Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,483 questions
1 answer
Azure Monitor Agent for Linux is bloatware
Hello Azure community, For the past 2-3 weeks I have been getting CPU and memory alerts for VMs which have been stable for years. Looking into the problem, it was always Azure Monitor Agent or one the Azure extensions causing the spike in load. It's…
asked 2025-02-18T12:56:24.7466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 12%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Samuli K
5
Reputation points
commented 2025-02-28T01:00:46.26+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Rahul Podila
1,920
Reputation points Microsoft Vendor
1 answer
Getting a 403 error when linking a workspace for Windows Update for Business reports in Azure Monitor
Getting a 403 error when linking a workspace for Windows Update for Business reports in Azure Monitor Reference Azure > Monitor > workbooks > Windows Update for Business reports > Get Started When ever i try to save the settings for…
asked 2025-02-27T15:47:04.0966667+00:00
logicop
0
Reputation points
edited an answer 2025-02-27T19:34:07.3833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 31%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Vinod Pittala
330
Reputation points Microsoft Vendor
0 answers
Guidance on Filtering AppTraces Logs to Optimize Sentinel Workspace Usage
Hi Community, I'm seeking advice on how to filter out AppTraces logs from being ingested into our Sentinel workspace. These logs are consuming significant storage space and, being categorized under Analytics logs, are contributing to increased costs.…
asked 2025-02-27T08:50:58.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 28.999999999999996%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Someiah C S
80
Reputation points
edited a comment 2025-02-27T15:56:59.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashok Gandhi Kotnana
3,895
Reputation points Microsoft Vendor
1 answer
Cannot Get Action Group -> Email Azure Resource Manager Role to send notifications to Monitoring Readers
I have a notification action group setup that has a single notification type to Email Azure Resource Manager Role -> Monitoring Readers. In the subscription IAM tab I have 3 users in the Monitoring Roles Group. All of these users are active…
asked 2023-12-23T20:55:25.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 76%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGH%3C/text%3E%3C/svg%3E)
Greg H
30
Reputation points
edited a comment 2025-02-27T07:03:38.3433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 30%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHR%3C/text%3E%3C/svg%3E)
Henrik Rading
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Free units for alert rules on Azure
Could you please let me know if you have any information about alert rules. The document of azure monitor pricing says "10 monitored metric time-series per month13" about Native Metrics, but it does not mention scope, such as if it is per…
asked 2025-02-26T00:53:26.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 20%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYW%3C/text%3E%3C/svg%3E)
Yuta WAKITA
71
Reputation points
commented 2025-02-27T06:06:52.15+00:00
Yuta WAKITA
71
Reputation points
2 answers
Data not being refreshed in the Log Analytics demo
I'm currently working through the KQL learning path. The logs in the Log Analytics Demo environment don't seem to be refreshing. This is supposed to be a training ground for KQL but for example there is no data in the SecurityEvent table for several…
asked 2025-02-05T12:24:37.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 48%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Mark Nicholl
0
Reputation points
commented 2025-02-27T01:11:17.99+00:00
Rahul Podila
1,920
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure DCR Rules
If we write a DCR to ingest VMInsights Metrics into Log Analytics workspace as shown below: "dataSources": { "performanceCounters": [ { "streams":…
asked 2025-02-18T16:07:14.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 68%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGJ%3C/text%3E%3C/svg%3E)
Gayatri Jagadev Ray
101
Reputation points
commented 2025-02-26T16:38:55.13+00:00
Gayatri Jagadev Ray
101
Reputation points
0 answers
azure monitor agent only sending system logs to log analytics
azure monitor agent only sending system logs to log analytics even if i deselect system and only select application logs - still only sends all system logs to analytics
asked 2025-02-26T08:21:40.6833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 15%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Speight, Michael
0
Reputation points
commented 2025-02-26T10:55:44.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 32%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pavan Minukuri
1,225
Reputation points Microsoft Vendor
1 answer
Consolidate azure container apps alert query to setup alert on all container apps
Hi, We would like to write alert queries for all container apps in a single place which will conver all the container apps with the name (regex or wildcard pattern). We dont want to create alert rules for common resources like cpu, memory and disk…
asked 2025-02-18T21:13:58.08+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 52%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Subu
0
Reputation points
commented 2025-02-25T15:47:33.6833333+00:00
Chiugo Okpala
710
Reputation points MVP
3 answers
Time range (for last month) in Kusto Query language in Logs Analytics Workspace
Hi, We use Log Analytics Workspace to collect logs for our customer tenants under a resource hosted in Azure. Previously we would select Time Range feature to select the hits per tenant for the last calendar month and I was looking to set it in the…
asked 2025-02-13T05:54:00.9966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 7.000000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Varun Kalia
0
Reputation points
commented 2025-02-25T09:34:51.5333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 79%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Madugula Jahnavi
0
Reputation points Microsoft Vendor
1 answer
Azure Monitor in External Tenant
Hi, We are setting up an Entra External ID tenant to house external users of a web app that we host. I presently stream our internal diagnostics logs to an Event Hub in our workforce tenant and then to an IDR. I found this article and was successful at…
asked 2025-02-06T18:36:03.27+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 7.000000000000001%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Ken Korczynski
5
Reputation points
edited the question 2025-02-25T07:44:40.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
35,451
Reputation points Microsoft Employee
2 answers
"Sev3 Azure Monitor Alert VM Availability" after this alert my code and phpmyadmin database not recover how recover this
After receiving a Sev3 (Severity 3) Azure Monitor Alert related to VM Availability, my virtual machine (VM) experienced data loss. How can I investigate the cause of this issue, recover the lost data, and prevent such incidents in the future?
