Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?


Failed to load latest commit information.

Azure Monitor Community


This public repo serves the Azure Monitor community. It contains log queries, workbooks, and alerts, shared to help Azure Monitor users make the most of it.


Queries - copy and paste queries to your Log Analytics environment, or run on the Log Analytics Demo Environment

Workbooks - the workbooks in this repo can be deployed as ARM templates to your Azure Monitor environment

Alerts - the alerts in this repo are log-based, meaning they are in fact log queries. You can run them on the Log Analytics Demo Environment or use them to create and test alerts on your own environment


Anyone can contribute to the repo, you don't need to be a pro. Have an interesting query or workbook? fork this repo, add your content to your fork and submit a pull request. See Contributing for more details.

Top Contributor

The October top contributor is Avatar Bruno Gabrielli (Brunoga-MS). Thanks Bruno!

What's new this month?

Great workbooks were added, such as AntiMalware Assessment and Azure Inventory (based on Azure Resource Graph), as well as a lot of new queries for many Azure services. For more details see our Wiki.

Check out the Azure Inventory workbook (based on Azure Resource Graph)

Azure Inventory with Azure Resource Graph

and the AntiMalware Assessment workbook

Malware Assessment

Top asks

Here are some ideas on what other users are looking for.


File/folder Description
Azure services Queries, workbooks and alerts for specific Azure services
Scenarios Queries, workbooks and alerts to handle common "How to's
Solutions Queries, workbooks and alerts organized by solutions On how to contribute to this repo
LICENSE The license for this repo This README file

We use KQL

The content in this repo uses KQL (Kusto Query Language). To get started with queries see this article.

Need help writing queries?

This repo has many examples that you may want to edit to fit your exact scenario. If you're not sure how to do that - post your question on our community forum.

Have a wish or a question?

Use Issues to call us out on missing content or something else we should improve on, and check out the FAQ page for common questions & answers.


Upon redistribution of this repo, please be respectful of the readers and authors of this documentation, and include a link to the original repo master branch.