Microsoft Azure Operational Insights Preview Series – Collecting Logs from Azure Diagnostics (Part 16)

Previously on Microsoft Azure Operational Insights Preview Series:

This blog post is about a feature you may know or may not know about OpInsights. Besides ingesting data trough agents or SCOM OpInsights can ingest data trough Azure Storage as well. And you can place data in Azure Storage trough a Azure feature like Azure Diagnostics. So lets see how all this works.

First you will need to link your OpInsights workspace to your Azure Subscription and Add Azure Storage Account to it. You can check Part 10 of my series for this but your Azure you should have  the following configured for the storage:


Now that we have this in place let’s see what we actually can ingest. Azure Diagnostics can collect different types of data but currently OpInsights can ingest some of it. Currently the matrix of what logs can be ingested and from what source is the following:


Now let’s see how to configure Windows Event logs for a VM.

To do this you will need to go to the Azure Preview portal:

Click Browse –> Virtual Machines


Select one of the Virtual Machines for which  you want to activate Azure Diagnostics:


Click on the monitoring tile:


Select Diagnostics Settings and change status from Off to On:


Basically for Virtual Machine if you enable every Windows event log you can gather them. In my case I’ve also selected to collected everything from Verbose to Critical you can of course can decide to collect anything above warning.

You will also need to place these logs to the same storage account that is used by Operational Insights. When you are ready click save.

After around one hour if you execute the following query:

*  | Measure count() by SourceSystem

You should see Events from source Azure Storage showing up:


Of course you can enable Azure Diagnostics even with Azure PowerShell. You can find example for this along on how to enable Azure Diagnostics on Web roles and Work roles on the Azure Operational Insights documentation site.

4 thoughts on “Microsoft Azure Operational Insights Preview Series – Collecting Logs from Azure Diagnostics (Part 16)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.