WEBVTT

0:00:03.320000 --> 0:00:07.340000
 Hi, welcome to this video
 on Azure Monitor.

0:00:07.340000 --> 0:00:11.120000
 In this video, we're going to take a
 look at what Azure Monitor is, and

0:00:11.120000 --> 0:00:16.340000
 then jump into a demonstration of what
 you can do with Azure Monitor.

0:00:16.340000 --> 0:00:18.860000
 So let's go ahead and get started.


0:00:18.860000 --> 0:00:24.520000
 In other videos, I've talked about
 the number of places and the number

0:00:24.520000 --> 0:00:29.000000
 of resources that collect diagnostic
 data and performance data.

0:00:29.000000 --> 0:00:33.160000
 I could have a virtual machine, I could
 have a virtual network, and I

0:00:33.160000 --> 0:00:35.800000
 can really look at information
 on both of these.

0:00:35.800000 --> 0:00:40.660000
 So maybe I have some performance data
 on my virtual machine, and I go

0:00:40.660000 --> 0:00:45.500000
 to my activity log for
 my virtual network.

0:00:45.500000 --> 0:00:48.600000
 And that's fine if I've
 got two resources.

0:00:48.600000 --> 0:00:51.720000
 But what if you've got hundreds
 or thousands of resources?

0:00:51.720000 --> 0:00:55.640000
 Going to each individual resource and
 going to the blade for that resource

0:00:55.640000 --> 0:00:57.960000
 in the portal can get
 to be cumbersome.

0:00:57.960000 --> 0:01:02.660000
 And that's really, to me, the
 value of Azure Monitor.

0:01:02.660000 --> 0:01:06.420000
 Azure Monitor is this really
 global resource.

0:01:06.420000 --> 0:01:12.340000
 And what it's doing is it's centralizing
 and collecting the diagnostic

0:01:12.340000 --> 0:01:16.900000
 information, the monitoring information
 from your various resources.

0:01:16.900000 --> 0:01:20.760000
 And it's giving you a centralized
 point of reference.

0:01:20.760000 --> 0:01:25.700000
 So you can pull up those performance
 graphs, but rather than having to

0:01:25.700000 --> 0:01:30.240000
 go to each individual resource, I've
 got a centralized location for those.

0:01:30.240000 --> 0:01:33.260000
 And not only do I have a centralized
 location, but I can compare across

0:01:33.260000 --> 0:01:34.680000
 different resources.

0:01:34.680000 --> 0:01:39.360000
 And I get some pretty cool added capabilities,
 such as the ability to

0:01:39.360000 --> 0:01:46.100000
 view the network topology within a
 given resource group, for example.

0:01:46.100000 --> 0:01:50.560000
 All right, now that does not preclude
 you from still going to the individual

0:01:50.560000 --> 0:01:52.740000
 resources and seeing
 their information.

0:01:52.740000 --> 0:01:55.540000
 It just gives you really
 a better way to do that.

0:01:55.540000 --> 0:01:58.980000
 And there's other capabilities
 within Azure Monitor as well.

0:01:58.980000 --> 0:02:04.060000
 For example, one of the things that you'll
 find as you go forward in Azure,

0:02:04.060000 --> 0:02:09.520000
 as Azure continues to evolve, is that
 the concept of Azure Monitor and

0:02:09.520000 --> 0:02:13.200000
 the concept of a resource called Log
 Analytics are starting to become

0:02:13.200000 --> 0:02:17.000000
 very much blurred as far
 as which is which.

0:02:17.000000 --> 0:02:21.200000
 You can have Log Analytics, which is
 a much more advanced and powerful

0:02:21.200000 --> 0:02:28.780000
 way of collecting and really presenting
 and aggregating diagnostic data

0:02:28.780000 --> 0:02:30.160000
 and performance data.

0:02:30.160000 --> 0:02:33.140000
 And it has its own interface and query
 language, but that can be integrated

0:02:33.140000 --> 0:02:35.000000
 directly into Azure Monitor.

0:02:35.000000 --> 0:02:40.060000
 So it still provides that overall view
 of your diagnostic and performance

0:02:40.060000 --> 0:02:47.500000
 data. So let's go ahead and let's jump
 into a demonstration of Azure Monitor.

0:02:47.500000 --> 0:02:50.440000
 I'm really just going to take you pretty
 much on the tour of Azure Monitor.

