Recommend a solution for routing logs<\/strong><\/p>\n\n\n\n Recommend a monitoring solution<\/strong><\/p>\n\n\n\n Metrics<\/strong>, logs<\/strong>, and distributed traces <\/strong>are commonly referred to as the three pillars of observability<\/strong>. Observability can be achieved by correlating <\/strong>data from multiple pillars<\/strong> and aggregating data <\/strong>across the entire set of resources being monitored.<\/p>\n\n\n\n Design for Azure Monitor data sources – Training | Microsoft Learn<\/strong><\/a><\/p>\n\n\n\n Azure Monitor overview – Azure Monitor | Microsoft Learn<\/strong><\/a><\/p>\n\n\n\n Azure Monitor<\/a> <\/strong>is a common monitoring data platform that includes metrics, logs, traces, and changes, and it monitors various data sources. The platform offers many features that support two primary components: Logs<\/strong> and Metrics<\/strong>.<\/p>\n\n\n\n Azure Monitor Logs<\/strong><\/a> lets you collect <\/strong>and organize <\/strong>data from resources that you monitor. You configure what data is gathered and organized on the platform. Other features in Azure Monitor automatically store their data in Logs. You can use the stored data with your collected data to help monitor the performance of your environment. Workflow:<\/p>\n\n\n\n 1. Collect <\/strong>any data by using Azure Monitor data collection methods. Data Collection:<\/p>\n\n\n\n Azure Monitor data sources and data collection methods<\/a> Azure Monitor Metrics<\/a><\/strong> is a feature of Azure Monitor that collects numeric <\/strong>data from monitored resources into a time-series database<\/strong>. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time<\/strong>.<\/p>\n\n\n\n Types of metrics and destinations:<\/p>\n\n\n\n Platform and custom metrics are stored for 93 days<\/strong> with the following exceptions: Wider view:<\/p>\n\n\n\n Understand how it pulls together data from all over: <\/p>\n\n\n\n Apps Identify data sources and access method \u00b7 Data tiers go from Azure applications (highest tier) to Azure platform components Know how it collects metrics and logs, stores them in places like log analytics, and then uses Diagnostic Settings<\/strong> to route that data to different destinations like event hubs<\/strong> or workspaces, archives to Storage Accounts <\/strong>for longer term storage or sends to a partner solution, <\/strong>like Splunk.<\/strong><\/p>\n\n\n\n You can set up to five <\/strong>of these per resource<\/strong> so be ready to configure and explain them.<\/p>\n\n\n\n This is a core monitoring and logging skill set that you’ll need to know for the exam.<\/p>\n\n\n\n Verify:<\/p>\n\n\n\n Analyze log treatment: <\/p>\n\n\n\n Where the logs need to be directed after they are generated and how to direct <\/strong>them to where they need to be.<\/p>\n\n\n\n There are different possible destinations <\/strong>for each kind of log.<\/p>\n\n\n\n Design for Azure Monitor Logs (Log Analytics) workspaces.<\/a><\/strong><\/p>\n\n\n\n What is Log Analytics? \u00b7 Azure Monitor stores log data in the workspace Below are the destination of different types of logs for the internal Log Analytics tables:<\/p>\n\n\n\n We can run queries in these tables and get results using KQL<\/strong><\/p>\n\n\n\n Considerations for workspace access control<\/strong><\/p>\n\n\n\n Access can be Centralized<\/strong>, Decentralized <\/strong>or Hybrid<\/strong>:<\/p>\n\n\n\n Centralized<\/strong>: All logs are stored in a central workspace and administered by a single team, with Azure Monitor providing differentiated access per-team.<\/p>\n\n\n\n Decentralized<\/strong>: Each team has their own workspace created in a resource group they own and manage, and log data is segregated per resource.<\/p>\n\n\n\n Hybrid<\/strong>: Security audit compliance requirements further complicate this scenario because many organizations implement both deployment models in parallel.<\/p>\n\n\n\n Considerations: Considerations for access mode
You can collect logs, manage log data and costs, and consume different types of data in one Log Analytics workspace<\/strong><\/a>, the primary Azure Monitor Logs resource.<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-11.png\")
<\/figure>\n\n\n\n
2. Manage <\/strong>and optimize log data and costs by configuring your Log Analytics workspace and log tables
3. Retrieve <\/strong>data in near-real time <\/strong>by using Kusto Query language (KQL)
4. Use <\/strong>data flexibly <\/strong>for a range of use cases, including data analysis, troubleshooting, alerting, dashboards and reports, custom applications, and other Azure or non-Azure services<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-3-1024x620.png\")
<\/figure>\n\n\n\n
Data collection transformations in Azure Monitor<\/a>.<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-4-1024x469.png\")
<\/figure>\n\n\n\n\n
\n
![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-2-1024x418.png\")
<\/figure>\n\n\n\n
– Classic guest OS metrics<\/strong>: at least 14 days, although no expiration date is defined
– Guest OS metrics collected by the Log Analytics agent<\/strong>: 31 days and can be extended up to 2 years
– Application Insights log-based metrics<\/strong>:31 days to 2 years
Moving or renaming <\/strong>an Azure Resource may result in a loss of metric history<\/strong> for that resource.<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-1-1024x810.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/azure-monitor-diagram.png\")
<\/figure>\n\n\n\n
Guest Operating Systems
Azure resources
Subscriptions
Entra ID<\/strong><\/p>\n\n\n\n
Azure Monitor collects data automatically <\/strong>from a range of components:<\/p>\n\n\n\n
(lowest tier)
\u00b7 The method of accessing data from each tier varies – for example, installing an agent
\u00b7 Each data tier can stream to different external systems
\u00b7 Prioritize and be deliberate on what data sources you need
\u00b7 Windows events
\u00b7 Linux syslog
\u00b7 Client performance data
\u00b7 Processes and dependencies (VM Insights)
\u00b7 Application text logs
. IIS logs
\u00b7 SNMP traps
\u00b7 Management pack data (SCOM)<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/Captura-de-tela-2026-04-05-153828-1024x459.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/azure-monitor-diagsettingsample.png\")
<\/figure>\n\n\n\n\n
<\/strong>Log Analytics is a service in that helps you collect and analyze data.<\/p>\n\n\n\n
\u00b7 Data in a workspace<\/strong> is organized into tables <\/strong>with properties you can query<\/strong>
A Log Analytics workspace provides:
\u00b7 A geographic location<\/strong> for data storage.
\u00b7 Data isolation by granting different users access rights <\/strong>following one of our recommended design strategies.
\u00b7 Scope for configuration<\/strong> of settings like pricing <\/strong>tier, retention<\/strong>, and data capping<\/strong>.<\/p>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/Captura-de-tela-2026-04-05-160351.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image.png\")
<\/figure>\n\n\n\n
Centralized <\/strong>can bring latency<\/strong>, but is easier to maintain<\/strong> securely
Decentralized <\/strong>harder to manage, but can be more flexible<\/strong>
Hybrid <\/strong>is the most popular: centralize common logs, like security and auditing, and decentralize for application specific logs for each app team <\/p>\n\n\n\n
<\/strong>The access mode is how a user accesses the workspace and what data they can access.<\/p>\n\n\n\n
![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-5-1024x629.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-6.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-9-1024x610.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/proglab.com.br\/wp-content\/uploads\/2026\/04\/image-10-1024x741.png\")
<\/figure>\n\n\n\n