Understand the essential information about the built-in Log Queries in Azure


Azure offers a variety of built-in log queries that can be accessed via Azure Monitor and Log Analytics. These queries are predefined to help users quickly gain insights from their Azure resources and services. Built-in queries typically focus on common use cases such as monitoring infrastructure, security, performance, and diagnostics. Here’s an overview of key built-in log queries in Azure:

Activity Log Queries

These queries are used to access the Azure Activity Log, which records all management events in Azure, such as resource creation, modification, and deletion.

  1. Failed Login Attempts:

  1. Resource Deletions:

Security Log Queries

Azure Sentinel provides built-in queries that can help monitor and detect security-related events. These queries are often used to detect suspicious behavior, such as unauthorized access or potential threats.

  1. Failed Sign-ins (Security):

  1. Unusual User Activity:

  1. Suspicious PowerShell Commands:

Performance Log Queries

These queries monitor the performance of virtual machines, applications, and other resources in your Azure environment.

  1. CPU Utilization on Virtual Machines:

  1. Memory Usage on Virtual Machines:

  1. Disk I/O Performance:

Azure Resource Usage Queries

These queries focus on the usage metrics of various Azure resources, like storage accounts, networking, etc.

  1. Storage Account Activity:

  1. Azure Network Traffic:

Application Insights Queries

Built-in queries are also available for analyzing application performance, traces, and requests for applications monitored by Application Insights.

  1. Request Failure Rate:

  1. Top Exceptions by Count:

  1. Slowest Requests:

Azure Kubernetes Service (AKS) Logs

For Azure Kubernetes Service (AKS), there are built-in queries to monitor Kubernetes clusters and containers.

  1. AKS Cluster Health:

  1. Pod Restarts:

Azure Firewall Logs

For monitoring Azure Firewall and network security, there are queries that help track activity logs, traffic analytics, and other key metrics.

  1. Firewall Drop Log:

  1. Firewall Allowed Traffic:

Alert and Diagnostic Queries

Built-in diagnostic queries help you view alerts triggered by various Azure services.

  1. Active Alerts:

  1. Triggered Alerts for Resource:

Custom Logs and Application Data Queries

Custom queries can be used to search custom log data that you have configured in Log Analytics.

  1. Custom Log Search:

How to Use Built-in Queries

To use built-in queries:

  1. Go to Azure Portal.

  2. Navigate to Azure Monitor or Log Analytics.

  3. Select Logs.

  4. In the query window, you’ll find the "Built-in" queries under the "Query Explorer" section.

  5. Click on the desired query to run it, or modify it to fit your needs.

Summary

These built-in queries are a great starting point for common monitoring, performance, security, and diagnostic tasks in Azure. You can adapt and expand on them based on your specific use cases.

Related Articles


Rajnish, MCT

Leave a Reply

Your email address will not be published. Required fields are marked *


SUBSCRIBE

My newsletter for exclusive content and offers. Type email and hit Enter.

No spam ever. Unsubscribe anytime.
Read the Privacy Policy.