Azure availability report is based on the number of heartbeat alert generated in log analytics workspace. Therefore, low availability in the report doesn't really mean that a VM was unavailable due to issues in a given month. It could be different reasons eg. was switched off/deallocated or only created in the last few days in a given month etc.
any logic to improve this any KQL or new azure solution.
Have you gone through looking for VM insights, does that provide you the information you required?
VM insights can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues and can also help you understand whether an issue is related to other dependencies.
You can create a dashboard with different possible options of kusto queries that depend on what you are looking for.
Here are the few other examples of Kusto Query
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/examples
https://learn.microsoft.com/en-us/azure/azure-monitor/insights/solution-agenthealth#sample-log-searches
You can even have these additional readings of all possible ways of the information you required.
Visualizing data from Azure Monitor
Monitoring Azure virtual machines with Azure Monitor
Create and share dashboards of Log Analytics data
Quickstart: Monitor an Azure virtual machine with Azure Monitor
Collect data from an Azure virtual machine with Azure Monitor
Overview of VM insights
Related
Out of the box, Azure Advisor includes Cost recommendations for the resource type of Virtual Machines, based on resource utilization.
If I look at them under our subscription they have the following information:
Is there any way to get similar advisory for the Virtual Machine Scale Set resource type? Is there any included out of the box?
Or if I want to get average resource consumption, of let's say CPU percentage of all or individual Virtual Machine instances inside of a Virtual Machine Scale set, to be able to aid in the decision if the SKU of the Virtual Machine Scale Set is appropriate, I need to make a query for this inside of Monitor Logs or similar?
Could one create their own custom made advisories (inside of Azure Advisor, if not - anywhere else?), to get this functionaltiy in place (if it isn't already provided)?
Thanks!
Is there any way to get similar advisory for the Virtual Machine Scale Set resource type? Is there any included out of the box?
As per the Azure Advisor documentation, Advisor provides recommendations for the following resource types:
Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and Virtual machines.
Although Azure Advisor also includes your recommendations from Azure Security Center which may include recommendations for additional resource types, this list does not cover cost recommendations for VMSS as of today, AFAIK.
I need to make a query for this inside of Monitor Logs or similar?
To monitor your Virtual machine Scale sets, you can leverage Azure Monitor. The performance views in the VM Insights feature are powered using log analytics queries, offering “Top N”, aggregate, and list views to quickly find outliers or issues in your scale set based on guest level metrics for CPU, available memory, bytes sent and received, and logical disk space used.
You can also deploy the Azure Monitor Application Insights Agent on Azure virtual machine scale sets to enable monitoring for your .NET or Java based web applications and get all the benefits of using Application Insights without modifying your code.
Could one create their own custom made advisories (inside of Azure Advisor, if not - anywhere else?), to get this functionaltiy in place (if it isn't already provided)?
Nope, that is not doable as of today. Azure Advisor is a managed offering that analyzes your resource configuration and usage telemetry and then recommends solutions that can help you optimize your Azure resources. Feel free to share your feedback and ideas here for the Advisor team to evaluate and prioritize.
There's an awful lot of disjointed documentation on monitoring network/resources in Azure. What I'm looking for is which pieces are needed to get information from VMs, NVA firewalls, azure load balancers, and other network resources and network connectivity into a single pain of glass in Azure. Only concerned about Azure, not on-prem for now.
I've come across azure monitor, log analytics work spaces, event hub, vm extensions, network watcher, insights, etc...but I'm not sure which are required and which are not. One doc leads to the next and I end up with 30 tabs open. I'll also need to be able to push logs to other security devices such as a SIEM.
Does anyone know of a deployment guide that wraps this all up in a more logical fashion? Does anyone have any feedback on which pieces from azure (not 3rd parties) are required at a minimum to accomplish a single pane of glass to view my Azure environment holistically?
General overview of observability in Azure
Likely, the thing you're looking for is Azure Monitor. It's an umbrella term for everything observability related inside Azure.
To store Metrics and Logs you need Log Analytics: it can query data with kusto query language, visualize results, define Alerts on queries.
Alerts is quite a complex beast, as it is spread across the entire cloud. Two types that I use the most:
log-analytics alert (which I mentioned above)
Alerts tab, which is available at every Azure component view. for example, open resource group, and scroll down to Monitoring section
Each component also has a subset of built-in metrics. Likely, you noticed that many azure components on the Overview view display some charts. For example, Azure Storage Account displays Total egress, Total ingress, and other line-charts. When you click on these charts you can customize them. These metrics and charts are free to use.
Microsoft also has all-in-one observability solution for Azure Functions and Web Apps: Application Insights
Dashboards allows to join multiple charts into a single view and share it with others.
If you care about security, Azure proposes Azure Security Center
Deployment/management strategy
I suggest to start with:
Create Log Analytics Workspace, which is the storage for metrics and logs. The azure docs article explains how to design it: how many instances to use, how to rate-limit ingestion (it might be expensive if goes out of control), how to access it and so on.
To get Azure components logs, look for Diagnostic Settings tab at a component page at Azure portal, but not all components has it (sic!). I suggest
sending the most critical data to Log Analytics workspace to store them in a queryable format for 30 days (it's in free tier). This is needed for investigating current issues with your infrastructure
if you might need logs later than 30 days - send them to Storage Account
you mentioned SIEM integration - route required events to Event Hub and then process the stream according to your requirements
So, if you need long-term storage - you need to create Azure Storage Account.