0:02:50.440000 --> 0:02:55.840000
 And I definitely encourage you to go
 in in Azure Monitor and to really

0:02:55.840000 --> 0:02:58.440000
 kind of take hold of it and see some
 of the things that you can do with

0:02:58.440000 --> 0:03:02.560000
 it. All right, but let's go ahead and
 jump in and let's take a look at

0:03:02.560000 --> 0:03:10.420000
 Monitor. All right, so easiest way to
 get to monitor, just find Monitor

0:03:10.420000 --> 0:03:12.900000
 in your quick menu over here.

0:03:12.900000 --> 0:03:16.620000
 And I can click there and right
 away, right up at the top.

0:03:16.620000 --> 0:03:18.140000
 And I'm just going to work
 through this a little bit.

0:03:18.140000 --> 0:03:19.560000
 I'm not going into everything.

0:03:19.560000 --> 0:03:21.740000
 I've got the activity log.

0:03:21.740000 --> 0:03:27.940000
 And this activity log by default is
 showing all of the activity across

0:03:27.940000 --> 0:03:34.140000
 all three subscriptions that I currently
 have tied in to my primary Azure

0:03:34.140000 --> 0:03:37.760000
 80 tenant. And it's giving me all of
 them for the last six hours, which

0:03:37.760000 --> 0:03:41.040000
 as you can see, is taking a little bit
 of time and we'll take a look at

0:03:41.040000 --> 0:03:46.620000
 this when it comes back
 in just a moment.

0:03:46.620000 --> 0:03:48.740000
 Here I've got a list.

0:03:48.740000 --> 0:03:54.380000
 This is just showing
 the first 121 items.

0:03:54.380000 --> 0:03:56.300000
 And I can just scroll
 through here.

0:03:56.300000 --> 0:03:59.580000
 Now, the good news is in an earlier demonstration,
 I actually pulled this

0:03:59.580000 --> 0:04:05.060000
 up and it was essentially just completely
 full of these error messages.

0:04:05.060000 --> 0:04:10.460000
 And between demonstrations, I was able
 to go in and take a look and figure

0:04:10.460000 --> 0:04:13.100000
 out what was wrong and
 go and fix that.

0:04:13.100000 --> 0:04:15.960000
 So I'm not getting all those error
 messages, I'm happy to say.

0:04:15.960000 --> 0:04:19.640000
 All right. And I go up here and one thing,
 by the way, that's pretty cool.

0:04:19.640000 --> 0:04:22.520000
 And I didn't show you this.

0:04:22.520000 --> 0:04:26.620000
 But when I go and view any of these
 activities, I can actually create

0:04:26.620000 --> 0:04:31.060000
 an alert rule. So if I really wanted to
 be alerted when something happened,

0:04:31.060000 --> 0:04:31.720000
 and I found it here.

0:04:31.720000 --> 0:04:33.380000
 So that's something
 I need to know.

0:04:33.380000 --> 0:04:35.460000
 Pretty cool, I can just
 go in there and do that.

0:04:35.460000 --> 0:04:36.880000
 I can also filter this.

0:04:36.880000 --> 0:04:39.400000
 So instead of the last six hours,
 I get the last one hour.

0:04:39.400000 --> 0:04:46.820000
 I can specify event severity or
 even some kind of custom filter.

0:04:46.820000 --> 0:04:50.500000
 Shouldn't be anything there because
 nothing has happened there.

0:04:50.500000 --> 0:04:52.140000
 All right, so that's
 activity logs, right?

0:04:52.140000 --> 0:04:56.940000
 I can view my alerts, which right now,
 it's telling me I don't have any

0:04:56.940000 --> 0:04:58.800000
 alerts here and that's fine.

0:04:58.800000 --> 0:05:03.720000
 I can also go to metrics and
 I can build a metrics graph.

0:05:03.720000 --> 0:05:07.580000
 So here I can select resources.

0:05:07.580000 --> 0:05:12.780000
 So let's say that I want to go to, I remember
 where I've got some resources.

0:05:12.780000 --> 0:05:16.720000
 I actually have some resources
 and monitor as well.

0:05:16.720000 --> 0:05:22.300000
 And here are all the resources
 that I have in monitor.

0:05:22.300000 --> 0:05:31.140000
 There's one, when there, and
 I can pick, say, disk rights.

0:05:31.140000 --> 0:05:32.920000
 And now I just created this.

