Krish DEV

Krish DEV

AZ-400 Exam Preparation: Analyze infrastructure with Azure Monitor Logs

Published a month ago

6 minutes read

The content is summarised from AZ-400 official document

Azure Monitor is a service for collecting and analyzing telemetry for your cloud and on-premises applications.

Features of Azure Monitor logs

1. Data collection in Azure Monitor

  • metrics: how the resource is performing
  • logs: when resources are created / modified
  • Sources of data
    • Application data: custom application code
    • OS data: Windows or Linux VMs that host your application
    • Azure resource data: Operations of Azure resources. (Web App, load balancer, ...)
    • Azure subscription data: Data related to your subscription. (Azure Health, Availabilty)
    • Azure tenant data: Data about organization-level. (Azure AD)
  • Azure Monitor is an automatic system. But you can get the extended data(More info) by
    • Enabiling diagnostics: Azure SQL Database
    • Adding an agent: VMs
  • Data can be sent by custom code via REST (Data Collector API)

Logs

  • time-stamped information
  • organized in to records
  • Log Analytics workspace (Query) Screenshot of an example query against Azure logs with the query text on top and a graph displaying the results below.

Metrics

  • Numerical values that describe some aspect of a system at a point in time. (Near real time)
  • Metrics are collected at regular intervals.
  • Alert
  • Stored in time-series database.
  • can combine with logs to identify the root cause of issues. Screenshot of an example chart in Azure Metrics displaying average CPU percentage.

2. Analyzing logs by using Kusto

  • Log query language
  • You might use a tile to display the results of a Kusto query in a dashboard.

Create basic Azure Monitor log queries to extract information from log data

1.Write Azure Monitor log queries by using Log Analytics

You can enter the query and see the output here. Screenshot of Azure Monitor with a new query tab opened.

2. Write queries by using Kusto language

  • It is a ready-only request
  • case-sensitive
Events 
| where StartTime >= datetime(2018-11-01)  and StartTime < datetime(2018-12-01) 
| where State == "FLORIDA" 
| count

# The following example retrieves the most recent heartbeat record for each computer. The computer is identified by its IP address. In this example, the `summarize` aggregation with the `arg_max` function returns the record with the most recent value for each IP address.

Heartbeat 
| summarize  arg_max(TimeGenerated, *) by ComputerIP

  • There are a lot of useful predefined queries to use

Recommended Posts

AZ-400 Exam Preparation: Azure Application Insights (Metrics)

AZ-400 Exam Preparation: Azure Application Insights (Metrics)

Exam preparation for AZ-400, in the topic of Azure Application Insights (Metrics)

Read more →

Published a month ago

AZ-400 Exam Preparation: Well-Architected Framework - Performance efficiency

AZ-400 Exam Preparation: Well-Architected Framework - Performance efficiency

Exam preparation for AZ-400, in the topic of Well-Architected Framework - Performance efficiency

Read more →

Published a month ago

AZ-400 Exam Preparation: App Service Diagnostics Logging

AZ-400 Exam Preparation: App Service Diagnostics Logging

Exam preparation for AZ-400, in the topic of App Service Diagnostics Logging

Read more →

Published a month ago

เตรียมตัวสอบ AZ-400: App Service Diagnostics Logging

เตรียมตัวสอบ AZ-400: App Service Diagnostics Logging

บันทึกการเตรียมตัวสอบ AZ-400 ในหัวข้อ App Service Diagnostics Logging

Read more →

Published a month ago