Introduction
Azure Monitor is essential for observing the performance and health of Azure resources at scale. In this advanced tutorial, we will configure a complete environment including Log Analytics, multi-condition alerts, and dynamic dashboards. You will learn to collect custom metrics and automate incident responses. This guide is aimed at DevOps and SRE engineers seeking to industrialize their monitoring practices.
Prerequisites
- Azure account with Owner rights on a subscription
- Azure CLI 2.60+ installed
- Solid knowledge of KQL and PowerShell
- Existing Application Insights resource
Create the Log Analytics Workspace
#!/bin/bash
az monitor log-analytics workspace create \
--resource-group rg-monitoring \
--workspace-name law-prod-advanced \
--location westeurope \
--sku PerGB2018This command creates a Log Analytics workspace optimized for long-term retention and advanced log analysis.
Configure Data Collection
{
"properties": {
"dataSources": {
"performanceCounters": [{
"streams": ["Microsoft-InsightsMetrics"],
"samplingFrequencyInSeconds": 60,
"name": "perfCounters"
}]
},
"destinations": {
"logAnalytics": [{
"workspaceResourceId": "/subscriptions/xxx/resourceGroups/rg-monitoring/providers/Microsoft.OperationalInsights/workspaces/law-prod-advanced"
}]
}
}
}The Data Collection Rule precisely defines which performance counters are sent to the workspace, avoiding unnecessary data overload.
Create a Multi-Condition Alert
$actionGroup = New-AzActionGroup -ResourceGroupName rg-monitoring -Name ag-critical -ShortName critical
$condition = New-AzMetricAlertRuleV2Criteria -MetricName "Percentage CPU" -Operator GreaterThan -Threshold 85 -TimeAggregation Average
New-AzMetricAlertRuleV2 -Name "HighCPU-Alert" -ResourceGroupName rg-monitoring -TargetResourceId "/subscriptions/xxx/..." -Condition $condition -WindowSize 00:05:00 -Frequency 00:01:00 -ActionGroupId $actionGroup.Id -Severity 1This PowerShell script creates a composite alert with an action group for immediate notification via Teams or email.
Advanced KQL Query
InsightsMetrics
| where TimeGenerated > ago(1h)
| where Name == "Percentage CPU"
| summarize avg(Val) by bin(TimeGenerated, 5m), Computer
| where avg_Val > 80
| render timechartThis KQL query optimizes CPU metric analysis with time-based aggregation and direct visualization in dashboards.
Dashboard with ARM Template
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [{
"type": "Microsoft.Portal/dashboards",
"apiVersion": "2022-12-01-preview",
"name": "monitoring-advanced-dashboard",
"location": "westeurope",
"properties": {
"lenses": {
"0": {
"parts": [{
"position": {"x": 0, "y": 0, "rowSpan": 4, "colSpan": 6},
"metadata": {"type": "Extension/HubsExtension/PartType/MonitorChartPart"}
}]
}
}
}
}]
}This ARM template deploys a ready-to-use dashboard with key metric visualizations for operational teams.
Best Practices
- Always use Data Collection Rules to filter data
- Configure alerts with dynamic thresholds based on historical behavior
- Centralize logs in a single workspace per environment
- Add systematic tags to all monitored resources
- Automate deployment via Infrastructure as Code
Common Mistakes to Avoid
- Forgetting to link the workspace to resources via DCR (no data collected)
- Creating too many static alerts without correlation
- Ignoring Log Analytics retention and storage costs
- Not testing KQL queries with large data volumes
Further Reading
Deepen your skills with our advanced Azure training.