0:05:32.920000 --> 0:05:34.440000
 So I probably don't
 want last 24 hours.

0:05:34.440000 --> 0:05:37.900000
 I probably want last 30 minutes.

0:05:37.900000 --> 0:05:39.600000
 And there we go, nothing
 too exciting.

0:05:39.600000 --> 0:05:41.000000
 But here's what's pretty cool.

0:05:41.000000 --> 0:05:47.040000
 I can add another metric, okay, and
 actually change the resource.

0:05:47.040000 --> 0:05:51.100000
 Now I'm going to stay in the same resource
 group, but I don't have to.

0:05:51.100000 --> 0:05:57.200000
 And let's get the same thing here.


0:05:57.200000 --> 0:06:00.280000
 What was that? Disk rights bytes.

0:06:00.280000 --> 0:06:04.420000
 And there we go.

0:06:04.420000 --> 0:06:07.080000
 So I have a similar pattern for both and
 that's because that's the provisioning

0:06:07.080000 --> 0:06:09.380000
 process for both of them.

0:06:09.380000 --> 0:06:12.820000
 All right, but that's a pretty cool
 capability and I can actually share

0:06:12.820000 --> 0:06:13.440000
 this information.

0:06:13.440000 --> 0:06:14.840000
 I can download it.

0:06:14.840000 --> 0:06:16.920000
 I can give a link to someone.

0:06:16.920000 --> 0:06:23.400000
 I can have a line chart, area
 chart, bar chart, scatter.

0:06:23.400000 --> 0:06:25.440000
 All right, so there's my points.

0:06:25.440000 --> 0:06:28.720000
 Or I can just put that information out
 in a grid, which in this case isn't

0:06:28.720000 --> 0:06:31.300000
 going to be terribly exciting.

0:06:31.300000 --> 0:06:35.980000
 I can also create an alert rule based
 on this data or pen this graph to

0:06:35.980000 --> 0:06:38.700000
 the dashboard, which can be really,
 you can start to create some pretty

0:06:38.700000 --> 0:06:42.280000
 cool things. Now I have the ability
 to run log queries here.

0:06:42.280000 --> 0:06:44.580000
 I'm going to cover this in another
 video, so I'm not going to go into

0:06:44.580000 --> 0:06:47.180000
 this right now. Service health.

0:06:47.180000 --> 0:06:51.020000
 Now I will tell you the service health
 is supposed to give you a list

0:06:51.020000 --> 0:06:55.540000
 of any issues that have occurred in
 regions that you have selected.

0:06:55.540000 --> 0:06:58.060000
 And by default, I've got
 six regions selected.

0:06:58.060000 --> 0:07:00.120000
 These are ones I typically
 use in the US.

0:07:00.120000 --> 0:07:05.960000
 However, what I have found is that
 quite frankly, Twitter seems to be

0:07:05.960000 --> 0:07:10.540000
 a better source of information for this
 than this service health, because

0:07:10.540000 --> 0:07:14.640000
 I have definitely run into issues
 where there were service issues.

0:07:14.640000 --> 0:07:19.560000
 And Azure, the Azure team support team
 put those out on Twitter and I

0:07:19.560000 --> 0:07:22.560000
 came in and did not see anything
 under service health.

0:07:22.560000 --> 0:07:25.340000
 So just take that
 under advisement.

0:07:25.340000 --> 0:07:26.620000
 Also plan maintenance.

0:07:26.620000 --> 0:07:27.880000
 This is actually really cool.

0:07:27.880000 --> 0:07:33.820000
 What is expected in your region
 as far as any plan maintenance?

0:07:33.820000 --> 0:07:38.660000
 And then there's health advisories,
 which would be basic issues there

0:07:38.660000 --> 0:07:41.940000
 that may be occurring, may not,
 and then you see health history.

0:07:41.940000 --> 0:07:48.060000
 There's one issue that on
 10, three, seven days ago.

0:07:48.060000 --> 0:07:51.320000
 So that is service health.

0:07:51.320000 --> 0:07:54.820000
 Now insights, applications, virtual machine
 storage accounts, notice those

0:07:54.820000 --> 0:07:57.780000
 are all in, well, applications
 is existing.

0:07:57.780000 --> 0:08:00.200000
 That's if you have what's called
 application insights.

0:08:00.200000 --> 0:08:03.380000
 If you've got container logging
 set up, you've got that.

