Skip to main content

Azure Monitor - FAQs

 

🔹 Section 1: Basics 

1. What is Azure Monitor?
Azure Monitor is a cloud-native monitoring service that collects, analyzes, and responds to telemetry data (metrics, logs, traces) from Azure resources, apps, and infrastructure. It helps improve performance, reliability, and availability.

2. Why do we need Azure Monitor?
Because it gives end-to-end visibility into applications, infrastructure, and network in one place. It helps detect problems early, troubleshoot quickly, and optimize performance.

3. What types of data does Azure Monitor collect?

  • Metrics (numerical performance data, e.g., CPU %, memory usage)

  • Logs (events, errors, traces)

  • Traces (application diagnostics)

  • Alerts (triggered notifications)

4. What are the main components of Azure Monitor?

  • Metrics Explorer

  • Log Analytics

  • Application Insights

  • Alerts & Action Groups

  • Workbooks & Dashboards

5. What is the difference between Metrics and Logs?

  • Metrics: Lightweight numeric data, near real-time.

  • Logs: Rich, detailed event records, stored for analysis.

6. What is Application Insights?
It’s a feature of Azure Monitor to monitor application performance, detect failures, analyze usage patterns, and improve end-user experience.

7. What is a Log Analytics workspace?
It’s a centralized environment in Azure Monitor where logs are stored and queried using KQL (Kusto Query Language).

8. What is KQL?
KQL (Kusto Query Language) is a query language used in Azure Monitor to analyze logs. It’s read-only and optimized for performance.

9. What is the role of Azure Monitor Agent (AMA)?
AMA collects monitoring data from VMs, scale sets, and Arc-enabled servers and sends it to Azure Monitor.

10. What are Diagnostic Settings in Azure Monitor?
They define where resource logs and metrics should go (Log Analytics, Storage, Event Hub).

11. What are Activity Logs in Azure?
Logs that track operations at the subscription level (who did what and when).

12. What is the difference between Azure Monitor and Azure Advisor?

  • Azure Monitor = Observability (monitoring performance/availability).

  • Azure Advisor = Recommendations for cost, performance, security, and reliability.

13. What is a Workbook in Azure Monitor?
A Workbook is a visualization and reporting tool that combines text, queries, metrics, and charts.

14. What is Container Insights?
A monitoring feature for Azure Kubernetes Service (AKS) that provides pod/container metrics and logs.

15. What’s the difference between Azure Monitor and Azure Sentinel?

  • Azure Monitor = Observability (apps, infra, performance).

  • Sentinel = SIEM (security, threat detection).

🔹 Section 2: Intermediate 

16. How does Azure Monitor collect data?
Telemetry is emitted from resources → sent to Metrics DB (real-time) or Log Analytics (logs). Agents like AMA can also collect OS-level data.

17. What are Action Groups in Azure Monitor?
Reusable notification sets (email, SMS, webhooks, Logic Apps, ITSM) triggered by alerts.

18. What is Smart Detection in Application Insights?
AI-driven feature that automatically detects anomalies in application behavior.

19. How do you set up an alert in Azure Monitor?

  1. Define condition (metric/log).

  2. Set threshold.

  3. Attach Action Group.

  4. Assign scope (resource/subscription).

20. What is the difference between metric alerts and log alerts?

  • Metric Alerts: Triggered in near real-time.

  • Log Alerts: Triggered based on queries in Log Analytics.

21. What is VM Insights?
A monitoring solution in Azure Monitor that provides health, performance, and dependency data for VMs.

22. How can you monitor dependencies in an application?
Use Application Insights dependency tracking to monitor calls to databases, APIs, or external services.

23. What are Usage Analytics in Application Insights?
They show how users interact with the app (user sessions, page views, custom events).

24. What is the difference between Azure Monitor Logs and Azure Activity Logs?

  • Logs = Resource/workload telemetry (deep analysis).

  • Activity Logs = Subscription-level events (who, what, when).

25. How can Azure Monitor integrate with ITSM tools?
Using ITSM Connector or Action Groups (via webhooks/Logic Apps).

26. What are Log Alerts throttling limits?
Azure Monitor enforces rate limits to prevent excessive log queries and alert evaluations.

27. How can you reduce log ingestion cost?

  • Use sampling in Application Insights.

  • Filter diagnostic logs.

  • Set retention policies.

  • Export data to cheaper storage.

28. Can Azure Monitor collect data from non-Azure resources?
Yes, via Azure Arc and Azure Monitor Agent.

29. What is the role of Metrics Explorer?
It helps visualize and analyze metric data across resources.

30. What is the retention period for logs in Azure Monitor?
Default = 30 days (configurable up to 2 years).

🔹 Section 3: Scenario-Based 

31. A VM is running slow – how do you troubleshoot with Azure Monitor?

  • Check metrics (CPU, memory, disk I/O).

  • Review VM Insights performance data.

  • Query logs for errors.

  • Analyze dependency maps for bottlenecks.

32. Your app is facing latency issues. How can Azure Monitor help?

  • Application Insights traces and dependency tracking.

  • Logs to identify slow requests.

  • Alerts for response time thresholds.

33. How do you monitor Azure Kubernetes Service (AKS)?

  • Use Container Insights.

  • Collect pod/container metrics.

  • Enable diagnostic logs from control plane and nodes.

  • Configure alerts for pod restarts or high CPU usage.

34. How do you monitor a multi-region application?

  • Use Application Insights availability tests.

  • Configure synthetic transactions from different locations.

  • Monitor latency and uptime per region.

35. How do you reduce costs when logs are huge?

  • Use log sampling.

  • Store critical logs in Log Analytics.

  • Export less-used logs to Blob Storage.

  • Set shorter retention.