If you need real-time analysis - you need to build a pipeline based on Azure Event Hub.
If you have Azure Functions and Web Apps - add Application Insights. According to my experience, I would suggest starting with a separate instance per each Azure Function resource or Service.
Create Alerts for each component separately. If you do it through UI - open component page at the portal and look for Alerts tab there. If you're automating the process (please do so as soon as possible), do not expect easy trip: I used ARM templates and terraform - in both cases, there are dozens of barely documented features.
Join related components core-metrics into Dashboards and share it with the team. This guide is a good starting point. Note, when you share the dashboard, it's also persisted as an azure resource in the subscription.
We run a software application on azure for one of our customers. The customer want to see the performance of the systems. This consist of two parts. One is the metric information of the servers and they also want to see some information I want to provide by custom logging.
My plan is to give the customer access to the portal and only allow him access to the metric information and the custom tables.
It seems to me that by assigning a role to the customer I should be able to block all the other possibilities.
Does someone can me tell which actions I have to allow/forbid to achieve this? Or were I can find the information for this?
Solution #1
Instead of giving Read access to the virtual machine which may breaks security policy, I'd recommend to go with Azure Log Analytics (ref: https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-overview
) workspace. That said, you will need to create a workspace which collects and stores server metrics (ref: https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-collect-windows-computer) and other custom metrics.
Your customer will be given access to the workspace only which he can see all metrics in a dashboard. If there is a need for log filtering, you can use Log Analytics query language (ref: https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-log-search-transition)
Log Analytics is a paid service. You are given free up to 10 workspaces per subscription. The workspace is considered an Azure resource so the limit follows by subscription limit, which means you can create up to 800 workspaces per a resource group. A subscription can allow 800 * 800 (for reference if you would like to do capacity planning for your workspace-based solution). For Log Analytics pricing, read here (https://azure.microsoft.com/en-us/pricing/details/log-analytics/).
Log Analytics is a good choice as its value proportion is to offer your customer intuitive dashboard to monitor their virtual machine performance, and to offer Near Real Time monitoring. And this solution is a cloud native compatibility.
There is a management solution which offers a bundle of VM capacity and performance monitoring which you can try now https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-capacity
Solution #2
Log Analytics might not be your choice because it might add more Azure service and operational cost. If you need a cheaper cost, you would need to collect your virtual machine by Performance Counter which is a built-in feature in Windows OS. With Performance Counter you can export to Excel file, or visualize into Power BI or some custom chart.
Other Solutions
You can utilize Azure Monitor and API to get data, For example, this API https://learn.microsoft.com/en-us/rest/api/monitor/metricdefinitions/list. You would certainly need to visualize or format in some intuitive way to satisfy your customer. It can be a custom front-end web, or Power BI or even Excel with chart.
You can just query to Azure Blob Storage and use Stream Analytics combining with Power BI to visualize your data (https://thuansoldier.net/?p=7187).
There is not a single solution. This really depends on your existing resource capacity, financial stuff or so on.
Can the windows diagnostic do the same as the OMS extension in terms of getting performance counter information and event details? Is there a reason to use the OMS extension over WAD for event/performance information?
Can the windows diagnostic do the same as the OMS extension in terms
of getting performance counter information and event details?
WAD: This uses Azure Diagnostics agent for single VM.
OMS: When you use OMS to monitor your VM or multiple Vs, The OMS collect data from Microsoft Monitoring Agent by default. However, OMS can collect data from managed resources into a central repository. This data could include events, performance data, or custom data provided through the API. So, OMS can also use the WAD's data through the storage account which contains the agent's data.
So, OMS has more features than WAD. Also as #4c74356b41 said, if you want to monitor one VM, WAD is enough to achieve that.
Is there a reason to use the OMS extension over WAD for
event/performance information?
OMS focus on collecting data from different place and Log Analytics.
It can collect data from Windows/Linux VMs, Azure services and Data Collector API.
Reporting and analyzing data is the most important feature of OMS. Alerting can also be configured in OMS.
Azure Automation provides process automation and configuration management to OMS.
Over all, if you want to do Analytics from multiple service, OMS is the best choice. If you only want to monitor a single VM rather doing other things, WAD is enough.
if you are looking at performance from one vm - no.
but there is a chance you have more than one vm oms extension suddenly gets more interesting, as you can look at all of the vms at the same time, setup alerts, actions etc.
There is no Management API for reading azure monitoring data. Is there any way other than getting the monitoring data directly from a VM through remote desktop connection? We basically want to display a chart for "CPU usage percentage Vs. Time”. Actually, Azure site displays monitoring data for each VM-is there any way I can read that data and display it in a report? Any PowerShell cmdlets?
Suggested good related articles:
How to monitor Cloud Services
Enabling Diagnostics in Windows Azure
If you, however refer to Windows Azure Virtual Machines then you have to organize monitoring of these a similar way you would organize a monitoring over machines in private cloud (hyper-v)
You can fetch the CPU data for cloud services (Web/workers and VMs) through the Azure Metrics API, see: https://convective.wordpress.com/2014/06/22/using-azure-monitoring-service-with-azure-virtual-machines/
You can find example code in https://github.com/WadGraphEs/AzurePlot