Azure Monitor lets you collect data from multiple sources, including Azure and on-premises resources. Behind the scenes, Log Analytics performs log collection and searching, which is now part of Azure Monitor along with Application Insight, Azure Advisor, and other services.
Latest posts by Travis Roberts (see all)

You can add computers to Azure Monitor by installing the Microsoft Monitoring agent. You need to create a Log Analytics workspace before adding computers. The following information covers setting up a workspace, configuring servers for Azure Monitor, and verifying they are connected.

Workspace setup

The first step is setting up the workspace. Log into Azure, go to Azure Monitor, and select Logs. This will start the Log Analytics workspace creation process. If selecting Logs displays a search window instead of the option below, a workspace already exists, and you can go to the next section.

Log Analytics workspace setup

Select the option to Create New and enter a workspace name. This name has to be globally unique and is limited to letters, numbers, and the "-" symbol without spaces. Next, select the subscription for the workspace and then create a new Resource group or add to an existing one.

When you select a location, keep in mind the price may vary based on the location you select. Check Microsoft's pricing page for current pricing. Workspaces set up after April 2018 will only have the Per GB option for pricing. Click OK to create the workspace.

Log Analytics pricing tier

Log Analytics pricing tier

That's all there is to it! However, at this point the workspace is not collecting much data, and its usefulness is limited. To start collecting data, there are two steps: add the virtual machines (VMs) and configure workspace logging.

Adding Azure VMs

Start by adding servers to the workspace. Go into the workspace created in the previous step, and select Virtual Machines. A list of available VMs display their connection status. The connection status will show Not connected, Connected to another workspace, or This workspace. Click on a server you want to add, and you will see the option to connect. You also have the option to disconnect servers from that location. In the background, Azure uses an extension to add the Microsoft Monitoring Agent to the server.

Add Azure VMs

Add Azure VMs

Azure VM connection status

Azure VM connection status

You can also configure clients using the Azure Extension with PowerShell, the command-line interface, or with an Azure Resource Manager (ARM) template. Below is an example using PowerShell. You will need a workspace ID and workspace key for the installation, which you can find in the Advanced settings on the workspace.

$PublicSettings = @{"workspaceId" = "WORKSPACE_ID"}
$ProtectedSettings = @{"workspaceKey" = "WORKSPACE_KEY=="}
$ResourceGroup = "RESOURCE_GROUP"
$Location = (Get-AzureRmResourceGroup $ResourceGroup).Location
Set-AzureRmVMExtension -ExtensionName "Microsoft.EnterpriseCloud.Monitoring" `
    -ResourceGroupName $ResourceGroup `
    -VMName $VMName `
    -Publisher "Microsoft.EnterpriseCloud.Monitoring" `
    -ExtensionType "MicrosoftMonitoringAgent" `
    -TypeHandlerVersion 1.0 `
    -Settings $PublicSettings `
    -ProtectedSettings $ProtectedSettings `
    -Location $Location

Adding on-premises computers

There is an option to run the agent installation locally on the server. Start by downloading the Windows or Linux agent from the Advanced settings page of the workspace. This requires the workspace ID and key for installation, also located in Advanced settings. It is possible to configure a server outside of Azure with the agent installation, thus allowing for the deployment to on-premises servers or running it in other cloud services (providing they have access to the internet.)

You can run the agent from the server with the executable. You can also push the client to non-Azure servers using deployment solutions such as the System Center Configuration Manager (SCCM). Accomplish this by downloading and extracting the software with the command below, replacing the executable with the version you downloaded and the <path> with the location you want to extract it to:

MMASetup-AMD64.exe /c /t:<path>

Next, create a batch file with the following line of code and place it in the folder where you extracted the software. Update WORKSPACE_ID and WORKSPACE_KEY with settings for your workspace. This will run a silent install, connecting the agent to your workspace.


Workspace configuration

You need to configure the workspace to collect data after connecting the servers. Set this under Workspace, Advanced Settings, Data. Select the types of data to collect from this location. There are several options for data to collect, including Windows Event Logs, Windows and Linux Performance Counters, IIS Logs, Syslogs, and Custom Logs, and Custom Fields.

To get started, add the Windows application and system event logs. Go to Windows Event Logs and enter Application to collect events from these logs. Click on the "+" sign to add it to the list. Notice the options to set the level of event log collection: Error, Warning, Informational, or a combination of the three. Repeat the steps for the System log.

Add Windows Event Logs

Add Windows Event Logs

Next, select Windows Performance Counters. The next example shows the preselected performance counters.

Add Windows Performance Counters

Add Windows Performance Counters

Modify the sample interval and add or remove performance counters as needed in your environment. Keep in mind that the price for this service is based on data consumption, and these settings will affect the amount of data collected. I've changed the sample interval from 10 to 30 seconds in this example.

Click on Save after making the changes to update the workspace.

Save Data collection settings

Save Data collection settings

Verifying clients

It will take several minutes for the clients to collect and send the data to Log Analytics. Use the Heartbeat log to list all the servers connected to the Log Analytics workspace. You can do this by going into Logs and running the following command:

View connected clients

View connected clients

The command below shows how to query the % Processor Time metric and chart the results.

Subscribe to 4sysops newsletter!

Graph performance counter

Graph performance counter


Azure Monitor uses Log Analytics for log collection and searching. The first step to using Azure Monitor is to set up a Log Analytics workspace. You can add Azure VMs using the Azure Extension and add non-Azure VMs by installing the agent. Just configure the workspace to collect data from the clients. You can find these settings under the workspace advanced settings. Verify the clients are communicating with the workspace by searching the Heartbeat log for distinct computer names.

  1. Avatar
    Andre++ 2 years ago

    Now, what processes are running on the monitored host? How can you see the AMA on the VM? Microsoft Monitoring Agent aka Log Analytics agent also has a GUI (open from Control panel) and you can see it replaces the SCOM agent (without impairing SCOM monitoring, the agent is just multihoming). Does AMA have all this too?

  2. Avatar
    DEEPAK DUBEY 10 months ago

    Is it possible to monitor on premises Firewalls and switches in Azure?

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account