Azure Monitor data sources and data collection methods
Azure Monitor is based on a common monitoring data platform that allows different types of data from multiple types of resources to be analyzed together using a common set of tools. Currently, different sources of data for Azure Monitor use different methods to deliver their data, and each typically require different types of configuration. This article describes common sources of monitoring data collected by Azure Monitor and their data collection methods. Use this article as a starting point to understand the option for collecting different types of data being generated in your environment.
Important
There is a cost for collecting and retaining most types of data in Azure Monitor. To minimize your cost, ensure that you don't collect any more data than you require and that your environment is configured to optimize your costs. See Cost optimization in Azure Monitor for a summary of recommendations.
Azure resources
Most resources in Azure generate the monitoring data described in the following table. Some services will also have other data that can be collected by enabling other features of Azure Monitor (described in other sections in this article). Regardless of the services that you're monitoring though, you should start by understanding and configuring collection of this data.
Create diagnostic settings for each of the following data types can be sent to a Log Analytics workspace, archived to a storage account, or streamed to an event hub to send it to services outside of Azure. See Create diagnostic settings in Azure Monitor.
Data type | Description | Data collection method |
---|---|---|
Activity log | The Activity log provides insight into subscription-level events for Azure services including service health records and configuration changes. | Collected automatically. View in the Azure portal or create a diagnostic setting to send it to other destinations. Can be collected in Log Analytics workspace at no charge. See Azure Monitor activity log. |
Platform metrics | Platform metrics are numerical values that are automatically collected at regular intervals for different aspects of a resource. The specific metrics vary for each type of resource. | Collected automatically and stored in Azure Monitor Metrics. View in metrics explorer or create a diagnostic setting to send it to other destinations. See Azure Monitor Metrics overview and Supported metrics with Azure Monitor for a list of metrics for different services. |
Resource logs | Provide insight into operations that were performed within an Azure resource. The content of resource logs varies by the Azure service and resource type. | You must create a diagnostic setting to collect resources logs. See Azure resource logs and Supported services, schemas, and categories for Azure resource logs for details on each service. |
Log data from Microsoft Entra ID
Audit logs and sign in logs in Microsoft Entra ID are similar to the activity logs in Azure Monitor. Use diagnostic settings to send the activity log to a Log Analytics workspace, to archive it to a storage account, or to stream to an event hub to send it to services outside of Azure. See Configure Microsoft Entra diagnostic settings for activity logs.
Data type | Description | Data collection method |
---|---|---|
Audit logs Signin logs |
Enable you to assess many aspects of your Microsoft Entra ID environment, including history of sign-in activity, audit trail of changes made within a particular tenant, and activities performed by the provisioning service. | Collected automatically. View in the Azure portal or create a diagnostic setting to send it to other destinations. |
Apps and workloads
Application data
Application monitoring in Azure Monitor is done with Application Insights, which collects data from applications running on various platforms in Azure, another cloud, or on-premises. When you enable Application Insights for an application, it collects metrics and logs related to the performance and operation of the application and stores it in the same Azure Monitor data platform used by other data sources.
See Application Insights overview for further details about the data that Application insights collected and links to articles on onboarding your application.
Data type | Description | Data collection method |
---|---|---|
Logs | Operational data about your application including page views, application requests, exceptions, and traces. Also includes dependency information between application components to support Application Map and data correlation. | Application logs are stored in a Log Analytics workspace that you select as part of the onboarding process. |
Metrics | Numeric data measuring the performance of your application and user requests measured over intervals of time. | Metric data is stored in both Azure Monitor Metrics and the Log Analytics workspace. |
Traces | Traces are a series of related events tracking end-to-end requests through the components of your application. | Traces are stored in the Log Analytics workspace for the app. |
Infrastructure
Kubernetes cluster data
Azure Kubernetes Service (AKS) clusters create the same activity logs and platform metrics as other Azure resources. In addition to this host data though, they generate a common set of cluster logs and metrics that you can collect from your AKS clusters and Arc-enabled Kubernetes clusters.
Data type | Description | Data collection method |
---|---|---|
Cluster Metrics | Usage and performance data for the cluster, nodes, deployments, and workloads. | Enable managed Prometheus for the cluster to send cluster metrics to an Azure Monitor workspace. See Enable Prometheus and Grafana for onboarding and Default Prometheus metrics configuration in Azure Monitor for a list of metrics that are collected by default. |
Logs | Standard Kubernetes logs including events for the cluster, nodes, deployments, and workloads. | Enable Container insights for the cluster to send container logs to a Log Analytics workspace. See Enable Container insights for onboarding and Configure data collection in Container insights using data collection rule to configure which logs are collected. |
Custom sources
For any monitoring data that you can't collect with the other methods described in this article, you can use the APIs in the following table to send data to Azure Monitor.
Data type | Description | Data collection method |
---|---|---|
Logs | Collect log data from any REST client and store in Log Analytics workspace. | Create a data collection rule to define destination workspace and any data transformations. See Logs ingestion API in Azure Monitor. |
Next steps
- Learn more about the types of monitoring data collected by Azure Monitor and how to view and analyze this data.