You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-solution-to-log-monitor-azure-resources/includes/1-introduction.md
+2-12Lines changed: 2 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,20 +24,10 @@ In this module, you learn how to:
24
24
25
25
## Skills measured
26
26
27
-
The content in the module helps you prepare for Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions. The module concepts are covered in:
28
-
29
-
Design identity, governance, and monitoring solutions
30
-
31
-
- Design a solution for logging and monitoring
32
-
33
-
- Recommend a logging solution.
34
-
35
-
- Recommend a solution for routing logs.
36
-
37
-
- Recommend a monitoring solution.
27
+
The content in the module helps you prepare for [Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions](/credentials/certifications/exams/az-305/).
38
28
39
29
## Prerequisites
40
30
41
31
- Conceptual knowledge of monitoring and logging.
42
32
43
-
- Working experience with monitoring and logging cloud environments.
33
+
- Working experience with monitoring and logging cloud environments.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-solution-to-log-monitor-azure-resources/includes/2-design-for-azure-monitor-data-sources.md
+9-11Lines changed: 9 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,28 +26,26 @@ As you develop your monitoring plan, consider these characteristics of Azure Mon
26
26
- The highest tiers are for your application itself.
27
27
- The lower tiers are components of the Azure platform.
28
28
29
-
For more information about data locations and data access, see [Monitoring data locations in Azure](/azure/azure-monitor/monitor-reference).
30
-
31
29
### Things to consider when using Azure Monitor
32
30
33
31
You reviewed how Azure Monitor uses Logs and Metrics. Now consider how to implement these features in your monitoring solution for Tailwind Traders.
34
32
35
-
-**Consider data sources and data access**. Identify what Tailwind Traders resources to monitor. Azure Monitor collects data automatically from a range of components, and the data is accessed in various ways:
33
+
-**Consider data sources and data access**. Azure Monitor collects data using Data Collection Rules (DCRs), which define what data to collect, how to filter and transform it, and where to send it. DCRs are created centrally and assigned to resources via data collection rule associations. The following data types are collected through DCRs by the Azure Monitor Agent (AMA):
36
34
37
35
-**Windows events**. Information sent to the Windows event logging system, including sysmon events.
38
36
39
37
-**Performance counters**. Numerical values measuring performance of different aspects of operating system and workloads.
40
38
41
-
-**Syslog**. Information sent to the Linux event logging system.
42
-
43
-
-**Text Log**. Information sent to a text log file on a local disk.
39
+
-**Syslog**. Information sent to the Linux event logging system.
40
+
41
+
-**IIS logs**. Internet Information Service (IIS) logs from the local disk of Windows machines.
44
42
45
-
-**JSON log**. Information sent to a JSON log file on a local disk.
43
+
-**Custom logs (text and JSON)**. Information sent to text or JSON log files on a local disk, collected via AMA with a custom table schema defined in the DCR.
46
44
47
-
-**IIS logs**. Internet Information Service (IIS) logs from the local disk of Windows machines.
45
+
-**Consider queries on Logs data**. Write log queries using Kusto Query Language (KQL) to analyze your collected data. KQL supports filtering, aggregation, joins, and time-series analysis. For more information about log queries, see [Log queries in Azure Monitor](/azure/azure-monitor/logs/log-query-overview).
48
46
49
-
-**Consider queries on Logs data**. Write log queries to analyze your collected data for Tailwind Traders. For more information about log queries, see [Log queries in Azure Monitor](/azure/azure-monitor/logs/log-query-overview).
47
+
-**Consider alerts based on Logs and Metrics data**. Set up alert rules based on Logs and Metrics data to be proactively notified about system issues. Use Azure Monitor's Recommended Alert Rules feature to enable best-practice alerts for your resources without manual rule authoring. Organize notifications using Action Groups. Use Alert Processing Rules to route, suppress, or modify alerts at scale.
50
48
51
-
-**Consider alerts based on Logs and Metrics data**. Set up alert rules based on Logs data to be proactively notified about system issues. Use Metrics data to identify when critical Tailwind Traders issues occur, such as values that exceed defined limits.
49
+
-**Consider Data Collection Rules for all agent-based data**. Create DCRs in Azure Monitor and assign them to your VMs and hybrid machines using resource associations. Use Azure Policy to enforce DCR assignment at scale. Read more about [Data Collection Rules in Azure Monitor](/azure/azure-monitor/data-collection/data-collection-rule-overview).
52
50
53
-
-**Consider Metrics Explorer to analyze metrics interactively**. Define metrics to monitor about your Tailwind Traders resources, such as peak usage rates, access information, workloads, or incident scenarios. Use the Metrics Explorer to investigate the collected data. For more information about log queries, see [Advanced features of Metrics Explorer](/azure/azure-monitor/essentials/metrics-charts).
51
+
-**Consider Metrics Explorer to analyze metrics interactively**. Define metrics to monitor about your Tailwind Traders resources, such as peak usage rates, access information, workloads, or incident scenarios. Use the [Metrics Explorer](/azure/azure-monitor/metrics/analyze-metrics) to investigate the collected data.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-solution-to-log-monitor-azure-resources/includes/3-design-for-log-analytics.md
+4-10Lines changed: 4 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
Azure Monitor stores [log](/azure/azure-monitor/logs/data-platform-logs) data in an Azure Monitor Logs (Log Analytics) workspace. A workspace is an Azure resource that serves as an administrative boundary or geographic location for data storage. The workspace is also a container where you collect and aggregate data.
1
+
Azure Monitor stores log data in an Azure Monitor Logs (Log Analytics) workspace. A workspace is an Azure resource that serves as an administrative boundary or geographic location for data storage. The workspace is also a container where you collect and aggregate data.
2
2
3
3
While you can deploy one or more workspaces in your Azure subscription, you should ensure your initial deployment follows Microsoft guidelines. The workspace should provide a cost effective, manageable, and scalable deployment that meets your organization's needs.
4
4
@@ -10,11 +10,11 @@ Review these characteristics of Azure Monitor Logs workspaces and consider how t
10
10
11
11
- Data in an Azure Monitor Logs workspace is organized into tables. Each table stores different kinds of data and has its own unique set of properties based on the resource that's generating the data. Most data sources write to their own tables in an Azure Monitor Logs workspace.
12
12
13
-
-A workspace enables you to configure settings like [pricing tier](/azure/azure-monitor/logs/manage-cost-storage), [retention](/azure/azure-monitor/logs/manage-cost-storage#log-data-retention-and-archive), and [data capping](/azure/azure-monitor/logs/daily-cap) based on administrative boundaries or geographic locations.
13
+
-You can set billing and retention for each workspace. Choose commitment tiers for a fixed daily rate or pay-as-you-go with an optional daily cap. Keep data for 30 to 730 days andarchive older logs to save on storage costs. For details, read [Manage costs in Azure Monitor Logs](/azure/azure-monitor/logs/cost-logs).
14
14
15
15
- With Azure role-based access control (Azure RBAC), you can grant users and groups only the amount of access they need to work with monitoring data in a workspace. You can align the user access control with your IT organization operating model by using a single workspace to store collected data enabled on all resources.
16
16
17
-
- Workspaces are hosted on physical clusters. By default, the system creates and manages these clusters. If your system ingests more than 500 GB of data per day, you create your own dedicated clusters for your workspaces to support greater control and higher ingestion rate.
17
+
- Workspaces are hosted on physical clusters. By default, the system creates and manages these clusters. Dedicated clusters are available for workspaces with specific requirements, such as customer-managed key (CMK) encryption, Customer Lockbox, or sustained very high ingestion volumes.
18
18
19
19
### Things to consider when using Azure Monitor Logs workspaces
20
20
@@ -50,10 +50,4 @@ As you consider your options for implementing Azure Monitor Logs workspaces and
50
50
51
51
:::image type="content" source="../media/workspace-design-expanded.png" alt-text="Diagram that shows how to design an Azure Monitor Logs deployment." lightbox="../media/workspace-design-expanded.png" border="false":::
52
52
53
-
The workspace doesn't require data sovereignty or regulatory compliance. The workspace doesn't need to map to the regions where your resources are deployed. Your organization's security and IT admin teams can take advantage of the improved integration with Azure access management and more secure access control.
54
-
55
-
All resources, monitoring solutions, and insights like Application Insights and virtual machine insights are configured to forward their collected log data to the IT organization's centralized shared workspace. Log data from the supporting infrastructure and apps maintained by different teams is also sent to the centralized shared workspace.
56
-
57
-
Users on each team are granted access to logs for resources for which they have access.
58
-
59
-
After you deploy your workspace architecture, you can enforce this same model on Azure resources with [Azure Policy](/azure/governance/policy/overview). You can define policies and ensure compliance with your Azure resources, so they send all their resource logs to a particular workspace. By using Azure Virtual Machines or Virtual Machine Scale Sets, you can use existing policies that evaluate workspace compliance and report results, or customize to remediate if noncompliant.
53
+
All resources, monitoring solutions, and insights — including workspace-based Application Insights and VM Insights — store their collected data directly in the IT organization's centralized Log Analytics workspace. Log data from supporting infrastructure and apps maintained by different teams is also directed to the centralized workspace.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-solution-to-log-monitor-azure-resources/includes/4-design-for-azure-workbooks-insights.md
+5-12Lines changed: 5 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,14 +12,7 @@ Tailwind Traders would like to use Azure Workbooks in its monitoring strategy. T
12
12
13
13
- You can analyze performance logs from virtual machines to identify high CPU or low memory instances and display the results as a grid in an interactive report.
14
14
15
-
- Workbooks are currently compatible with the following data sources:
-[Azure Data Explorer](/azure/azure-monitor/visualize/workbooks-data-sources)
15
+
- Workbooks can extract data from many data sources. Read more on the [Azure Workbooks data sources](/azure/azure-monitor/visualize/workbooks-data-sources) page.
