azure-sql-database-name"

Service Principal¶

holmes:
  toolsets:
    azure/sql:
      enabled: true
      config:
        tenant_id: "your-tenant-id"
        client_id: "your-client-id"
        client_secret: "your-client-secret"
        database:
          subscription_id: "your-subscription-id"
          resource_group: "your-resource-group"
          server_name: "your-azure-sql-server-name"
          database_name: "your-azure-sql-database-name"

Roles / Access controls¶

The service principal requires these roles:

Azure¶

Azure Level (RBAC):
├── Monitoring Reader (subscription)
├── SQL DB Contributor (resource group)

SQL¶

Database Level (SQL permissions):
├── CREATE USER [holmes-service-principal] FROM EXTERNAL PROVIDER
├── GRANT VIEW SERVER STATE TO [holmes-service-principal]
└── ALTER ROLE db_datareader ADD MEMBER [holmes-service-principal]

Query Store¶

In addition, Query Store should be enabled on target databases

Capabilities¶

Tool Name	Description
analyze_database_health_status	Analyze overall database health and status
analyze_database_performance	Analyze database performance metrics
analyze_database_connections	Analyze database connection patterns and issues
analyze_database_storage	Analyze database storage usage and growth
get_top_cpu_queries	Get queries with highest CPU usage
get_slow_queries	Get slowest performing queries
get_top_data_io_queries	Get queries with highest data I/O usage
get_top_log_io_queries	Get queries with highest log I/O usage
get_active_alerts	Get active alerts for the database
analyze_connection_failures	Analyze connection failure patterns