Azure Monitor: metrics, logs, alerts, and Application Insights

Short Summary

Azure Monitor is Azure’s service for collecting, analyzing, and acting on monitoring data from Azure and non-Azure environments. You use it to understand health and performance using metrics, logs, and distributed traces. In this lesson, you’ll see where Log Analytics fits, how Azure Monitor alerts notify you automatically, and what Application Insights adds for application performance monitoring.

Learning Objectives

By the end of this lesson, you will be able to:

• Describe what Azure Monitor does at a high level.
• Distinguish metrics, logs, and distributed traces in simple terms.
• Use Log Analytics to explain how you query and analyze log data.
• Explain what Azure Monitor alerts do and what signals they can evaluate.
• Identify when Application Insights is the right tool for application monitoring.

Core Concepts

Azure Monitor in one sentence

Azure Monitor collects, stores, and analyzes telemetry so you can understand health, performance, and issues across Azure resources and applications (including hybrid scenarios).

The three telemetry types you’ll see most

Azure Monitor commonly deals with:

• Metrics: numeric, time-series values (for example, request rate or CPU percentage over time). Metrics are great for dashboards and threshold-style alerting.
• Logs: detailed records and events you can search and query (for example, resource logs, application logs, and activity events). Logs are best for investigation and “why did this happen?” questions.
• Distributed traces: end-to-end information about how a request flows through an application and its dependencies. Traces help you pinpoint where latency or failures are introduced.

Azure Monitor Logs and Log Analytics

Azure Monitor Logs is the log data platform used to store and query log data. In practice, your log data is stored in a Log Analytics workspace.

Log Analytics is the Azure portal experience where you run queries against that log data. Those queries use Kusto Query Language (KQL), which lets you filter, summarize, and correlate events across many sources.

Quick naming tip: “Log Analytics” is sometimes used to refer to both the log store (Azure Monitor Logs) and the query UI. In this lesson, “Log Analytics” means the query-and-analysis tool in the portal.

Azure Monitor alerts

Azure Monitor alerts help you react automatically instead of manually watching dashboards. An alert rule evaluates a signal and triggers when a condition is met.

Common signals include:

• Metric-based conditions (for example, high CPU for 10 minutes)
• Log query results (for example, “more than 50 failed requests in 5 minutes”)
• Activity log events (control-plane events like resource changes)

When an alert fires, it can notify people and/or trigger automated actions through configured actions.

Application Insights

Application Insights is an application-focused feature of Azure Monitor that provides Application Performance Monitoring (APM).

APM is about understanding an application from the inside out, including:

• availability (is it up?),
• performance (is it fast?),
• failures (what’s breaking?),
• dependencies (what external calls are slow/failing?),
• and usage (how users are interacting with it).

To get value from Application Insights, your application needs to be instrumented (so it can send telemetry).

Practical Understanding

Practical Situation 1: When you need one place to monitor many things

You’re responsible for service health and want one Azure-native place to view monitoring data across many resources and applications.

How to think about it: Start with Azure Monitor as the umbrella. It’s meant to collect and analyze telemetry across a broad set of sources, not just one resource type.

Common misunderstanding: “Azure Monitor is basically VM monitoring.” Virtual machines (VMs) are just one data source; Azure Monitor is wider than that.

Practical Situation 2: When you need to search and investigate across logs

You have events coming from multiple services and want to search, filter, and summarize patterns (for example, error bursts, failed sign-ins, or repeated timeouts).

How to think about it: Use Log Analytics to query data stored in Azure Monitor Logs (in a Log Analytics workspace). It’s the “workbench” for interactive investigation.

Common misunderstanding: “Log Analytics is a totally separate product.” In this context, Log Analytics is the query and analysis experience for Azure Monitor Logs.

Practical Situation 3: When you want automatic notifications and actions

You want to be notified if a resource crosses a threshold (like sustained high CPU), or if a pattern appears in logs (like repeated failures).

How to think about it: Use Azure Monitor alerts. Alerts can evaluate metrics, log query results, and certain platform events (like activity log events) to notify you or trigger automation.

Common misunderstanding: “All alerts are the same.” Alerts based on your telemetry are different from service incident/maintenance notifications, which are handled via other Azure health-related services.

Practical Situation 4: When you need end-to-end app visibility

You need to know if the app is up, how fast requests are, where failures happen, and which dependency calls are causing issues.

How to think about it: Use Application Insights for APM. It’s designed for application behavior, not just raw infrastructure signals.

Common misunderstanding: “Application Insights is only for classic web apps.” It’s an application monitoring capability that can apply to many app types when instrumented appropriately.

Common Pitfalls

• Mistake: Treating Azure Monitor as only Virtual Machine (VM) monitoring. Correction: Azure Monitor is designed to collect and analyze telemetry across many Azure resources and applications (including hybrid sources).

• Mistake: Confusing metrics and logs, then choosing the wrong tool first. Correction: Use metrics for time-series thresholds and dashboards; use logs (via Log Analytics) for investigation and correlation.

• Mistake: Thinking Log Analytics is unrelated to Azure Monitor. Correction: Log Analytics is the portal tool used to query and analyze Azure Monitor Logs (stored in Log Analytics workspaces).

• Mistake: Expecting alerts to be “set and forget” without tuning. Correction: Start simple, tune thresholds/queries, and aim for actionable alerts (signal-to-noise matters).

• Mistake: Expecting Application Insights to work without instrumentation. Correction: Application Insights becomes valuable when your app is instrumented so it can send telemetry (requests, dependencies, failures, traces).

Check Your Understanding

• Explain the difference between metrics and logs using one example for each from a real system you’ve worked on (or can imagine).
• Describe a situation where Log Analytics is the best starting point, and explain why dashboards alone wouldn’t be enough.
• Describe a useful alert you would set up and name the signal type it would evaluate (metric, log query, or activity log event).
• Explain what Application Performance Monitoring (APM) means in your own words and name two questions it helps you answer.
• Write a simple “tool choice” rule you can remember for: log investigation, threshold monitoring, and application performance monitoring.

Further Reading

• Azure Monitor overview — https://learn.microsoft.com/en-us/azure/azure-monitor/fundamentals/overview
• Log Analytics overview — https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview
• Azure Monitor alerts overview — https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview
• Application Insights overview — https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview