Day 12 - Azure Monitor and Log Analytics


Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

A key feature of Azure Monitor is its ability to provide real-time metrics, enabling immediate insights into the performance of resources. Azure Monitor can be particularly useful for point-in-time or short-time scale monitoring of individual resources, offering easy-to-interpret charts and the ability to create alerts for specific resources directly from the portal.

High-level architecture view of Azure Monitor. Source:

Log Analytics is just a powerful analysis tool within Azure Monitor.

It extends the monitoring capabilities by enabling the querying and analysis of large volumes of log data across different Azure resources. This is particularly useful for long-term trend analysis, combining metrics from various sources, and conducting complex queries over large data series.

The queries must be in Kusto Query Language.

Azure Log Analytics
Azure Log Analytics Dashboard. Source:

In conclusion, Azure Monitor and Log Analytics collectively offer a robust solution for monitoring Azure resources. While Azure Monitor provides a lot of features including aggregation of logs, real-time insights and performance metrics, Log Analytics allows advanced query capabilities and extensive log data analysis.

There’s Log Analytics Agent (now in deprecation phase) which allowed for the collection of any log data, including custom logs, providing a broader scope of analysis compared to the primarily performance-oriented metrics of Azure Monitor.

However, now Azure Monitor Agent is set to replace the Log Analytics agent for Windows and Linux machines.

Subscribe here to get a weekly gist of Azure Security posts directly to your email.

Follow me on LinkedIn and X to be get my posts on Cloud Security and DevSecOps.