Monitor Azure Virtual Machines
This article describes:
- The types of monitoring data you can collect for this service.
- How to analyze that data.
Note
If you're already familiar with this service and/or Azure Monitor and just want to know how to analyze monitoring data, see the Analyze section near the end of this article.
When you have critical applications and business processes that rely on Azure resources, you need to monitor and get alerts for your system. The Azure Monitor service collects and aggregates metrics and logs from every component of your system. Azure Monitor provides you with a view of availability, performance, and resilience, and notifies you of issues. You can use the Azure portal, PowerShell, Azure CLI, REST API, or client libraries to set up and view monitoring data.
- For more information on Azure Monitor, see the Azure Monitor overview.
- For more information on how to monitor Azure resources in general, see Monitor Azure resources with Azure Monitor.
This article provides an overview of how to monitor the health and performance of Azure virtual machines (VMs).
Note
This article provides basic information to help you get started with monitoring Azure Virtual Machines.
Overview: Monitor VM host and guest metrics and logs
You can collect metrics and logs from:
- The VM host - This data relates to the Hyper-V session managing the guest operating systems, and includes information about CPU, network, and disk utilization.
- The VM guest - This data relates to the operating system and applications running inside the virtual machine.
Host-level data gives you an understanding of the VM's overall performance and load, while the guest-level data gives you visibility into the applications, components, and processes running on the machine and their performance and health. For example, if you’re troubleshooting a performance issue, you might start with host metrics to see which VM is under heavy load, and then use guest metrics to drill down into the details of the operating system and application performance.
VM host data
VM host data is available without additional setup.
| Scenario | Details | Data collection | Available data | Recommendations |
|---|---|---|---|---|
| VM host metrics and logs | Monitor the stability, health, and efficiency of the physical host on which the VM is running. Scale up or scale down based on the load on your application. |
Available by default without any additional setup. | Enable recommended alert rules to be notified when key host metrics deviate from their expected baseline values. |
VM guest data
VM guest data lets you analyze and troubleshoot the performance and operational efficiency of workloads running on your VMs. To monitor VM guest data, you need to install Azure Monitor Agent on the VM and set up a data collection rule (DCR). The VM Insights feature automatically installs Azure Monitor Agent on your VM and sets up a default data collection rule for quick and easy onboarding.
| Scenario | Details | Data collection | Available data | Recommendations |
|---|---|---|---|---|
| VM operating system metrics and logs (recommended) | Monitor application performance and events, resource consumption by specific applications and processes, and operating system-level performance and events. This data is important for troubleshooting application-specific issues, optimizing resource usage within VMs, and ensuring optimal performance for workloads running inside VMs. |
Install Azure Monitor Agent on the VM and set up a DCR. |
|
|
| Advanced/custom VM guest data | Monitoring of web servers, Linux appliances, and any type of data you want to collect from a VM. | Install Azure Monitor Agent on the VM and set up a DCR. |
Data storage
For Azure Monitor:
- Metrics data is stored in the Azure Monitor metrics database.
- Log data is stored in the Azure Monitor logs store. Log Analytics is a tool in the Azure portal that can query this store.
- The Azure activity log is a separate store with its own interface in the Azure portal.
- You can optionally route metric and activity log data to the Azure Monitor logs database store so you can query the data and correlate it with other log data using Log Analytics.
For detailed information on how Azure Monitor stores data, see Azure Monitor data platform.
Azure Monitor platform metrics
Azure Monitor provides platform metrics for most services. These metrics are:
- Individually defined for each namespace.
- Stored in the Azure Monitor time-series metrics database.
- Lightweight and capable of supporting near real-time alerting.
- Used to track the performance of a resource over time.
Collection: Azure Monitor collects platform metrics automatically. No configuration is required.
Routing: You can also usually route platform metrics to Azure Monitor logs / Log Analytics so you can query them with other log data. For more information, see the Metrics diagnostic setting. For how to configure diagnostic settings for a service, see Create diagnostic settings in Azure Monitor.
