| title | description | documentationcenter | author | manager | editor | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Sources of data in Azure Monitor | Microsoft Docs |
Describes the data available to monitor the health and performance of your Azure resources and the applications running on them. |
bwren |
carmonm |
tysonn |
monitoring |
na |
article |
na |
infrastructure-services |
11/13/2018 |
bwren |
This article describes the sources of data collected by Azure Monitor to monitor the health and performance of your resources and the applications running on them. These resources could be in Azure, in another cloud, or on-premises. See Data collected by Azure Monitor for details on how this data stored and how you can view it.
Monitoring data in Azure comes from a variety of sources that can be organized into tiers, the highest tiers being your application and any operating systems and the lower tiers being components of Azure platform. This is illustrated in the following diagram with each tier described in detail in the following sections.
Telemetry related to your Azure tenant is collected from tenant-wide services such as Azure Active Directory.
Azure Active Directory reporting contains the history of sign-in activity and audit trail of changes made within a particular tenant. These audit logs can be written to Log Analytics to analyze them with other log data.
Telemetry related to the health and operation of Azure itself includes data about the operation and management of your Azure subscription. It includes service health data stored in the Azure Activity log and audit logs from Azure Active Directory.
Azure Service Health provides information about the health of the Azure services in your subscription that your application and resources rely on. You can create alerts to be notified of current and expected critical issues that may affect your application. Service Health records are stored in the Azure Activity log, so you can view them in the Activity Log Explorer and copy them into Log Analytics.
The Azure Activity Log includes service health records along with records on any configuration changes made to your Azure resources. The Activity log is available to all Azure resources and represents their external view. The specific types of records in the Activity Log are described in Azure Activity Log event schema.
You can view the Activity Log for a particular resource on its page in the Azure portal or view logs from multiple resources in the Activity Log Explorer. It's particularly useful to copy the log entries to Log Analytics to combine it with other monitoring data. You can also send them to other locations using Event Hubs.
Metrics and resource level diagnostic logs provide information about the internal operation of Azure resources. These are available for most Azure services, and management solutions provide additional insights into particular services.
Most Azure services will generate platform metrics that reflect their performance and operation. The specific metrics will vary for each type of resource. They are accessible from the Metrics explorer and can be copied to Log Analytics for trending and other analysis.
While the Activity Log provides information about operations performed on an Azure resources, resource level Diagnostic logs provide insights into the operation of the resource itself. The configuration requirements and content of these logs varies by resource type.
You can't directly view diagnostic logs in the Azure portal, but you can send them to Azure storage for archiving and export them to Event Hub for redirection to other services, or to Log Analytics for analysis. Some resources can write directly to Log Analytics while others write to a storage account before being imported into Log Analytics.
Monitoring solutions collect data to provide additional insight into the operation of a particular service or application. They collect data into Log Analytics where it may be analyzed using the query language or views that are typically included in the solution.
Compute resources in Azure, in other clouds, and on-premises have a guest operating system to monitor. With the installation of one or more agents, you can gather telemetry from the guest into the same monitoring tools as the Azure services themselves.
With the Azure Diagnostics extension, it provides a basic level of monitoring by collecting logs and performance data from the client operating system of Azure compute resources.
Comprehensive monitoring and management of your Windows or Linux virtual machines or physical computer is delivered with the Log Analytics agent. The virtual machine can be running in Azure, another cloud, or on-premises and the agent connects to Log Analytics either directly or through System Center Operations Manager and allows you to collect data from data sources that you configure or from monitoring solutions that provide additional insights into applications running on the virtual machine.
Service Map and Azure Monitor for VMs requires a Dependency Agent on Windows and Linux virtual machines. This integrates with the Log Analytics agent to collects discovered data about processes running on the virtual machine and external process dependencies. It stores this data in Log Analytics and visualizes the discovered interconnected components.
To further understand the differences between the agents and which to use depending on your monitoring requirements, see monitoring agents overview.
In addition to telemetry that your application may write to the guest operating system, detailed application monitoring is done with Application Insights. Application Insights can collect data from applications running on a variety of platforms. The application can be running in Azure, another cloud, or on-premises.
When you enable Application Insights for an application by installing an instrumentation package, it collects metrics and logs related to the performance and operation of the application. This includes detailed information about page views, application requests, and exceptions. Application Insights stores the data it collects in Azure Metrics and Log Analytics. It includes extensive tools for analyzing this data, but you can also analyze it with data from other sources using tools such as Metrics Explorer and log searches.
You can also use Application Insights to create a custom metric. This allows you to define your own logic for calculating a numeric value and then storing that value with other metrics that can be accessed from the Metric Explorer and used for Autoscale and Metric alerts.
In order to monitor different logical operations of an application, you must collect telemetry across multiple components. Application Insights supports distributed telemetry correlation which identifies the dependencies between components allowing you to analyze them together.
Availability tests in Application Insights allow you to test the availability and responsiveness of your application from different locations on the public Internet. You can do a simple ping test to verify that the application is alive or use Visual Studio to create a web test that simulates a user scenario. Availability tests don't require any instrumentation in the application.
In addition to the standard tiers of an application, you may need to monitor other resources that have telemetry that can't be collected with the other data sources. For these resources, you need to write this data using an Azure Monitor API.
Azure Monitor can collect log data from any REST client using the Data Collector API. This allows you to create custom monitoring scenarios and extend monitoring to resources that don't expose telemetry through other sources.
- Learn more about the types of monitoring data collected by Azure Monitor and how to view and analyze this data.