Challenge 24: Azure Monitor, Log Analytics & Alerts
25-35 min | Cost: Free | Domain: Management & Governance (30-35%)
Exam skills covered
- Describe Azure Monitor (including Log Analytics, Azure Monitor Alerts, Application Insights)
Overview
Azure Monitor is the comprehensive monitoring solution for Azure. It collects, analyzes, and acts on telemetry from your cloud and on-premises environments. Within Azure Monitor, Log Analytics provides powerful querying capabilities, Alerts notify you of issues, and Application Insights monitors live web applications.
This is the final challenge — it brings together monitoring concepts that apply across everything you've learned.
Explore
Task 1: Understand Azure Monitor architecture
| Data type | What it is | Example | Query with |
|---|---|---|---|
| Metrics | Numerical time-series data | CPU %, Memory usage, request count | Metrics Explorer |
| Logs | Detailed event data (text, structured) | Error logs, audit events, traces | Log Analytics (KQL) |
Task 2: Explore Azure Monitor
- In Azure Portal, search for Monitor
- Explore the main sections:
- Overview: Summary dashboard
- Metrics: Real-time numerical data (if you have resources)
- Logs: Query logs with KQL (Kusto Query Language)
- Alerts: Configure and view alerts
- Insights: Pre-built monitoring for VMs, storage, networks
- Click Metrics — even without resources, observe the interface
Task 3: Understand Log Analytics
Log Analytics is the tool for querying Azure Monitor Logs:
- Uses KQL (Kusto Query Language) — a read-only query language
- Collects data from: Azure resources, VMs (via agents), applications
- Stores data in a Log Analytics workspace
Basic KQL example:
// Show recent activity log events
AzureActivity
| where TimeGenerated > ago(24h)
| project TimeGenerated, OperationName, ActivityStatus
| take 10
Task 4: Understand Azure Monitor Alerts
Alerts proactively notify you when conditions are met:
| Alert component | Description |
|---|---|
| Alert rule | Condition that triggers the alert |
| Action group | Who gets notified and how (email, SMS, webhook) |
| Severity | 0 (Critical) to 4 (Verbose) |
Alert types:
| Type | Triggers on | Example |
|---|---|---|
| Metric alert | Metric threshold crossed | CPU > 90% for 5 minutes |
| Log alert | Log query returns results | Error count > 10 in 1 hour |
| Activity log alert | Azure operation occurs | VM deleted, policy changed |
| Service Health alert | Azure service issue | Outage in your region |
Task 5: Understand Application Insights
Application Insights monitors live web applications:
| Feature | What it detects |
|---|---|
| Request rates | Traffic patterns and throughput |
| Response times | How fast your app responds |
| Failure rates | Error percentages |
| Dependencies | External service call performance |
| Page views | User behavior and browser performance |
| Availability tests | Is your app reachable? |
Use case: A web application is slow. Application Insights shows:
- Which requests are slow
- Which dependency (database? API?) is the bottleneck
- Which users are affected
- When the problem started
# List Azure Monitor alert rules
az monitor metrics alert list --output table 2>/dev/null || echo "No alert rules configured"
# List Log Analytics workspaces
az monitor log-analytics workspace list --query "[].{Name:name, Location:location}" --output table 2>/dev/null || echo "No workspaces found"
# View recent activity log
az monitor activity-log list --max-events 5 --query "[].{Time:eventTimestamp, Operation:operationName.localizedValue, Status:status.localizedValue}" --output table
Key Concepts
| Concept | Description |
|---|---|
| Azure Monitor | Comprehensive monitoring platform for Azure resources |
| Metrics | Numerical time-series data (CPU %, memory, requests) |
| Logs | Detailed event and diagnostic data |
| Log Analytics | Tool for querying logs using KQL |
| KQL | Kusto Query Language — read-only language for log analysis |
| Alerts | Notifications triggered by conditions (metric/log/activity) |
| Action groups | Define who is notified and how when alerts fire |
| Application Insights | APM tool for monitoring live web applications |
Knowledge Check
1. Which Azure service collects and analyzes telemetry from Azure resources?
2. What tool within Azure Monitor allows you to write queries to analyze log data?
3. A team wants to be notified by email when VM CPU usage exceeds 90% for more than 5 minutes. What should they configure?
4. Which Azure Monitor feature is specifically designed to monitor live web applications?
5. What is the difference between Azure Monitor Metrics and Azure Monitor Logs?
🎉 Congratulations!
You've completed all 24 AZ-900 challenges! Here's what to do next:
- Review the Coverage Matrix to ensure you've covered all exam skills
- Take the Microsoft Practice Assessment
- Schedule your exam at Pearson VUE
- Next step: Consider AZ-104: Azure Administrator for deeper hands-on skills
Learn More
- 📚 Study Guide AZ-900 — Curated study materials
- Microsoft Learn: Describe monitoring tools in Azure
- Azure Monitor documentation
- Application Insights documentation