For a list of all metrics it's possible to gather for all resources in Azure Monitor, see Supported metrics in Azure Monitor.
Platform metrics for Azure VMs include important host metrics such as CPU, network, and disk utilization. Host OS metrics relate to the Hyper-V session that's hosting a guest operating system (guest OS) session.
Metrics for the guest OS that runs in a VM must be collected through one or more agents, such as the Azure Monitor agent, that run on or as part of the guest OS. Guest OS metrics include performance counters that track guest CPU percentage or memory usage, both of which are frequently used for autoscaling or alerting. For more information, see Guest OS and host OS metrics.
For a list of available metrics for Virtual Machines, see Virtual Machines monitoring data reference.
Azure activity log
The activity log contains subscription-level events that track operations for each Azure resource as seen from outside that resource; for example, creating a new resource or starting a virtual machine.
Collection: Activity log events are automatically generated and collected in a separate store for viewing in the Azure portal.
Routing: You can send activity log data to Azure Monitor Logs so you can analyze it alongside other log data. Other locations such as Azure Storage, Azure Event Hubs, and certain Azure monitoring partners are also available. For more information on how to route the activity log, see Overview of the Azure activity log.
Data collection rules
Data collection rules (DCRs) define data collection from the Azure Monitor Agent and are stored in your Azure subscription. For VMs, DCRs define data such as events and performance counters to collect, and specify locations such as Log Analytics workspaces to send the data. A single VM can be associated with multiple DCRs, and a single DCR can be associated with multiple VMs.
Analyze monitoring data
There are many tools for analyzing monitoring data.
Azure Monitor tools
Azure Monitor supports the following basic tools:
Metrics explorer, a tool in the Azure portal that allows you to view and analyze metrics for Azure resources. For more information, see Analyze metrics with Azure Monitor metrics explorer.
Log Analytics, a tool in the Azure portal that allows you to query and analyze log data by using the Kusto query language (KQL). For more information, see Get started with log queries in Azure Monitor.
The activity log, which has a user interface in the Azure portal for viewing and basic searches. To do more in-depth analysis, you have to route the data to Azure Monitor logs and run more complex queries in Log Analytics.
Tools that allow more complex visualization include:
- Dashboards that let you combine different kinds of data into a single pane in the Azure portal.
- Workbooks, customizable reports that you can create in the Azure portal. Workbooks can include text, metrics, and log queries.
- Power BI, a business analytics service that provides interactive visualizations across various data sources. You can configure Power BI to automatically import log data from Azure Monitor to take advantage of these visualizations.
Azure Monitor export tools
You can get data out of Azure Monitor into other tools by using the following methods:
Metrics: Use the REST API for metrics to extract metric data from the Azure Monitor metrics database. The API supports filter expressions to refine the data retrieved. For more information, see Azure Monitor REST API reference.
Logs: Use the REST API or the associated client libraries.
To get started with the REST API for Azure Monitor, see Azure monitoring REST API walkthrough.
Kusto queries
You can analyze monitoring data in the Azure Monitor Logs / Log Analytics store by using the Kusto query language (KQL).
Important
When you select Logs from the service's menu in the portal, Log Analytics opens with the query scope set to the current service. This scope means that log queries will only include data from that type of resource. If you want to run a query that includes data from other Azure services, select Logs from the Azure Monitor menu. See Log query scope and time range in Azure Monitor Log Analytics for details.
For a list of common queries for any service, see the Log Analytics queries interface.
To analyze log data that you collect from your VMs, you can use log queries in Log Analytics. Several built-in queries for VMs are available to use, or you can create your own queries. You can interactively work with the results of these queries, include them in a workbook to make them available to other users, or generate alerts based on their results.
To access built-in Kusto queries for your VM, select Logs in the Monitoring section of the left navigation on your VM's Azure portal page. On the Logs page, select the Queries tab, and then select the query to run.
Alerts
Azure Monitor alerts proactively notify you when specific conditions are found in your monitoring data. Alerts allow you to identify and address issues in your system before your customers notice them. For more information, see Azure Monitor alerts.
