Monitoring in Azure
Logging
- At the subscription level there are control plane logs called Activity Logs. There is no cost for these logs.
- At the resource level there are no logs by default, but you can enable Diagnostic Settings to get Resource Logs.
- Activity Logs and Resource Logs are Platform Logs
Azure Monitor Metrics
- Azure Monitor collects platform metrics from Azure resources at a default frequency of 1 minute.
Alerting
- Alerts are composed of Alert Rules, Action Groups, and Actions.
- Alert Rules are composed of:
- The resources to be monitored.
- The signal or data from the resource.
- Conditions.
- Action groups are a list of actions to take when an alert triggers
- Actions are things like, email, SMS, and push notifications. It also includes various forms of initiating automation (Azure Functions, webhooks, etc.).
- Alert processing rules: You can use alert processing rules to make modifications to triggered alerts as they're being fired. You can use alert processing rules to add or suppress action groups, apply filters, or have the rule processed on a predefined schedule.
- Alerts are stored for 30 days and are deleted after the 30-day retention period.
- A single Action Group supports multiple notification types (e.g. SMS, email, app push notifications, etc)
- In production, both SMS and voice are limited to no more than one notification every five minutes, or a max of 20 in 1 hour.
- In testing, both SMS and voice are limited to no more than one notification every minute, or a max of 60 in 1 hour.
Type Of Alerts
- Metric alerts - e.g. CPU or memory usage of a VM
- Log search alerts
- Activity log alerts - control plane events, e.g. when a VM is started or stopped
- Service Health
Stateless/Stateful
- log and metric alerts can be stateless or stateful
- Stateless alerts fire each time the condition is met, even if fired previously.
- Stateful alerts fire when the condition is met. They don't fire again or trigger any more actions until the conditions are resolved.
Service Health
- Service Health Alerts are only supported in public clouds within the global region. For Action Groups to properly function in response to a Service Health Alert the region of the action group must be set as “Global”.
Action Groups
- You can add up to five action groups to an alert rule.
- 10 SMS actions per action group
- 10 voice actions per action group
- Action groups are executed concurrently, in no specific order.
- Multiple alert rules can use the same action group.
- Action Groups are defined by the unique set of actions and the users to be notified. For example, if you want to notify User1, User2 and User3 by email for two different alert rules, you only need to create one action group which you can apply to both alert rules.
- Email: No more than 100 emails every hour for each email address per region
- SMS:
- In production: No more than one SMS message every five minutes (or 20 per hour).
- In a test action group: No more than one SMS every one minute (or 60 per hour).
Log Analytics
Log Queries
- The KQL search operator can be used to search across multiple tables and columns for a specified value.
Network Watcher
Azure Network Watcher provides a suite of tools to monitor, diagnose, view metrics, and enable or disable logs for Azure IaaS (Infrastructure-as-a-Service) resources. Network Watcher enables you to monitor and repair the network health of IaaS products like virtual machines (VMs), virtual networks (VNets), application gateways, load balancers, etc. Network Watcher isn't designed or intended for PaaS monitoring or Web analytics.
Azure Advisor
- Advisor is a digital cloud assistant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources.
- The Cost feature of Advisor will allow you to identify underutilized VMs.