asked 2025-02-18T07:49:29.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 15%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYB%3C/text%3E%3C/svg%3E)
yogesh bohra
0
Reputation points
commented 2025-02-25T07:26:01.82+00:00
Pavan Minukuri
1,225
Reputation points Microsoft Vendor
1 answer
Log Analytics API
Hi, I am trying to access my log analytics workspace through postman. I saw some documents and followed them but they weren't successful. My specific requirement is I have a FHIR service with audit logs enabled and streamed to Log analytics workspace. I…
asked 2025-02-14T11:08:42.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 0%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Subin Sabu
0
Reputation points
commented 2025-02-25T07:24:56.4966667+00:00
Pavan Minukuri
1,225
Reputation points Microsoft Vendor
3 answers
How to embed search results in alert from logic app?
Hi, I know that: "Log alert rules from API version 2020-05-01 use this payload type, which only supports common schema. Search results aren't embedded in the log alerts payload when you use this version. Use dimensions to provide context to fired…
asked 2023-09-25T11:54:42.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQC%3C/text%3E%3C/svg%3E)
Quattrocchi, Calogero
270
Reputation points
answered 2025-02-25T05:43:42.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 24%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Kerry Powell
0
Reputation points
1 answer
Need more details regarding Microsoft Azure Alert Signal named "All Administrative Operations"
While I am going through the below page which explains how to create an alert with Signal named "All Administrative Operations". I am interested in what specific operations the signal "All Administrative Operations" includes. Is the…
asked 2025-02-22T19:03:54.49+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 57.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravi Khambhati
0
Reputation points
commented 2025-02-25T01:29:06.1366667+00:00
Rahul Podila
1,920
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Trigger notification and action when VM goes down
Trigger notification and action (ansible play book or standalone python script) when VM goes down. Our requirement is need to trigger an alert and action once vm shut down. I tried vm-poweroff-alert but I am not getting any alerts (email configured) when…
asked 2025-02-20T21:58:50.8433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 50%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Shanmugam, Prabakar
20
Reputation points
edited a comment 2025-02-24T14:14:29.7366667+00:00
Ashok Gandhi Kotnana
3,895
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Alert email in Azure Monitor to report failure in Azure Pipeline
Hello, Is there an example on how to create an Alert in Azure Monitor to report a failure in an Azure Data Factory Pipeline? Thank You, Michael
asked 2023-10-30T16:01:59.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 33%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Michael Stoler
290
Reputation points
commented 2025-02-24T10:30:29.37+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 88%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
CHILUVERU VAMSHI
0
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Type of log to identify failed Windows Defender update?
Hi everyone, I am trying to set up Log Analytic Workspace that will capture any critical and security updates in the Windows VMs which I believe will also include the failed Windows Defender update logs. Now I would like to have an action taken whenever…
asked 2025-01-23T06:18:56.3833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 66%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHT%3C/text%3E%3C/svg%3E)
Handinata Tanudjaja
160
Reputation points
commented 2025-02-24T08:51:47.7133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Naveena Patlolla
655
Reputation points Microsoft Vendor
2 answers
Azure Monitor Log Ingestion API - Error when POSTing to Syslog table
Hi, I'm trying to use the Log Ingestion API to POST data to the Syslog table in Log Analytics but I am unable to get it working. The documentation suggests this should be possible:…
asked 2025-02-17T06:01:05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 44%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Josh
0
Reputation points
commented 2025-02-24T05:42:37.3966667+00:00
Madugula Jahnavi
0
Reputation points Microsoft Vendor
1 answer
AzureActivity Table PrincipalId + UserPrincipalName from another Table in KQL
Good morning all I am following Microsoft's official documentation for adding an alert rule that fires when a user adds another user or service principal to a privileged role assignment (e.g. Owner, Contributor). I have achieved this by streaming logs to…
asked 2024-07-18T16:21:03.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 74%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Daniel Gareth Davies
0
Reputation points
commented 2025-02-24T04:39:39.45+00:00
SadiqhAhmed-MSFT
48,441
Reputation points Microsoft Employee