Azure Monitor
Slide deck explaining Azure Monitor: metrics, logs, alerts, and Application Insights. Covers telemetry types (metrics, logs, distributed traces), Log Analytics workspace, KQL queries, alert rules, and Application Performance Monitoring (APM).
Azure Monitor
Introduction to Azure Monitor: metrics, logs, alerts, and Application Insights.
Azure Monitor
Introduction to Azure Monitor: metrics, logs, alerts, and Application Insights.
Azure Monitor in one sentence
Azure Monitor collects and analyzes telemetry so you can understand health, performance, and issues. One umbrella for monitoring across Azure plus hybrid. Works with metrics, logs, and distributed traces. Helps you observe, investigate, and react. Not 'just VM (Virtual Machine) monitoring'.
Metrics vs Logs vs Distributed Traces
Different telemetry types answer different questions. Metrics: numeric time-series (dashboards, thresholds). Logs: detailed events (search, investigation, correlation). Distributed traces: end-to-end request flow (latency/failure location). Use the right signal for the question you're asking.
Metrics: time-series numbers
Metrics are best for dashboards and threshold-based alerts. Numeric values over time (time-series). Great for charts and quick health views. Strong fit for threshold alerting (e.g., sustained high CPU). Less detail for deep investigation.
Logs: detailed events you can query
Logs help you investigate and explain incidents. Detailed records (events, errors, activities). Best for 'why did this happen?' questions. Supports searching, filtering, and correlation. Often spans multiple services and sources.
Where logs live: Log Analytics workspace
Log data is stored in a Log Analytics workspace and queried through Azure Monitor Logs tooling. Azure Monitor equals umbrella monitoring service. Azure Monitor Logs equals log data platform. Log Analytics workspace equals where logs are stored. Workspace is the target for querying and analysis.
Log Analytics and Kusto Query Language (KQL)
Log Analytics is where you query logs using KQL. Log Analytics equals query plus analysis experience in the portal. Queries use Kusto Query Language (KQL). KQL supports filtering, summarizing, and correlation. Used for investigation and pattern-finding.
Distributed traces: the request journey
Traces show how a request flows through an app and its dependencies. End-to-end view of request flow. Helps pinpoint where latency is introduced. Helps locate where failures occur in the chain. Complements metrics plus logs during troubleshooting.
Azure Monitor alerts: rules that trigger
Alert rules evaluate signals and trigger notifications or actions. Alerts reduce manual dashboard watching. Alert rule equals signal plus condition plus trigger. Can notify people and/or trigger automated actions. Aim for actionable alerts (signal-to-noise matters).
Alert signals: what gets evaluated
Alerts can evaluate metrics, log query results, and activity log events. Metrics: thresholds over time (e.g., high CPU). Log queries: patterns/counts from logs (e.g., failed requests). Activity log events: control-plane changes (resource changes). Not the same as service incident/maintenance notifications.
Application Insights = Application Performance Monitoring (APM)
Application Insights helps you understand app behavior, performance, and dependencies. APM (Application Performance Monitoring) equals app visibility from inside out. Tracks availability, performance, failures, dependencies, usage. Needs instrumentation to send telemetry. Complements infrastructure monitoring.
Quick rules + common pitfalls
Pick tools based on your question: watch, investigate, react, or understand app behavior. Metrics to dashboards plus thresholds. Logs (Log Analytics plus KQL) to investigation plus correlation. Alerts to automated notify/action based on signals. Application Insights (APM) to end-to-end app visibility (needs instrumentation). Pitfalls: 'VM-only thinking', confusing metrics vs logs, untuned alerts.