Azure Monitor is the umbrella service for all observability in Azure. It collects metrics and logs from Azure resources, applications, and operating systems, then surfaces insights through dashboards, alerts, and integrated tools.
Azure Monitor
Azure Monitor automatically collects platform metrics from most Azure services — CPU, disk IOPS, network bytes, request counts, and more. No configuration needed; data is retained for 93 days by default.
Key components:
- Metrics Explorer: Chart and analyse numeric time-series metrics in real time
- Alerts: Trigger notifications when a metric or log condition is met
- Dashboards and Workbooks: Custom visualisations combining metrics, logs, and text
- Diagnostic Settings: Route resource logs and metrics to a Log Analytics Workspace, Storage Account, or Event Hub
Log Analytics Workspace
A Log Analytics Workspace is the centralised store for log data in Azure Monitor. Logs from Azure resources, VMs (via the Azure Monitor Agent), and applications are ingested and stored here.
Queries are written in Kusto Query Language (KQL) — a powerful, read-only query language designed for large log data sets.
Example KQL query to find all errors in the last hour:
AzureDiagnostics
| where TimeGenerated > ago(1h)
| where Level == "Error"
| summarize count() by Resource, bin(TimeGenerated, 5m)Application Insights
Application Insights is an Application Performance Monitoring (APM) service built into Azure Monitor. It provides deep visibility into application code.
Key capabilities:
- Distributed tracing: End-to-end request tracing across microservices
- Dependency tracking: Visualise calls to databases, HTTP services, and queues
- Live Metrics Stream: Real-time telemetry with near-zero latency
- Availability tests: Synthetic monitoring from global test locations
- Smart Detection: AI-powered anomaly detection for failure rates and performance degradation
- Application Map: Visual topology of your application's components and their health
Supported via SDKs for .NET, Java, Node.js, Python, and via OpenTelemetry.
Azure Alerts
Alerts notify you when conditions are met. Alert types:
| Alert Type | Based On | Example |
|---|---|---|
| Metric alert | Numeric metric threshold | CPU > 90% for 5 minutes |
| Log alert | KQL query result count or value | More than 100 errors in 10 minutes |
| Activity Log alert | Azure control-plane events | VM deleted, NSG modified |
| Smart Detection alert | AI anomaly detection | Sudden failure rate increase |
Alert notifications can be sent via email, SMS, Azure mobile app, webhook, or Action Groups (multi-channel).
Azure Advisor
Azure Advisor is a personalised cloud consultant that analyses your Azure usage and recommends improvements across five pillars:
- Cost: Right-size or shut down underutilised VMs, purchase Reserved Instances
- Security: Enable MFA, fix exposed secrets, apply security configurations
- Reliability: Add redundancy, enable backups, configure zone-redundant resources
- Performance: Use read replicas, enable CDN caching, upgrade VM sizes
- Operational Excellence: Apply tags, use Azure Policy, update deprecated APIs