How to Set Up Data Collection Rules (DCR) for Azure Kubernetes Service (AKS)

Azure Monitor's managed service for Prometheus and Container Insights provide comprehensive monitoring for your Kubernetes environment. This blog explains about container insights features in detail. 

When managing modern containerized workloads in Azure Kubernetes Service (AKS) observability is key. Azure Monitor Container Insights simplifies this by providing deep visibility into the health, performance, and resource utilization of your Kubernetes environment.

Container Insights collects telemetry data directly from your cluster and its components, including nodes, controllers, and containers. This data is automatically processed and made available through prebuilt dashboards and workbooks, allowing you to quickly identify trends, diagnose bottlenecks, and optimize your deployments.

Whether you're operating in Azure, Container Insights empowers teams to:

• Monitor CPU and memory usage across nodes and workloads
• Track pod restarts and container failures
• Drill down into namespace-level resource usage
• Analyze trends with ready-to-use Log Analytics queries and visualizations

By integrating seamlessly with other Azure Monitor capabilities, Container Insights ensures your Kubernetes clusters are not just running—but running efficiently and reliably.

                                                      Fig 1: Data collection flow

How Container Insights and Managed Prometheus Work Behind the Scenes

When you enable Container Insights or Azure Monitor Managed Service for Prometheus on your Azure Kubernetes Service (AKS) cluster, a key component doing the heavy lifting is the Azure Monitor Agent for Linux, which is deployed as a containerized DaemonSet across all cluster nodes.

This lightweight, purpose-built agent is responsible for collecting both performance metrics and event logs from the underlying Kubernetes environment. It gathers insights from the node, container, and workload levels, ensuring complete visibility into the health and performance of your applications and infrastructure.

Automatic DCR Creation and Workspace Integration

As part of the onboarding process, the agent is automatically registered with a specified Log Analytics workspace or metrics workspace, depending on whether you're enabling Container Insights, Prometheus, or both.

At the core of the data collection process is a Data Collection Rule (DCR). Once Container Insights is enabled, Azure Monitor provisions a DCR named using the convention:
MSCI-<cluster-region>-<cluster-name>

This DCR defines exactly what data the Azure Monitor Agent should collect, including:

• Node and container performance metrics (CPU, memory, disk, etc.)
• Kubernetes control plane logs
• Prometheus scraping configurations (if Prometheus is enabled)
• Syslog or custom log collection configurations (optional)

Enabling Monitoring for Your AKS 

To get started with monitoring in Azure Kubernetes Service (AKS), Azure provides straightforward CLI commands that let you enable monitoring with minimal setup.

When running these commands, you have the option to specify a Log Analytics workspace where monitoring data will be sent. If you choose not to provide one, Azure will automatically assign a default workspace based on the cluster’s resource group.

If a default workspace doesn't already exist in the same region as your cluster, Azure will create one for you.

### Use default Log Analytics workspace 
az aks enable-addons --addon monitoring --name <cluster-name> --resource-group <cluster-resource-group-name> 
### Use existing Log Analytics workspace 
az aks enable-addons --addon monitoring --name <cluster-name> --resource-group <cluster-resource-group-name> --workspace-resource-id <workspace-resource-id>

After enabling monitoring for your Kubernetes cluster, it's important to confirm that the monitoring agents have been successfully deployed. These agents are typically delivered via DaemonSets, which ensure that a copy of the monitoring pod runs on every node in your Linux node pools.

You can verify the deployment by running the following command:

kubectl get ds ama-logs --namespace=kube-system

Configure log collection in Container insights

Azure Container Insights provides two key mechanisms to configure and control what telemetry data is collected from your Kubernetes clusters. The method you use can depend on the configuration you're targeting—some scenarios give you a choice, while others require a specific approach.

Here’s an overview of both methods: This blog explains the DCR method

Configure data collection using DCR

The Azure portal offers multiple preset configurations for data collection in Container Insights, each designed to balance depth of insight with cost and performance. These presets vary in terms of the tables they collect from and the frequency of collection, allowing you to align monitoring with your operational priorities.

You also have the flexibility to fully customize your data collection settings—selecting only the specific metrics and logs you need.

1. Go to the AKS Cluster in azure portal
2. Select the Insights option in Cluster Monitoring section and click on monitor settings

       3. Select the required cost preset

      4. To customize the settings, edit collection settings and configure as per the requirements

      5.  Click Configure to save the settings.

Accessing and Querying Insights

Once enabled, navigate to:

• Azure Portal > Monitor > Insights > Containers

Or use Log Analytics to run custom queries:

ContainerLogV2 
| where TimeGenerated > ago(1h) 
| where Namespace == "container.azm.ms"

Summary

Azure’s shift to DCR-based monitoring for Container Insights introduces powerful capabilities for modern observability:

Whether you’re running AKS for dev workloads or production-grade systems, adopting Container Insights with DCR ensures you're equipped with actionable telemetry, reduced noise, and efficient operations.