- Understand what Azure Monitor is and how it gathers telemetry (metrics, logs, and traces) from your resources.
- Learn to use Metric Explorer to visualize and analyze performance trends in real time and historically.
- Explore Azure Monitor’s network insights to get a unified view of network health, connectivity, and diagnostics across your Azure resources.
What Azure Monitor collects (Telemetry types)
Azure Monitor ingests three primary telemetry types. The following table summarizes each type, the typical sources, and common storage/usage patterns.| Telemetry Type | What it is | Typical sources | Storage & common use |
|---|---|---|---|
| Metrics | Numerical measurements emitted at regular intervals (high-cardinality, low-latency) | Platform metrics (VM CPU, NIC throughput), resource metrics | Stored in the Metrics database; used for near-real-time monitoring, charts, and alert rules |
| Logs | Timestamped, structured/unstructured records (events, diagnostics) | Activity Logs, resource diagnostics, NSG flow logs, Firewall logs | Sent to Log Analytics workspaces, storage accounts, or Event Hubs; used for queries, forensic analysis, and dashboards |
| Traces | Distributed traces and application telemetry | Application Insights, OpenTelemetry instrumentation | Stored in Application Insights / Log Analytics; used for application performance management and root-cause analysis |
How telemetry is collected and where it goes
Azure Monitor ingests data via multiple mechanisms; choose the mechanism that fits the resource and the telemetry type you need:- Platform metrics and activity logs: automatically collected from Azure resources (no agent required).
- Resource diagnostics: enable Diagnostic Settings on resources to send resource logs and metrics to a Log Analytics workspace, storage account, or Event Hub.
- Guest-level telemetry: collect OS and application logs by installing an agent (Azure Monitor Agent or older Log Analytics agent).
- Network-specific telemetry: NSG flow logs, Azure Firewall logs, and Network Watcher diagnostics are available when those services are enabled and the diagnostic destination is configured.
Before you begin, ensure you have the necessary permissions to enable diagnostics (Contributor or Owner on resources) and access to a Log Analytics workspace to centralize logs and insights.
Enabling diagnostics and high-frequency metrics can increase ingestion and storage costs. Verify retention, sampling, and any traffic analytics settings before enabling logging at scale.
Metric Explorer — visualize, analyze, and act
Metric Explorer (inside Azure Monitor) provides interactive visualizations and fast exploration of metric time series data. Use it to build charts, analyze trends, and create alerts. Key features:- Interactive charting with selectable aggregations: Sum, Average, Min, Max, Count.
- Split and group by dimensions (for example, VM, NIC, or Availability Zone).
- Time range selection, smoothing, and live vs. historical comparison.
- Pin charts to dashboards, export data, or share visualizations.
- Open Azure Portal → Azure Monitor → Metrics.
- Select a resource or resource type, choose a metric namespace, and pick a metric (e.g., Network In/Out).
- Use “Aggregation” and “Apply splitting” (by dimension) to break down the metric.
- Save chart, pin to dashboard, or export CSV.
Network insights — end-to-end network visibility
Network Insights aggregates network telemetry into cross-resource views so you can understand topology, connectivity, traffic patterns, and health. Key capabilities:- Topology maps and resource-level views for quick comprehension of network layout and dependencies.
- Connectivity checks via Connection Monitor to validate end-to-end reachability and identify path issues.
- Traffic visibility with NSG flow logs and Traffic Analytics to analyze traffic patterns, identify suspicious activity, and inform security posture.
- Health and performance metrics for network resources such as VPN Gateways, Azure Firewall, and Application Gateways, with built-in diagnostics.
| Resource / Service | Telemetry available | How to collect |
|---|---|---|
| Network Security Group (NSG) | NSG flow logs (allow/deny, source/dest, ports) | Enable NSG flow logs via Network Watcher & Diagnostic Settings |
| Azure Firewall | Application/IP logs, threat intelligence, metrics | Configure Diagnostic Settings to Log Analytics or Storage |
| Connection Monitor | Hop-by-hop connectivity, TCP/ICMP checks | Enable Connection Monitor from Network Watcher |
| Network Watcher diagnostics | Packet capture, next hop, IP flow verify, NSG view | Enable Network Watcher in region and run diagnostics via portal or CLI |
Common usage patterns and troubleshooting workflow
- Start with Metrics: Use Metric Explorer to detect anomalies (spikes in latency, drops in throughput, CPU, etc.).
- Correlate with Logs: Run Log Analytics queries against the timespan of interest (NSG flow logs, firewall logs, activity logs).
- Run connectivity diagnostics: Use Connection Monitor, IP flow verify, and next-hop checks to validate path and routing.
- Drill into traces: If the issue is application-level latency, inspect Application Insights traces and dependencies.
- Remediate & automate: Create alert rules, automated actions, or runbooks based on detected conditions.
- Count NSG denies by source IP:
- Firewall blocked connections grouped by rule:
Links and references
- Azure Monitor overview
- Metrics in Azure Monitor
- Log Analytics and Azure Monitor Logs
- Network Watcher documentation
- Traffic Analytics overview
- How telemetry is collected and where it is stored.
- Demonstrations of Metric Explorer features and common usage patterns.
- How to enable and use Azure Monitor’s network insights to troubleshoot connectivity and analyze network health.