| title | description | ms.date | ms.custom | ms.topic | ms.service |
|---|---|---|---|---|---|
Monitoring data reference for Azure Virtual Machines |
This article contains important reference material you need when you monitor Azure Virtual Machines. |
03/27/2024 |
horz-monitor |
reference |
virtual-machines |
[!INCLUDE horz-monitor-ref-intro]
See Monitor Azure Virtual Machines for details on the data you can collect for Azure Virtual Machines and how to use it.
[!INCLUDE horz-monitor-ref-metrics-intro]
Important
Metrics for the guest operating system (guest OS) that runs in a virtual machine (VM) aren't listed here. Guest OS metrics must be collected through one or more agents that run on or as part of the guest operating system. Guest OS metrics include performance counters that track guest CPU percentage or memory usage, both of which are frequently used for autoscaling or alerting.
Host OS metrics are available and listed in the following tables. Host OS metrics relate to the Hyper-V session that's hosting your guest OS session. For more information, see Guest OS and host OS metrics.
The following table lists the metrics available for the Microsoft.Compute/virtualMachines resource type.
[!INCLUDE horz-monitor-ref-metrics-tableheader] [!INCLUDE microsoft-compute-virtualmachines-metrics-include]
For an example that shows how to collect the Percentage CPU metric from a VM, see Get virtual machine usage metrics using the REST API.
The VM availability metric is currently in public preview. This metric value indicates whether a machine is currently running and available. You can use the metric to trend availability over time and to alert if the machine is stopped. VM availability displays the following values.
| Value | Description |
|---|---|
| 1 | VM is running and available. |
| 0 | VM is unavailable. The VM could be stopped or rebooting. If you shut down a VM from within the VM, it emits this value. |
| Null (dashed line) | State of the VM is unknown. If you stop a VM from the Azure portal, CLI, or PowerShell, it immediately stops emitting the availability metric, and you see null values. |
| Display name | Description |
|---|---|
| Aggregation | Average (default aggregation): for prioritized investigations based on extent of downtime incurred. Min: immediately pinpoints all the times where the VM was unavailable. Max: immediately pinpoints all the instances where the VM was available. For more information on chart range, granularity, and data aggregation, see Azure Monitor metrics aggregation and display explained. |
| Data retention | Data for the VM availability metric is stored for 93 days to help trend analysis and historical lookback. |
| Pricing | Refer to the Pricing breakdown, specifically in the Metrics and Alert Rules sections. |
To learn how to use the VM availability metric to monitor Azure Virtual Machine availability, see Use Azure Monitor to monitor Azure Virtual Machine availability.
[!INCLUDE horz-monitor-ref-metrics-dimensions-intro]
The dimension Logical Unit Number (LUN) is associated with some of the preceding metrics.
[!INCLUDE horz-monitor-ref-logs-tables]
| Table | Categories | Data collection method | Supports basic log plan | Queries |
|---|---|---|---|---|
| ADAssessmentRecommendation Recommendations generated by AD assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. |
workloads | Active Directory On-Demand Assessment | No | Yes |
| AzureActivity Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure. |
resources, audit, security | Export Activity log | No | Yes |
| CommonSecurityLog This table is for collecting events in the Common Event Format, that are most often sent from different security appliances such as Check Point, Palo Alto and more. |
security | Common Event Format (CEF) via AMA connector for Microsoft Sentinel | No | Yes |
| ConfigurationChange View changes to in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | Enable Change Tracking and Inventory | No | Yes |
| ConfigurationData View the last reported state for in-guest configuration data such as Files Software Registry Keys Windows Services and Linux Daemons |
management | Enable Change Tracking and Inventory | No | Yes |
| ContainerLog Log lines collected from stdout and stderr streams for containers. |
container, applications | Container Insights | No | Yes |
| DnsEvents | network | Stream and filter data from Windows DNS servers with Azure Monitor Agent | No | Yes |
| DnsInventory | network | Stream and filter data from Windows DNS servers with Azure Monitor Agent | No | - |