There are many sources of common alerts for Azure resources. For examples of common alerts for Azure resources, see Sample log alert queries. The Azure Monitor Baseline Alerts (AMBA) site provides key alert metrics, dashboards, and guidelines for Azure Landing Zone (ALZ) scenarios.
The common alert schema standardizes the consumption of Azure Monitor alert notifications. For more information, see Common alert schema.
Types of alerts
You can alert on any metric or log data source in the Azure Monitor data platform. There are many different types of alerts depending on the services you're monitoring and the monitoring data you're collecting. Different types of alerts have various benefits and drawbacks. For more information, see Choose the right monitoring alert type.
The following list describes the types of Azure Monitor alerts you can create:
- Metric alerts evaluate resource metrics at regular intervals. Metrics can be platform metrics, custom metrics, logs from Azure Monitor converted to metrics, or Application Insights metrics. Metric alerts can also apply multiple conditions and dynamic thresholds.
- Log alerts allow users to use a Log Analytics query to evaluate resource logs at a predefined frequency.
- Activity log alerts trigger when a new activity log event occurs that matches defined conditions. Resource Health alerts and Service Health alerts are activity log alerts that report on your service and resource health.
You can also create the following types of alerts for some Azure services:
- Smart detection alerts on an Application Insights resource automatically warn you of potential performance problems and failure anomalies in your web application. You can migrate smart detection on your Application Insights resource to create alert rules for the different smart detection modules.
- Prometheus alerts alert on Prometheus metrics stored in Azure Monitor managed services for Prometheus . The alert rules are based on the PromQL open-source query language. Your service may not support this type of alert. Currently, Prometheus is used on a limited set of services with a guest operating system, such as Azure Virtual Machine and Azure Container Instances.
- Recommended alert rules are available out-of-box for some Azure resources, including virtual machines, Azure Kubernetes Service (AKS) resources, and Log Analytics workspaces.
Monitor multiple resources
You can monitor at scale by applying the same metric alert rule to multiple resources of the same type that exist in the same Azure region. Individual notifications are sent for each monitored resource. For supported Azure services and clouds, see Monitor multiple resources with one alert rule.
You can create a single multi-resource alert rule that applies to all VMs in a particular resource group or subscription within the same region. See Create availability alert rule for Azure virtual machine (preview) for a tutorial using the availability metric.
Recommended alert rules
For some Azure services, you can enable recommended out-of-the-box alert rules.
The system compiles a list of recommended alert rules based on:
- The resource provider's knowledge of important signals and thresholds for monitoring the resource.
- Data that tells what customers commonly alert on for this resource.
Note
Recommended alert rules are available for:
- Virtual machines
- Azure Kubernetes Service (AKS) resources
- Log Analytics workspaces
Recommended alert rules for Azure VMs include the VM availability metric, which alerts when a VM stops running.
Common alert rules
To see common VM log alert rules in the Azure portal, go to the Queries pane in Log Analytics. For Resource type, enter Virtual machines, and for Type, enter Alerts.
Advisor recommendations
If critical conditions or imminent changes occur during resource operations, an alert displays on the Overview page in the portal.
You can find more information and recommended fixes for the alert in Advisor recommendations under Monitoring. During normal operations, no advisor recommendations display.
For more information on Azure Advisor, see Azure Advisor overview.
Other VM monitoring options
Azure VMs has the following non-Azure Monitor monitoring options:
Boot diagnostics
Boot diagnostics is a debugging feature for Azure VMs that allows you to diagnose VM boot failures by collecting serial log information and screenshots of a VM as it boots up. When you create a VM in the Azure portal, boot diagnostics is enabled by default. For more information, see Azure boot diagnostics.
Related content
- For a reference of the metrics, logs, and other important values for Virtual Machines, see Virtual Machines monitoring data reference.
- For general details about monitoring Azure resources, see Monitor Azure resources with Azure Monitor.
- For guidance based on the five pillars of the Azure Well-Architected Framework, see Best practices for monitoring virtual machines in Azure Monitor.