Unlock visibility, flexibility, and cost efficiency with Application Gateway logging enhancements

Introduction

In today’s cloud-native landscape, organizations are accelerating the deployment of web applications at unprecedented speed. But with rapid scale comes increased complexity—and a growing need for deep, actionable visibility into the underlying infrastructure. As businesses embrace modern architectures, the demand for scalable, secure, and observable web applications continues to rise. Azure Application Gateway is evolving to meet these needs, offering enhanced logging capabilities that empower teams to gain richer insights, optimize costs, and simplify operations. 

This article highlights three powerful enhancements that are transforming how teams use logging in Azure Application Gateway: 

• Resource-specific tables 

• Data collection rule (DCR) transformations 

• Basic log plan 

Resource-specific tables improve organization and query performance. DCR transformations give teams fine-grained control over the structure and content of their log data. And the basic log plan makes comprehensive logging more accessible and cost-effective. Together, these capabilities deliver a smarter, more structured, and cost-aware approach to observability. 

Resource-specific tables: Structured and efficient logging 

Azure Monitor stores logs in a Log Analytics workspace powered by Azure Data Explorer. Previously, when you configured Log Analytics, all diagnostic data for Application Gateway was stored in a single, generic table called AzureDiagnostics. This approach often led to slower queries and increased complexity, especially when working with large datasets. 

With resource-specific logging, Application Gateway logs are now organised into dedicated tables, each optimised for a specific log type: 

• AGWAccessLogs- Contains access log information 

• AGWPerformanceLogs-Contains performance metrics and data 

• AGWFirewallLogs-Contains Web Application Firewall (WAF) log data 

This structured approach delivers several key benefits: 

• Simplified queries – Reduces the need for complex filtering and data manipulation 

• Improved schema discovery – Makes it easier to understand log structure and fields 

• Enhanced performance – Speeds up both ingestion and query execution 

• Granular access control – Allows you to grant Azure role-based access control (RBAC) permissions on specific tables 

Example: Azure diagnostics vs. resource-specific table approach 

Traditional AzureDiagnostics query: 

AzureDiagnostics 

| where ResourceType == "APPLICATIONGATEWAYS" and Category == "ApplicationGatewayAccessLog" 

| extend clientIp_s = todynamic(properties_s).clientIP 

| where clientIp_s == "203.0.113.1" 

New resource-specific table query: 

AGWAccessLogs 

| where ClientIP == "203.0.113.1" 

The resource-specific approach is cleaner, faster, and easier to maintain as it eliminates complex filtering and data manipulation. 

Data collection rules (DCR) log transformations: Take control of your log pipeline 

DCR transformations offer a flexible way to shape log data before it reaches your Log Analytics workspace. Instead of ingesting raw logs and filtering them post-ingestion, you can now filter, enrich, and transform logs at the source, giving you greater control and efficiency. 

Why DCR transformations matter:

• Optimize costs: Reduce ingestion volume by excluding non-essential data  

• Support compliance: Strip out personally identifiable information (PII) before logs are stored, helping meet GDPR and CCPA requirements  

• Manage volume: Ideal for high-throughput environments where only actionable data is needed 

Real-world use cases 

Whether you're handling high-traffic e-commerce workloads, processing sensitive healthcare data, or managing development environments with cost constraints, DCR transformations help tailor your logging strategy to meet specific business and regulatory needs. 

 For implementation guidance and best practices, refer to Transformations Azure Monitor - Azure Monitor  

Basic log plan - Cost-effective logging for low-priority data 

Not all logs require real-time analysis. Some are used for occasional debugging or compliance audits. The Basic log plan in Log Analytics provides a cost-effective way to retain high-volume, low-priority diagnostic data—without paying for premium features you may not need. 

When to use the Basic log plan

• Save on costs: Pay-as-you-go pricing with lower ingestion rates 

• Debugging and forensics: Retain data for troubleshooting and incident analysis, without paying premium costs for features you don't use regularly 

Understanding the trade-offs 

While the Basic plan offers significant savings, it comes with limitations: 

• No real-time alerts: Not suitable for monitoring critical health metrics 

• Query constraints: Limited KQL functionality and additional query costs 

Choose the Basic plan when deep analytics and alerting aren’t required and focus premium resources on critical logs. 

Building a smart logging strategy with Azure Application Gateway  

To get the most out of Azure Application Gateway logging, combine the strengths of all three capabilities: 

• Assess your needs: Identify which logs require real-time monitoring versus those used for compliance or debugging 

• Design for efficiency: Use the Basic log plan for low-priority data, and reserve standard tiers for critical logs 

• Transform at the source: Apply DCR transformations to reduce costs and meet compliance before ingestion 

• Query with precision: Use resource-specific tables to simplify queries and improve performance

This integrated approach helps teams achieve deep visibility, maintain compliance, and manage costs.