Azure Monitor is a service that delivers a comprehensive solution for collecting, analyzing, and acting on telemetry (metrics and logs) from your cloud and on-premises environments.

• Platform Logs

• By default the Activity Log keeps logs for 90 days.

• Metrics are numeric values collected at regular intervals (e.g. CPU utilization, disk IOPS, network connections, etc.)
  • Metrics are produced automatically without any configuration done by the user
• Logs are textual data that are produced organically as things occur in the environment (e.g. user login event)
  • Logs are not collected until things are collected until configuration is done by administrators
• Most Azure resources have an option to enable Diagnostic Logs
• Azure Monitoring Agent (AMA) is an agent that runs on Windows or Linux OS that can collect logs and metrics.
• Some logs are automatically generated by resources by default, but for more details logging it maybe necessary to enabled diagnostics logs for a resource, or, in the case of VMs, install an agent on the OS.

• https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/control-plane-and-data-plane

These logs differ from the activity log. The activity log provides insight into the operations, such as creating a VM or deleting a logic app, that Azure Resource Manager performed on resources in your subscription using. The activity log is a subscription-level log. Resource-level diagnostic logs provide insight into operations that were performed within that resource itself, such as getting a secret from a key vault.

• activity logs represent events on the control/management plane
• diagnostic logs represent events on the data plane
• diagnostic logs may be referred to as resource logs; they represent operations that were performed within a resource

• Resource logs are automatically generated by supported Azure resources, but they aren't available to be viewed unless you create a diagnostic setting.

• To install AMA on a machine it needs to be registered with a Log Analytics Workspace and this is done by specify the Workspace ID and Workspace key.