Azure Monitor is a monitoring solution for Azure, Azure Stack and external resources. It can be uses to aggregate metrics and log data from resources in multiple subscriptions so that they can be queried from a single location.

Whereas resource Diagnostic settings allow resource-level collection of data, Azure Monitor provides higher-level overviews and processing.

Data sources

  • Service Health
  • Azure resources
    • Logs
      • Activity Logs
      • Diagnostic Logs
    • Metrics
  • Application Insights
    • Logs


Alert rules can be based on metrics and log queries. They comprise:

  • Resources determine where the metrics are sourced from.
  • Thresholds (either static, or dynamic based on historical data) act as triggers.
  • Actions (e.g. send to ITSM, notify operator) define what happens.
    • Action Groups allow performing multiple actions.
    • Action Rules allow reuse of actions across Alerts.


Graphs from Azure Monitor can be exported to Azure Portal Dashboards for easier access and better visibility.


Workbooks are shareable, interactive reports. They're comprised of a series of independently editable sections and can be annotated with Markdown to provide context for the metrics.

VM monitoring agents

Azure's clusterfuck of monitoring agents have grown organically and there's a lot of messy feature inconsistencies:

  • Azure Monitor agent is in preview:
    • Doesn't support solutions and insights like Azure Monitor for VMs/Security Centre.
    • No syslog or journal support; requires manual configuration of file-based collection.
  • Diagnostics extension (LAD)
  • Telegraf agent
  • Log Analytics agent:
    • Generally the one to use on Linux hosts.
    • Formerly known as the OMS agent.
    • Syslog only, so loses all useful context available in the journal.
  • Dependency Agent


Insights provide pre-packaged, per-service sets of the most pertinent metrics to ease getting started with different Azure Services. Examples include VMs, containers, databases and storage accounts.

Application Insights

Application Insights is a separate SDK product, allowing applications to contribute their own metrics. The product is auditable and can be centrally managed via Azure Policy.


Formerly known as Log Analytics, Azure Monitor Log can collect logs from a range of sources.

Kusto query language

| where FieldName contains "some text"
| where ActivityStatus == "Succeeded"