Back to Azure
Azure Monitor & Logs
Monitoring, logging, and alerting
Log Analytics Workspace
Central repository for collecting and analyzing log data from Azure resources.
Common KQL Queries
// Failed sign-ins in last 24 hours SigninLogs | where TimeGenerated > ago(24h) | where ResultType != 0 | summarize count() by UserPrincipalName, ResultDescription // VM heartbeat check Heartbeat | summarize LastHeartbeat = max(TimeGenerated) by Computer | where LastHeartbeat < ago(5m) // Security events by type SecurityEvent | summarize count() by EventID, Activity | top 10 by count_
Data Sources
- * Azure Activity Logs
- * Diagnostic settings from resources
- * Azure AD sign-in and audit logs
- * VM performance counters and events
- * Custom logs via Data Collection Rules
Azure Alerts
Proactive notifications based on metrics, logs, or activity.
Alert Types
| Type | Use Case |
|---|---|
| Metric Alerts | CPU, memory, disk thresholds |
| Log Alerts | KQL query results matching criteria |
| Activity Log Alerts | Resource changes, service health |
| Smart Detection | App Insights anomaly detection |
Action Groups
Define notification targets: email, SMS, webhooks, Logic Apps, Azure Functions, ITSM.
Workbooks & Dashboards
Interactive reports combining data, text, and visualizations.
- * Use built-in templates for common scenarios
- * Combine multiple data sources in one view
- * Add parameters for interactive filtering
- * Share workbooks across subscriptions
- * Export to Azure dashboards for overview pages