MP University is free 1 day online training event that focuses on SCOM and Azure. As you know for the past several weeks I have been blogging about Azure Monitor Alerts so when I was offered the opportunity to do online session on that topic – I was all in. Besides blogging I also like presenting. Being able to do that online is good for me due to my busy schedule (both personal and work one). So if you are interested on that topic and seeing more of what I have blogged or any of the other sessions in the event please go here and sign up.
Tag: Log Analytics
Set Per Table Retention in Log Analytics via ARM Template
This will be a short blog post but I hope still interesting one as I will provide example how to set per table retention in Log Analytics. Several weeks ago the Azure Monitor team has provided option to set retention period per table instead of just having retention period for the whole workspace.
Update 17.10.2019: If you set per table retention you will not be able to delete the workspace. You will get web request error 500 when you try that in the portal. To delete the workspace you will have to reset the value for every table with tool like ARM client. Example with Perf table below:
ARMClient.exe put "/subscriptions/22391568-8971-4320-b4be-08beb4919e9a/resourcegroups/loganalytics/providers/microsoft.operationalinsights/workspaces/ws000001/tables/Perf?api-version=2015-03-20" "{'properties':{'retentionInDays':null}}"
Update 17.10.2019: Just a few hours later Azure Monitor team fixed the issue. That is what I call fast support. Kudos to Azure Monitor team for being such proactive.
Azure Monitor Alert Series – Part 8
We are now on part 8 of these series. This blog post will be shorter compared to the others due to the nature of the alert we will cover in it. This time we will explore Azure Monitor for VMs alerts. Before proceeding to the alert part I should mention that Azure Monitor for VMs is in public preview. Always proceed with caution when using preview features as there might be some things missing compared to services/features that are general available.
Update 16.10.2019: A few hours after I have released this blog post the following announcement was made Updates to Azure Monitor for virtual machines (preview) before general availability release
To understand better the Azure Monitor for VMs alerts we need to understand better how the solution works. The solution itself consists of 3 major features:
- Gathering performance data trough performance counters from Windows and Linux VMs
- Visualizing maps of TCP communication on the VMs (via Service Map)
- Discovering and showing VM health data
Azure Monitor Alert Series – Part 7
On this blog post we will cover Azure Monitor Log Alerts. You might know them as Log Analytics alerts but a long time has passed when Log Analytics was standalone service that was not part of Azure Monitor. You may have noticed some UI improvements of those but the biggest improvements were actually under the hood. To my opinion this migration was executed very good with a lot of issues for the customers. No it was not perfect migration but taking into considerations all the complexity of such migrations I would say it was well executed and with thought for the customers. To be honest I will also say that these types of alert are my favorite. The simple reason for that is because by using Kusto queries I have way more room to improvise. Of course the alerts have their own downsides as well but that is the beauty of Azure Monitor alerts. You have flexible choices without being forced to specific one. Enough with the flattery and continue to the interesting parts of this blog post.
As I have mentioned before in Part 1 of the series we have two sub types:
- Number of results
- Metric Measurement
Azure Monitor Alerts Series – Part 1
Alerts are important part of our monitoring and probably the most important one. Getting data and visualizing it is the foundation for alerts but in order to move to actual monitoring you need alerts. I can tell you nobody sits all day in front of dashboard and looks at visualized data. Alerts are also our knowledge of our applications and infrastructure gathered to help us when things are not going as planned. I wanted to write this blog post series for quite some time and I think this is the right time to do it. The reason for that is Classic Azure alerts are being deprecated and the vision of unified alerting capabilities is coming together and becoming more powerful… sort of. I will comment on parts that I think could and should be improved and hopefully they will be. I also expect some new features around Ignite as usually that is when Microsoft reveals some new stuff. They actually do it all the time it just the end development of some features matches Ignite conference time frame.
Cloud Administrator in Azure World 