Introduction
One of the most frustrating parts of system administration is when something goes wrong and the first question is: “What happened?” Without proper monitoring, the answer is often guesswork. In Azure, two tools form the backbone of observability: Azure Monitor and Log Analytics.
Together, they collect metrics, logs, and insights across your environment, helping you diagnose issues, optimize performance, and meet compliance requirements. For administrators, this means fewer blind spots. For recruiters, experience with Monitor and Log Analytics signals that you can see the big picture, not just react to individual incidents.
Why Monitoring Matters
- Proactive detection: Catch performance issues before they become outages.
- Troubleshooting: Quickly identify root causes when problems occur.
- Optimization: Use data to right-size workloads and save money.
- Compliance and reporting: Provide evidence of monitoring for frameworks like SOC 2 or ISO 27001.
I once worked on an environment where slow application performance was blamed on “the servers.” After enabling Log Analytics, it turned out the bottleneck was actually in the application tier, not the VM. Having data to prove it shifted the conversation — and fixed the problem faster.
Azure Monitor vs Log Analytics
- Azure Monitor is the umbrella service. It collects metrics and telemetry from Azure resources.
- Log Analytics is the query engine. It lets you analyze logs with Kusto Query Language (KQL), build dashboards, and create alerts.
Think of Monitor as the pipeline bringing in the data, and Log Analytics as the microscope that helps you make sense of it.
Setting Up Log Analytics with CLI
Step 1: Create a Log Analytics Workspace
bash
az monitor log-analytics workspace create \
--resource-group MyResourceGroup \
--workspace-name MyLogWorkspace \
--location eastus
Step 2: Enable Diagnostics on a VM
bash
az monitor diagnostic-settings create \
--name MyDiagSettings \
--resource /subscriptions/<sub-id>/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVM \
--workspace MyLogWorkspace \
--logs '[{"category": "AuditEvent","enabled": true}]' \
--metrics '[{"category": "AllMetrics","enabled": true}]'
Step 3: Run a Basic KQL Query
kql
// Check CPU usage over the last hour
Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize avg(CounterValue) by bin(TimeGenerated, 5m), Computer
This kind of query lets you identify whether a VM’s CPU usage is spiking, and if so, when.
Best Practices I’ve Learned
- Always centralize logs in a single workspace for consistency.
- Build custom dashboards for leadership to show high-level health metrics.
- Set up alerts for critical events (like high CPU or failed logins).
- Use retention policies wisely — keep what you need for compliance, archive the rest.
- Regularly review your KQL queries to ensure they match evolving workloads.
Recruiter’s Perspective
Recruiters know that monitoring isn’t just a “nice to have” — it’s a requirement. When you can show hands-on experience with Azure Monitor and Log Analytics, it demonstrates that you:
- Work proactively, not just reactively.
- Can troubleshoot issues with data, not guesswork.
- Understand how to balance technical detail with business reporting.
Being able to say “I set up Log Analytics to monitor VM performance and built dashboards to track compliance KPIs” tells recruiters you bring value beyond uptime — you bring visibility and accountability.
Conclusion
Azure Monitor and Log Analytics provide the visibility administrators need to manage modern environments. They turn raw metrics and logs into actionable insights, enabling proactive problem-solving, cost optimization, and compliance readiness.
For administrators, mastering these tools means fewer surprises and better control. For recruiters, it shows that you’re not just keeping systems alive — you’re building a monitoring foundation that supports both IT and the business.