Overview of Azure Monitor
Azure Monitor is a centrally place to monitor applications and infrastructure. It can monitor:
- Storage accounts
By default Azure Monitor doesn’t do anything until you connect your infrastructure to it.
“Azure Monitor collects monitoring telemetry from a variety of on-premises and Azure sources. Management tools, such as those in Azure Security Center and Azure Automation, also push log data to Azure Monitor. The service aggregates and stores this telemetry in a log data store that’s optimised for cost and performance. Analyse data, set up alerts, get end-to-end views of your applications, and use machine learning-driven insights to quickly identify and resolve problems.”
Using Azure Monitor is free, but if turn on logging for your resources the log data has to be stored somewhere and you get charged for that storage.
Very frequent monitoring of applications can have an impact on the performance of the application. It is best to have a limited amount of monitoring happening, then if there are issues happening you can increase the monitoring as a debugging tool.
Enabling Diagnostics for Resources
Enable Diagnostics for Virtual Machines
- Go to Monitor -> Virtual Machines
- Click on the “Not monitored” tab to see your VM that isn’t being monitored
- Click on Enable. You will be asked for a Workspace to store the logs
- This will install an agent on the VM to pull the log files
NOTE: the VM must be running for the software installation to take place
Enable Diagnostics for other Resources
- Go to Monitor -> Diagnostic Settings
- Here you will see a list of all your Azure resources and whether diagnostics is enabled or not. You can filter by resource group, type etc…
- Select a resource and click enable. In this example we are using a Web app
- Click on Add Diagnostic Setting
- Give it a name
- Select the logs (pageviews, page requests) and metrics (CPU, memory etc…) you want to gather
- Destination details: select to send to Log analytics Workspace
- Click on Save
Once you have turned on Diagnostics it is best to leave it for around a day before running reports. This will give it time to gather data.
Running Basic Kusto Queries on Logs
- Go to Monitor -> Logs
- This opens a query dialog box. Close this to get the normal query page. This looks similar to SSMS
- The “Select Scope” allows you to select the resource which logs you want to query
- On the left you will see the list of tables you can use for your query. If you double click the table it pulls it into the query and you could run that
- You can build a “where” clause by piping this,
AzureAcitiviy | Where OperationNameVauule contains “Microsoft.Insights” Get last 10 metric events
AzureMetrics | take 10
If you click on “Queries” on the top left, you will get some built in queries that you can use and edit.