Analyze your Azure infrastructure by using Azure Monitor logs - VishalPatangay/My-devops-repo GitHub Wiki
Azure Monitor is a service for collecting and analyzing telemetry. It helps you get maximum performance and availability for your cloud applications, and for your on-premises resources and applications. It shows how your applications are performing and identifies any issues with them. The organization is running large-scale production apps in the cloud. The operations team wants to consolidate its log data in a single service to improve visibility across services and simplify its logging strategy.
Features of Azure Monitor
Data collection in Azure Monitor
Azure Monitor collects two fundamental types of data: metrics and logs. Metrics tell you how the resource is performing, and the other resources that it's consuming. Logs contain records that show when resources are created or modified.
Because Azure Monitor is an automatic system, it begins to collect data from these sources as soon as you create Azure resources such as virtual machines and web apps. You can extend the data that Azure Monitor collects by:
Enabling diagnostics: For some resources, such as Azure SQL Database, you receive full information about a resource only after you have enabled diagnostic logging for it. You can use the Azure portal, the Azure CLI, or PowerShell to enable diagnostics. Adding an agent: For virtual machines, you can install the Log Analytics agent and configure it to send data to a Log Analytics workspace. This agent increases the amount of information that's sent to Azure Monitor.
Logs
Logs contain time-stamped information about changes made to resources. The type of information recorded varies by log source. The log data is organized into records, with different sets of properties for each type of record. The logs can include numeric values such as Azure Monitor metrics, but most include text data rather than numeric values. The most common type of log entry records an event. Events can occur sporadically rather than at fixed intervals or according to a schedule. Events are created by applications and services, which provide the context for the events.
Metrics
Metrics are numerical values that describe some aspect of a system at a point in time. Azure Monitor can capture metrics in near real time. The metrics are collected at regular intervals and are useful for alerting because of their frequent sampling.
Analyzing logs by using Kusto
To retrieve, consolidate, and analyze data, you specify a query to run in Azure Monitor logs. You write a log query with the Kusto query language, which is also used by Azure Data Explorer. Log queries can be tested in the Azure portal so you can work with them interactively.
1. What data does Azure Monitor collect? Data from a variety of sources, such as the application event log, the operating system (Windows and Linux), Azure resources, and custom data sources
What two fundamental types of data does Azure Monitor collect? Azure Monitor collects two types of data: metrics and logs. Metrics are numerical values that describe some aspect of a system at a particular time. Logs contain different kinds of data, such as event information, organized into records.
Create basic Azure Monitor log queries to extract information from log data
Query by kutsu(case sensitive language)
Events
| where StartTime >= datetime(2018-11-01) and StartTime < datetime(2018-12-01)
| where State == "FLORIDA"
| count
Heartbeat | summarize arg_max(TimeGenerated, *) by ComputerIP
Gives list of most recent 10 security events SecurityEvent | take 10
This query fetches records that are more than 30 minutes old and that have a level of 10 or more.
SecurityEvent | where TimeGenerated < ago(30m) | where toint(Level) >= 10
Heartbeat | where TimeGenerated >= startofweek(ago(21d)) | summarize dcount(Computer) by endofweek(TimeGenerated) | render barchart kind=default
Capture and view page load times in your Azure web app with Application Insights
Application Insights is an Azure service that you can use to monitor the behavior and performance of a web application. If you run a web app in Azure, you can take advantage of several benefits provided by Application Insights simply by enabling it, without changing any of your code.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. It monitors live web applications and you can enable it for many Azure App Service web apps without modifying any of the app's code.
## Enable Application Insights on an Azure web app
What is Application Insights? Application Insights is an Azure service that helps you to monitor the performance and behavior of web applications.
It mostly captures two kinds of data: events and metrics. Application Insights resources Application Insights is represented in Azure as a resource deployed to one of your subscriptions. Each Application Insights resource you create is a repository for application telemetry data. It includes the various displays and configuration tools that you can view from the Azure portal. To send telemetry data to an Application Insights resource from an app, you need to configure the app with the instrumentation key of the Application Insights resource. After the resource starts to receive telemetry data, you can use the Azure portal to explore and analyze it.
Enabling runtime instrumentation
You want to make sure that admins know as soon as a web app becomes overloaded. Which feature of Application Insights should you use? You can create an alert that triggers when a condition is satisfied - for example, when the web app is overloaded. When the alert triggers, you can configure it to send an email, for example, to inform admins.
You have a Linux-based web app that runs in the Azure App Service. You want to display basic performance data in an Application Insights dashboard. Which method should you use to instrument your app?Because your app is based on Linux, you need to use build-time instrumentation. Runtime instrumentation and automatic client-side telemetry are available only for Windows apps.