| Event Events from Windows Event Log on Windows computers using Azure Monitor Agent Analytics agent. |
virtualmachines | Collect events with Azure Monitor Agent | No | Yes |
| HealthStateChangeEvent Workload Monitor Health. This data represents state transitions of a health monitor. |
undefined | VM Insights | No | - |
| Heartbeat Records logged by Azure Monitor Agent once per minute to report on agent health. |
virtualmachines, container, management | Azure Monitor Agent | No | Yes |
| InsightsMetrics Table that stores metrics. 'Perf' table also stores many metrics and over time they all will converge to InsightsMetrics. |
virtualmachines, container, resources | VM Insights, Container Insights | No | Yes |
| Perf Performance counters from Windows and Linux agents that provide insight into the performance of hardware components operating systems and applications. |
virtualmachines, container | Collect performance counters from VMs with Azure Monitor Agent | No | Yes |
| ProtectionStatus Antimalware installation info and security health status of the machine: |
security | Enable Azure Monitor Agent in Defender for Cloud | No | Yes |
| SQLAssessmentRecommendation Recommendations generated by SQL assessments that are started through a scheduled task. When you schedule the assessment it runs by default every seven days and uploads the data into Azure Log Analytics. |
workloads | SQL Server On-Demand Assessment | No | Yes |
| SecurityBaseline | security | Enable Azure Monitor Agent in Defender for Cloud | No | - |
| SecurityBaselineSummary | security | Enable Azure Monitor Agent in Defender for Cloud | No | - |
| SecurityEvent Security events collected from windows machines by Azure Security Center or Azure Sentinel. |
security | Windows Security Events via AMA connector for Microsoft Sentinel | No | Yes |
| Syslog Syslog events on Linux computers using Azure Monitor Agent. |
virtualmachines, security | Collect Syslog events with Azure Monitor Agent | No | Yes |
| Update Details for update schedule run. Includes information such as which updates where available and which were installed. |
management, security | Enable Update Management | No | Yes |
| UpdateRunProgress Breaks down each run of your update schedule by the patches available at the time with details on the installation status of each patch. |
management | Enable Update Management | No | Yes |
| UpdateSummary Summary for each update schedule run. Includes information such as how many updates weren't installed. |
virtualmachines | Enable Update Management | No | Yes |
| VMBoundPort Traffic for open server ports on the monitored machine. |
virtualmachines | VM Insights | No | - |
| VMComputer Inventory data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Azure Monitor Agent. |
virtualmachines | VM Insights | No | - |
| VMConnection Traffic for inbound and outbound connections to and from monitored computers. |
virtualmachines | VM Insights | No | - |
| VMProcess Process data for servers collected by the Service Map and VM insights solutions using the Dependency agent and Azure Monitor Agent. |
virtualmachines | VM Insights | No | - |
| W3CIISLog Internet Information Server (IIS) log on Windows computers using Azure Monitor Agent. |
management, virtualmachines | Collect IIS logs with Azure Monitor Agent | No | Yes |
| WindowsFirewall | security | Enable Azure Monitor Agent in Defender for Cloud | No | - |
[!INCLUDE horz-monitor-ref-activity-log]
The following table lists a few example operations that relate to creating VMs in the activity log. For a complete list of operations, see Microsoft.Compute resource provider operations.
| Operation | Description |
|---|---|
| Microsoft.Compute/virtualMachines/start/action | Starts the virtual machine |
| Microsoft.Compute/virtualMachines/restart/action | Deletes a managed cluster |
| Microsoft.Compute/virtualMachines/write | Creates a new virtual machine or updates an existing one |
| Microsoft.Compute/virtualMachines/deallocate/action | Powers off the virtual machine and releases the compute resources |
| Microsoft.Compute/virtualMachines/extensions/write | Creates a new virtual machine extension or updates an existing one |
| Microsoft.Compute/virtualMachineScaleSets/write | Starts the instances of the virtual machine scale set |
- See Monitor Virtual Machines for a description of monitoring Virtual Machines.
- See Monitor Azure resources with Azure Monitor for details on monitoring Azure resources.