23
16
24
17
### Azure insights and Workbooks
25
18
@@ -40,10 +33,10 @@ Azure insights can help you identify performance issues in the Tailwind Traders
40
33
| Insight | Description |
41
34
| --- | --- |
42
35
|[Application Insights](/azure/azure-monitor/app/app-insights-overview)| Monitor your live web application on any platform by using this extensible Application Performance Management (APM) service that's available in Azure Monitor. |
43
-
|[Container insights](/azure/azure-monitor/containers/container-insights-overview)| Check the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). |
44
-
|[Networks insights](/azure/azure-monitor/insights/network-insights-overview)| Obtain comprehensive information on the health and metrics for all your network resources. Use the advanced search capability to identify resource dependencies. Searching by your website name to locate resources that host your website. |
36
+
|[Container Insights](/azure/azure-monitor/containers/container-insights-overview)| Check the performance of container workloads deployed to either Azure Container Instances or managed Kubernetes clusters hosted on Azure Kubernetes Service (AKS). |
37
+
|[Network Insights](/azure/azure-monitor/insights/network-insights-overview)| Obtain comprehensive information on the health and metrics for all your network resources. Use the advanced search capability to identify resource dependencies. Searching by your website name to locate resources that host your website. |
45
38
|[Resource group insights](/azure/azure-monitor/insights/resource-group-insights)| Triage and diagnose any problems your individual resources encounter, while offering context as to the health and performance of the resource group as a whole. |
46
-
|[Virtual machine insights](/azure/azure-monitor/vm/vminsights-overview)| Monitor your Azure Virtual Machines, Virtual Machine Scale Sets, and other virtual machines. Analyze the performance and health of your Windows and Linux Virtual Machines, and monitor their processes and dependencies on other resources and external processes. |
39
+
|[VM Insights](/azure/azure-monitor/vm/vminsights-overview)| Monitor your Azure Virtual Machines, Virtual Machine Scale Sets, and other virtual machines. Analyze the performance and health of your Windows and Linux Virtual Machines, and monitor their processes and dependencies on other resources and external processes. |
47
40
|[Azure Cache for Redis insights](/azure/azure-monitor/insights/redis-cache-insights-overview)| Review a unified, interactive report of overall performance, failures, capacity, and operational health. |
48
41
|[Azure Cosmos DB insights](/azure/azure-monitor/insights/cosmosdb-insights-overview)| Get information on the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources in a unified interactive experience. |
49
42
|[Azure Key Vault insights](/azure/azure-monitor/insights/key-vault-insights-overview)| Monitor your key vaults by using a unified report of your Key Vault requests, performance, failures, and latency. |
@@ -57,4 +50,4 @@ Tailwind Traders is interested in using Azure insights and Workbooks in their mo
57
50
58
51
-**Consider Azure insights and data analysis**. Include Azure insights for a custom monitoring experience for Tailwind Traders apps and services. Review insights about your network, VMs, and other Azure resources. Collect Logs and Metrics data from Workbooks and analyze the data.
59
52
60
-
-**Consider combined data sources and visual reporting**. Combine data from Tailwind Traders sources in a single report. Create composite resource views for more robust data and greater insights. Prepare rich visual reports within the Azure portal.
53
+
-**Consider combined data sources and visual reporting**. Combine data from Tailwind Traders sources in a single report. Create composite resource views for more robust data and greater insights. Prepare rich visual reports within the Azure portal.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-solution-to-log-monitor-azure-resources/includes/5-design-for-azure-data-explorer.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -20,7 +20,7 @@ The following diagram shows a hybrid end-to-end monitoring solution integrated w
20
20
21
21
-**Consider native capabilities in Azure Monitor**. Implement the native capabilities of Azure Monitor to monitor Tailwind Traders IT assets, run and monitor tasks from the dashboard, and set up alerts to ingest logs from VMs and services.
22
22
23
-
-**Consider features of Microsoft Sentinel**. Combine features provided by Microsoft Sentinel and Azure Monitor with Azure Data Explorer to build a flexible and cost-optimized end-to-end monitoring solution for Tailwind Traders.
23
+
-**Consider features of Microsoft Sentinel**. Microsoft Sentinel is Azure’s SIEM and SOAR platform. It collects security logs from Azure, on-premises, and multi-cloud sources into Log Analytics, providing unified monitoring and security. Use Microsoft Sentinel, Azure Monitor, and Azure Data Explorer together for a comprehensive and cost-effective solution.
24
24
25
25
-**Consider advantages of Azure Data Explorer**. Take advantage of the flexibility and control offered by Azure Data Explorer for all aspects and types of logs in the following scenarios:
26
26
@@ -32,4 +32,4 @@ The following diagram shows a hybrid end-to-end monitoring solution integrated w
32
32
33
33
- Azure Data Explorer supports long data retention in a cost effective manner.
34
34
35
-
- Azure Data Explorer, as a unified big data analytics platform, allows you to build advanced analytics scenarios. You can have a centralized Tailwind Traders repository for different types of logs.
35
+
- Azure Data Explorer, as a unified big data analytics platform, allows you to build advanced analytics scenarios. You can have a centralized Tailwind Traders repository for different types of logs.
0 commit comments