|
| 1 | +--- |
| 2 | +title: Log Analytics and Application Insights connectors in Azure SRE Agent |
| 3 | +description: Connect your agent to Azure Log Analytics workspaces and Application Insights resources for direct KQL queries during investigations. |
| 4 | +ms.topic: feature-guide |
| 5 | +ms.service: azure-sre-agent |
| 6 | +ms.date: 04/06/2026 |
| 7 | +author: dchelupati |
| 8 | +ms.author: dchelupati |
| 9 | +ms.ai-usage: ai-assisted |
| 10 | +ms.custom: log-analytics, application-insights, azure-monitor, kql, connectors, workspaces, mcp |
| 11 | +#customer intent: As an SRE, I want to connect my agent to Log Analytics workspaces so that it can query my operational logs during incident investigations. |
| 12 | +--- |
| 13 | + |
| 14 | +# Log Analytics and Application Insights connectors in Azure SRE Agent |
| 15 | + |
| 16 | +> [!WARNING] |
| 17 | +> This feature is in preview behind the **EnableMonitorClient** feature flag. To enable it, go to **Settings > Experimental Settings**, add `EnableMonitorClient`, and toggle it on. |
| 18 | +
|
| 19 | +> [!TIP] |
| 20 | +> - **Query Log Analytics workspaces** directly from chat—no Kusto cluster required. |
| 21 | +> - **Connect Application Insights** resources for app-level diagnostics. |
| 22 | +> - **Multi-select workspaces** in a single connector—one setup covers all your data. |
| 23 | +> - **RBAC auto-assigned**—the agent grants itself the right permissions on save. |
| 24 | +
|
| 25 | +## The problem |
| 26 | + |
| 27 | +Most Azure teams store operational data in Log Analytics workspaces—VM performance, security events, custom logs. When an incident hits, you open the Azure portal, navigate to your workspace, and write KQL queries manually. Your SRE Agent is investigating the same incident but can't see your logs unless you set up a Kusto connector pointing at the underlying ADX cluster—which most teams don't have direct access to. |
| 28 | + |
| 29 | +Application Insights holds your app-level telemetry—request traces, exceptions, dependencies. Same gap: the agent can't query it natively. |
| 30 | + |
| 31 | +## What these connectors solve |
| 32 | + |
| 33 | +Log Analytics and App Insights connectors give your agent direct access to your monitoring data through the Azure Monitor MCP backend. No Kusto cluster setup, no manual RBAC configuration. |
| 34 | + |
| 35 | +| Before | After | |
| 36 | +|--------|-------| |
| 37 | +| Agent can't see your Log Analytics data | Agent queries workspaces directly via KQL | |
| 38 | +| App Insights requires Kusto cluster access | Agent connects to App Insights resources natively | |
| 39 | +| Manual RBAC role assignments on each resource group | Roles auto-assigned on save | |
| 40 | +| One workspace per connector | Multi-select workspaces in a single connector | |
| 41 | + |
| 42 | +## How it works |
| 43 | + |
| 44 | +1. **Enable**—Turn on `EnableMonitorClient` in Experimental Settings. |
| 45 | +1. **Add connector**—Select the **Telemetry** tab, then select Log Analytics or App Insights from the connector picker. |
| 46 | +1. **Select resources**—Multi-select workspaces or resources from an auto-discovered list. |
| 47 | +1. **Save**—RBAC roles are automatically assigned to your agent's managed identity. |
| 48 | +1. **Query**—Ask your agent about your logs in natural language. |
| 49 | + |
| 50 | +Behind the scenes, the agent creates a MonitorClient MCP connector that uses Azure MCP Server's monitor namespace—read-only, managed-identity-authenticated, with results rendered as tables in chat. |
| 51 | + |
| 52 | +### RBAC roles auto-assigned |
| 53 | + |
| 54 | +When you save a connector, the agent assigns these roles to its managed identity on each resource group that contains a selected workspace or resource: |
| 55 | + |
| 56 | +- **Log Analytics Reader**—read access to log data and workspace configuration |
| 57 | +- **Monitoring Reader**—read access to monitoring metrics |
| 58 | +- **Reader**—read access to resource metadata in the resource group |
| 59 | + |
| 60 | +You don't need to configure Azure resource scope or subscription access separately. The agent discovers workspaces from the subscription it already has scope over, and the roles are assigned automatically to the resource groups where your selected workspaces live. |
| 61 | + |
| 62 | +### What the agent can do |
| 63 | + |
| 64 | +Once connected, the agent can: |
| 65 | + |
| 66 | +- **List available tables** in your workspaces |
| 67 | +- **Run KQL queries** against connected workspaces or App Insights resources |
| 68 | +- **Correlate log data** with other data sources during investigations |
| 69 | +- **Display results as tables** in chat |
| 70 | + |
| 71 | +## Example |
| 72 | + |
| 73 | +During an incident investigation, your agent detects elevated error rates. With a connected Log Analytics workspace, it runs: |
| 74 | + |
| 75 | +```text |
| 76 | +Show me failed sign-in events from the last 24 hours grouped by user principal name |
| 77 | +``` |
| 78 | + |
| 79 | +The agent queries your `SigninLogs` table via KQL, finds a pattern of failed MFA attempts from a single IP range, and surfaces the finding in its investigation timeline—all without you leaving the chat. |
| 80 | + |
| 81 | +## Related content |
| 82 | + |
| 83 | +- [Azure Data Explorer connector](kusto-connector.md) |
| 84 | +- [Log Analytics and Application Insights](log-analytics-app-insights.md) |
| 85 | +- [Diagnose Azure observability issues](diagnose-azure-observability.md) |
0 commit comments