Introduction
Monitoring in the cloud is often misunderstood. Some think it’s about checking whether a virtual machine is up; others equate it with dashboards or alerts. In reality, monitoring is about visibility, correlation, and action, and in Azure, that all converges in one platform: Azure Monitor.
This article explains, in practical terms, how Azure Monitor works, the role of Log Analytics, and how to build a foundation for observability across your workloads.
If you’ve read our earlier posts, on Service and Resource Health Monitoring, Advanced Alerting Strategies, Azure Workbooks Customization, or Azure Monitor & MELT, this post ties them all together.
What Is Azure Monitor?
Azure Monitor is Microsoft’s unified platform for collecting, analyzing, and acting on telemetry across applications, infrastructure, and networks, whether they run on Azure, hybrid, or multicloud environments.
It helps you answer four questions:
- Is my environment healthy?
- What’s happening right now?
- Why did it happen?
- What should I do next?
The Building Blocks
| Layer | Description | Examples |
|---|---|---|
| 1. Data Sources | Where telemetry originates: VMs, AKS, databases, applications, networks. | Activity Logs, Performance Counters, Container Metrics, App Insights telemetry. |
| 2. Data Platform (Log Analytics) | Central workspace where logs are stored and queried using KQL. | Diagnostic Settings → Workspace → Query → Alert/Workbook. |
| 3. Insights & Visualizations | Built-in experiences that interpret raw data. | Azure Monitor for VMs, Containers, Apps, Network. |
| 4. Action & Automation | Responding through alerts, workflows, or ITSM integrations. | Alerts + Action Groups → Teams, Logic Apps, PagerDuty. |
Azure Monitor core layers
Metrics vs. Logs
| Aspect | Metrics | Logs |
|---|---|---|
| Format | Numeric values sampled over time | Text-based records with context |
| Best for | Performance monitoring and thresholds | Troubleshooting and auditing |
| Examples | CPU %, latency, requests/sec | Error messages, policy changes |
| Store | Azure Monitor metrics DB | Log Analytics workspace |
Metrics are fast and lightweight; logs are richer and more flexible. Both live under Azure Monitor.
The role of Log Analytics Workspace
If Azure Monitor is the nervous system, Log Analytics is the brain.
Resources send diagnostic and activity data via Diagnostic Settings, agents, or connectors. Once in the workspace, you can query everything using Kusto Query Language (KQL).
AzureActivity
| where OperationNameValue contains "Delete"
| summarize Count = count() by Caller, bin(TimeGenerated, 1d)
You can then:
- Create alerts that fire on query results.
- Build workbooks for dashboards and storytelling.
- Export data to Event Hub, Storage, or SIEM.
Log Analytics as the central data plane
Data flow overview
The MELT Model
To understand observability holistically, adopt the MELT framework: Metrics, Events, Logs, and Traces, explained in detail in Azure Monitor & MELT.
| Pillar | Purpose |
|---|---|
| Metrics | How your system performs |
| Events | What changed |
| Logs | Why it happened |
| Traces | How requests flow through components |
From data to action: alerts and automation
Azure Monitor includes:
- Metric alerts (near real-time thresholds)
- Log alerts (KQL queries on schedule)
- Activity Log alerts (platform events)
Use Action Groups to define responses: email, Teams, Logic App, or ticket.
For advanced patterns like dynamic thresholds and suppression, see Advanced Alerting Strategies for Azure Monitoring.
Alerting and automation workflow
Visualization and Workbooks
Workbooks transform data into decisions. Combine KQL queries, parameters, and visuals: all within the Azure portal.
Perf
| where ObjectName == "Processor"
| summarize AvgCPU = avg(CounterValue) by bin(TimeGenerated, 5m), ComputerTo go beyond basics: multi-resource joins, conditional formatting, custom JSON parameters, see Azure Workbooks: Advanced Customization and Data Visualization in Azure.
Example workbook visualization
Health Monitoring and Platform Signals
Azure provides Service Health and Resource Health to help differentiate between Azure-side issues and workload issues. They complement Azure Monitor by tracking platform events and maintenance notifications.
Configuration guidance is available in The Importance of Setting Up Service and Resource Health Monitoring in Azure.
Service Health and Resource Health integration
Best practices for workspaces
- Centralize intelligently: aggregate where cross-resource correlation matters.
- Control costs: use Data Collection Rules to filter noise.
- Manage retention: align with compliance needs.
- Secure access: apply RBAC and table-level permissions.
- Automate deployment: define diagnostics via Bicep or Terraform.
Quick start checklist
- Create a Log Analytics workspace.
- Enable Diagnostic Settings for key resources.
- Run a basic KQL query to verify data.
- Configure a metric alert and action group.
- Build a simple workbook to visualize results.
You now have a full feedback loop: data → query → alert → visualize → act.
Next steps & further reading
- Service and Resource Health Monitoring in Azure
- Advanced Alerting Strategies for Azure Monitoring
- Azure Workbooks Advanced Customization
- Azure Monitor & MELT
Together these form a complete learning path, from monitoring basics to full observability.
Conclusion
Azure Monitor is more than a tool, it’s the observability backbone of Azure. Once you understand its layers, the rest of the ecosystem, health alerts, workbooks, advanced rules, and MELT falls naturally into place.
Start simple. Connect a resource, explore your workspace, and let data guide your next question. That’s when monitoring becomes insight.
Microsoft