In the introduction to this series, we acknowledged that it can be difficult at times to understand which tool to use when trying to work with metrics, especially when there is some overlap.
In this first part, we will start by exploring Log Analytics.
Overview
To give you a quick high-level overview of Azure Log Analytics, it’s capable of collecting log data from multiple sources, including (but not limited to):
- Azure Active Directory (AAD)
- Azure Activity
- Diagnostics
- Applications
- Security
- Storage
Note: You may see/notice in the latest Microsoft documentation, that they are using “Azure Monitor logs” instead of “Log Analytics”. We will use this latest term for the remainder of this series.
Where do logs come from?
Different sources of data for Azure Monitor will write to either a Log Analytics workspace (Logs) or the Azure Monitor metrics database (Metrics) or both. Some sources will write directly to these data stores, while others may write to another location such as Azure storage and require some configuration to populate logs or metrics.
Azure Monitor Logs can collect log data from a variety of sources both within Azure and from on-premises resources. For the most updated list of available sources, check out the following documentation: Sources of Azure Monitor Logs.
Azure Monitor Log (aka Log Analytics)
In Azure Monitor Logs, when you first set up a Workspace, you need to configure what performance metrics you will collect. By default, there is a list of common performance counters that you can enable out-of-the-box. These include disk, Memory, CPU, and Networking metrics.

In Azure Monitor Logs you can also add additional counters, just by adding them from the list.

The Counters
So, understanding some of the basics about Azure Monitor Logs, what are the actual counters that are available natively by default. Well, remember you still first need to add the performance counters (they’re not “turned on” by default). But, here’s what’s currently available, grouped by category:
Counter Category | Log Analytics (Perf) |
---|---|
CPU | Windows: Processor(_Total)\% Processor Time System(*)\Processor Queue Length Linux: Processor(*)\% Processor Time Processor(*)\% Privileged Time |
Memory | Windows: Memory(*)\Available MBytes Memory(*)\% Committed Bytes In Use Linux: Memory(*)\Available MBytes Memory Memory(*)\% Used Memory Memory(*)\% Used Swap Space |
Disk | Windows: LogicalDisk(*)\Avg. Disk sec/Read LogicalDisk(*)\Avg. Disk sec/Write LogicalDisk(*)\Current Disk Queue Length LogicalDisk(*)\Disk Reads/sec LogicalDisk(*)\Disk Transfers/sec LogicalDisk(*)\Disk Writes/sec LogicalDisk(*)\Free Megabytes LogicalDisk(*)\% Free Space Linux: Logical Disk(*)\% Used Inodes Logical Disk(*)\Free Megabytes Logical Disk(*)\% Used Space Logical Disk(*)\Disk Transfers/sec Logical Disk(*)\Disk Reads/sec Logical Disk(*)\Disk Writes/sec |
Network | Windows: Network Adapter(*)\Bytes Received/sec Network Adapter(*)\Bytes Sent/sec Network Interface(*)\Bytes Total/sec Linux: Network(*)\Total Bytes Transmitted Network(*)\Total Bytes Received |
Now let’s move onto looking at Azure Metrics.