0:08:03.380000 --> 0:08:06.380000
 I'm going to show you networking in
 just a moment, which is pretty cool.

0:08:06.380000 --> 0:08:09.860000
 And then you've got diagnostic settings,
 which I've shown in other videos,

0:08:09.860000 --> 0:08:15.260000
 but that actually allows you to set up
 the diagnostic logging for different

0:08:15.260000 --> 0:08:19.840000
 resources. Right now, I'm going to actually
 pop over to network because

0:08:19.840000 --> 0:08:24.960000
 network watcher in and of
 itself is very powerful.

0:08:24.960000 --> 0:08:30.660000
 And what this does is you set up what
 is called network watcher and you

0:08:30.660000 --> 0:08:33.980000
 set it up in specific regions.

0:08:33.980000 --> 0:08:37.040000
 All right. So for example, I've got
 three different subscriptions and

0:08:37.040000 --> 0:08:41.820000
 you'll notice that in one of those subscriptions,
 it is partially enabled

0:08:41.820000 --> 0:08:45.060000
 because I have it in
 East US and West US.

0:08:45.060000 --> 0:08:47.500000
 Now, what does this do?

0:08:47.500000 --> 0:08:53.380000
 Well, this gives me a number of
 networking diagnostic tools.

0:08:53.380000 --> 0:09:00.020000
 Now, not all of these are available just
 by turning on the network watcher.

0:09:00.020000 --> 0:09:06.100000
 Some things, actually many things such
 as security rules, packet capture,

0:09:06.100000 --> 0:09:10.440000
 performance monitor, connection troubleshoot,
 those all require you to

0:09:10.440000 --> 0:09:15.780000
 install agents on virtual machines
 in specific virtual networks.

0:09:15.780000 --> 0:09:18.480000
 However, there are some pretty
 cool things that I can do.

0:09:18.480000 --> 0:09:25.660000
 For example, if I click network topology
 and I select a resource group,

0:09:25.660000 --> 0:09:30.940000
 here are the virtual networks
 in this resource group.

0:09:30.940000 --> 0:09:33.240000
 And I can see I've got
 two virtual networks.

0:09:33.240000 --> 0:09:35.720000
 Each virtual network has a subnet.


0:09:35.720000 --> 0:09:39.180000
 Each subnet has one NIC
 associated with it.

0:09:39.180000 --> 0:09:43.880000
 And each NIC is associated with a virtual
 machine and a public IP address.

0:09:43.880000 --> 0:09:50.940000
 And one of them, the VNet 1, has a security
 group, network security group

0:09:50.940000 --> 0:09:51.900000
 associated with it.

0:09:51.900000 --> 0:09:55.600000
 And if I click the icon, which I did
 a little bit before I said anything,

0:09:55.600000 --> 0:10:00.440000
 it will go over and actually navigate
 to the blade for that resource.

0:10:00.440000 --> 0:10:05.760000
 So this is an extremely useful
 drawing and environment.

0:10:05.760000 --> 0:10:11.880000
 What's pretty cool is if I were to establish,
 for example, a peering relationship

0:10:11.880000 --> 0:10:17.800000
 between these two, then that peering
 relationship would show up on this

0:10:17.800000 --> 0:10:21.060000
 diagram. I didn't set it up because
 I wanted to kind of show you what

0:10:21.060000 --> 0:10:23.520000
 it does and the different things
 that you can set up with it.

0:10:23.520000 --> 0:10:26.460000
 But that is the network topology.

0:10:26.460000 --> 0:10:28.420000
 So what does the monitor do?

0:10:28.420000 --> 0:10:33.900000
 Again, highest level, the Azure monitor
 is going to really centralize

0:10:33.900000 --> 0:10:37.020000
 pretty much all of your
 monitoring functions.

0:10:37.020000 --> 0:10:40.820000
 So this becomes your one-stop shop to
 go in and not only do things like

0:10:40.820000 --> 0:10:46.020000
 view activity log, view diagnostic
 logs, view performance monitoring,

0:10:46.020000 --> 0:10:50.780000
 but also do things like set up diagnostics
 for various resources.

0:10:50.780000 --> 0:10:55.560000
 And if you go over to the network watcher,
 you get a number of network

0:10:55.560000 --> 0:10:58.620000
 monitoring capabilities built
 into monitor as well.