Table of Contents
As an Azure Administrator preparing for the AZ-104 exam, understanding how to query and analyze logs is key to managing operational aspects of your deployed services effectively.
Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Azure Monitor Logs is a feature within Azure Monitor that collects and organizes log and performance data from monitored resources. Data collected by Azure Monitor Logs is stored in a Log Analytics workspace and is a primary source for querying and analyzing log data.
To query logs, you must use the Kusto Query Language (KQL), which is a powerful tool used in Azure to retrieve and analyze data from a Log Analytics workspace. KQL is similar to SQL but is designed specifically for querying large volumes of data in an ad-hoc way.
To retrieve information on all the error-level logs for a particular resource within the last 24 hours, you can use the following query:
AzureDiagnostics
| where TimeGenerated > ago(24h)
| where Level == “Error”
| project TimeGenerated, ResourceId, OperationName, Message
| sort by TimeGenerated desc
Analyzing logs is invaluable for troubleshooting issues, performing root cause analysis, and optimizing performance.
Azure Monitor Insights provides a customized monitoring experience for various Azure services. Insights offers a preconfigured set of visualizations and queries that understand the schema of the specific monitored data and how to combine and present it.
For example, with Virtual Machine Insights, you can quickly identify performance bottlenecks, such as high CPU usage, by using out-of-the-box charts and querying capabilities.
Perf
| where ObjectName == “Processor” and CounterName == “% Processor Time”
| summarize avg(CounterValue) by bin(TimeGenerated, 5m), Computer
| render timechart
This query would generate a time chart depicting the average CPU usage over time.
Azure Monitor provides several solutions that extend its capabilities. These solutions include pre-packed KQL queries, visualizations, and dashboards for specific tasks like monitoring network performance, updates, or security.
You can create alerts based on the metrics or logs. These alerts will notify you or trigger automated actions when specific criteria are met.
An alert rule to notify when a virtual machine experiences high CPU utilization:
Azure Service Health is a suite of experiences within Azure Monitor that provides personalized information about the health of your Azure services. Combining Azure Service Health with Azure Monitor Logs allows you to correlate health events with logged telemetry data.
Azure Monitor also integrates with Azure Security Center and Azure Policy to assist in compliance and security efforts. By analyzing logs with the context of your policy assignments and security posture, you can take proactive steps to secure your Azure environment.
When preparing for the AZ-104 Microsoft Azure Administrator exam, familiarize yourself with the tools and practices surrounding log analysis within Azure. Focus on understanding the KQL, how to set up monitoring solutions, create actionable insights with alerts, and comply with security and governance best practices. These skills will be invaluable for not only the exam but also your role as an Azure Administrator.
Correct Answer: True
Explanation: KQL is the language used to query Azure Log Analytics data and can be used to write both simple and complex log queries.
Correct Answer: A, B, C
Explanation: You can use Azure Monitor to perform log queries on data from Virtual Machine metrics, Azure Activity Log, and Application Insights. Blob storage logs are not directly queried using Azure Monitor, but you can store them in Azure Monitor Logs if you have set up the configuration to do so.
Correct Answer: A
Explanation: Azure Monitor is the service that collects, analyzes, and acts on telemetry data from Azure and on-premises environments, helping to understand system and application performance and operation.
Correct Answer: True
Explanation: Azure Log Analytics is a feature within Azure Monitor that helps you to collect and analyze logs from multiple sources.
Correct Answer: B
Explanation: The default retention period for Azure Monitor Logs is 31 days, but you can adjust it based on your requirements.
Correct Answer: D
Explanation: Azure Monitor uses Workbooks to provide rich visualizations for log data, alongside the ability to create interactive reports and complex custom visualizations.
Correct Answer: A, B, D
Explanation: Azure Monitor, Azure Logic Apps, and Azure Automation can be used to create alerts based on log data. Azure Monitor directly provides alerting on metrics and logs, Azure Logic Apps can be triggered by an alert to perform an action, and Azure Automation can run a runbook in response to an alert.
Correct Answer: True
Explanation: An agent, known as the Microsoft Monitoring Agent (MMA), is needed to be installed on on-premises servers to collect data for Azure Log Analytics.
Correct Answer: D
Explanation: Azure Log Analytics is used for monitoring, troubleshooting, and analyzing data from a variety of sources including real-time performance data. It is not used for enforcing Azure subscription policies, which is a function of Azure Policy.
Correct Answer: True
Explanation: Azure Monitor allows you to export the results of log queries to Power BI datasets for further analysis and visualization in the Power BI service.
Correct Answer: D
Explanation: Azure Monitor stores log data in a specialized table storage format optimized for cost and performance of log data.
Correct Answer: True
Explanation: Azure Automation runbooks can be used to create automated workflows that respond to log alerts triggered in Azure Monitor.
If this material is helpful, please leave a comment and support us to continue.