In the introduction to this series, we acknowledged that it can be difficult at times to understand which tool to use when trying to work with metrics, especially when there is some overlap.

In this first part, we will start by exploring Log Analytics.



To give you a quick high-level overview of Azure Log Analytics, it’s capable of collecting log data from multiple sources, including (but not limited to):

  • Azure Active Directory (AAD)
  • Azure Activity
  • Diagnostics
  • Applications
  • Security
  • Storage

Note: You may see/notice in the latest Microsoft documentation, that they are using “Azure Monitor logs” instead of “Log Analytics”. We will use this latest term for the remainder of this series.


Where do logs come from?

Different sources of data for Azure Monitor will write to either a Log Analytics workspace (Logs) or the Azure Monitor metrics database (Metrics) or both. Some sources will write directly to these data stores, while others may write to another location such as Azure storage and require some configuration to populate logs or metrics.

Azure Monitor Logs can collect log data from a variety of sources both within Azure and from on-premises resources. For the most updated list of available sources, check out the following documentation: Sources of Azure Monitor Logs.


Azure Monitor Log (aka Log Analytics)

In Azure Monitor Logs, when you first set up a Workspace, you need to configure what performance metrics you will collect. By default, there is a list of common performance counters that you can enable out-of-the-box. These include disk, Memory, CPU, and Networking metrics.

Azure Monitor Logs – Common Windows Perf Counters

In Azure Monitor Logs you can also add additional counters, just by adding them from the list.

Azure Monitor Logs – Common Counters


The Counters

So, understanding some of the basics about Azure Monitor Logs, what are the actual counters that are available natively by default. Well, remember you still first need to add the performance counters (they’re not “turned on” by default). But, here’s what’s currently available, grouped by category:

Counter CategoryLog Analytics (Perf)
Processor(_Total)\% Processor Time
System(*)\Processor Queue Length

Processor(*)\% Processor Time
Processor(*)\% Privileged Time
Memory(*)\Available MBytes
Memory(*)\% Committed Bytes In Use

Memory(*)\Available MBytes Memory
Memory(*)\% Used Memory
Memory(*)\% Used Swap Space
LogicalDisk(*)\Avg. Disk sec/Read
LogicalDisk(*)\Avg. Disk sec/Write
LogicalDisk(*)\Current Disk Queue Length
LogicalDisk(*)\Disk Reads/sec
LogicalDisk(*)\Disk Transfers/sec
LogicalDisk(*)\Disk Writes/sec
LogicalDisk(*)\Free Megabytes
LogicalDisk(*)\% Free Space

Logical Disk(*)\% Used Inodes
Logical Disk(*)\Free Megabytes
Logical Disk(*)\% Used Space
Logical Disk(*)\Disk Transfers/sec
Logical Disk(*)\Disk Reads/sec
Logical Disk(*)\Disk Writes/sec
Network Adapter(*)\Bytes Received/sec
Network Adapter(*)\Bytes Sent/sec
Network Interface(*)\Bytes Total/sec

Network(*)\Total Bytes Transmitted
Network(*)\Total Bytes Received


Now let’s move onto looking at Azure Metrics.