36. How do you create a custom dashboard for a DevOps team?

  • Use Workbooks to combine charts, queries, and metrics.

  • Share dashboards via Azure Portal.

37. How do you monitor SQL Database performance?

  • Enable diagnostic logs.

  • Use Metrics (DTU %, CPU usage, failed connections).

  • Query logs for slow queries.

38. How do you set up proactive monitoring for app failures?

  • Configure Smart Detection.

  • Set up log/metric alerts.

  • Create escalation policies with Action Groups.

39. How do you integrate Azure Monitor with Splunk/Datadog?
Forward data via Event Hub or Diagnostic Settings.

40. How do you monitor microservices architecture?

  • Enable Application Insights with distributed tracing.

  • Monitor dependencies between services.

  • Use Workbooks to visualize end-to-end flow.

41. How do you monitor on-prem VMs with Azure Monitor?

  • Install Azure Monitor Agent (AMA).

  • Connect via Azure Arc.

  • Send logs/metrics to Log Analytics workspace.

42. How do you detect unauthorized login attempts using Azure Monitor?

  • Collect Azure AD sign-in logs.

  • Query suspicious logins in Log Analytics.

  • Trigger alerts for unusual locations or failed attempts.

43. How do you troubleshoot failed deployments using Azure Monitor?

  • Check Activity Logs for errors.

  • Review diagnostic logs of deployment resources.

  • Query log data for failure codes.

44. How do you detect anomalies in application usage?

  • Use Application Insights Smart Detection.

  • Create custom log alerts with anomaly detection.

45. How do you handle alert fatigue?

  • Use dynamic thresholds.

  • Group alerts into action groups.

  • Use suppression rules.

🔹 Section 4: Advanced 

46. What’s the difference between Azure Monitor Agent (AMA) and Log Analytics Agent?

  • AMA = New, unified, multi-homing support.

  • Log Analytics Agent = Legacy, being retired.

47. How does Azure Monitor achieve scalability?
It uses a distributed, cloud-scale ingestion and query engine (Kusto).

48. What are Azure Monitor’s data export options?

  • Event Hub (streaming to 3rd party tools).

  • Storage Account (archival).

  • REST APIs (custom integrations).

49. What is Near Real-Time (NRT) alerting?
Metric alerts in Azure Monitor can trigger within 1 minute for critical monitoring.

50. How do you implement SLA monitoring in Azure Monitor?

  • Use availability tests (ping/web tests).

  • Track uptime % over time.

  • Configure SLA dashboards.

51. Can Azure Monitor predict failures?
Yes, with anomaly detection, machine learning, and Smart Detection.

52. What is the difference between Azure Monitor Metrics Database and Log Analytics Database?

  • Metrics DB = High performance, near real-time numeric data.

  • Log Analytics DB = Large-scale, queryable event/log store.

53. How does Azure Monitor integrate with DevOps pipelines?

  • Export logs for build/deploy validation.

  • Trigger pipeline rollback based on alerts.

  • Use dashboards for release monitoring.

54. What is the maximum retention supported for metrics?
Metrics are kept for 93 days.

55. How do you monitor costs using Azure Monitor?

  • Enable Cost Management data collection.

  • Query usage logs.

  • Create dashboards for cost tracking.

Labels:

Comments

Post a Comment

Popular posts from this blog

AKS Architecture - High-Level Workflow

High-Level AKS Workflow User/DevOps Engineer interaction You use kubectl , Azure CLI, Terraform, or the Azure Portal to submit a request (e.g., deploy a pod, scale replicas, expose a service). The request goes to the Kubernetes API Server (running in the AKS control plane). Control Plane Processing API Server validates the request and stores the desired state in etcd (the cluster database). Scheduler checks for available resources (CPU, memory, taints, affinities) across worker nodes and decides where to place the pod. Controller Manager ensures the cluster continuously matches the desired state. Example: If you ask for 5 replicas but only 3 exist, it will create 2 more. Worker Node Execution The Kubelet on the chosen worker node receives instructions from the API server. Container Runtime (containerd) pulls the required container image (from ACR, Docker Hub, etc.) and runs the container inside a pod . Kube-proxy updates networking rules...
Post a Comment
Read more

AKS Architecture Overview

 AKS is a managed Kubernetes service in Azure where Microsoft manages the control plane and you (the customer) manage the worker nodes and workloads . At a high level, it consists of: Control Plane (Master Components) – managed by Azure. Worker Nodes (Agent Nodes) – managed by you (inside your subscription). Supporting Azure Resources – networking, storage, monitoring, identity, etc. 🔹 1. Control Plane (Managed by Azure) This is the brain of the cluster, hosted and managed by Azure. You don’t pay directly for the control plane; it’s included in the service. Key components: API Server – entry point for kubectl, Azure CLI, and Azure portal requests. etcd – distributed key-value store to keep cluster state (pods, secrets, config, etc.). Scheduler – places pods on the right worker nodes based on resources/constraints. Controller Manager – ensures the desired state matches actual state (e.g., replicas). Cloud Controller Manager – integrates Kub...
Post a Comment
Read more

Top 20 Docker FAQS

  Top 20 Docker Interview FAQs What is Docker, and how is it different from a virtual machine? Explain the architecture of Docker (Client, Daemon, Images, Containers, Registries). What is the difference between a Docker image and a Docker container? How do you create a Docker image? What are best practices for writing a Dockerfile? What is the difference between CMD and ENTRYPOINT in a Dockerfile? What are Docker volumes, and how do they differ from bind mounts? How do you persist data in Docker containers? What is the difference between Docker Compose and Docker Swarm? How does Docker handle networking? Explain different network drivers (bridge, host, overlay). How do you share environment variables and secrets in Docker containers securely? What are multi-stage builds in Docker, and why are they useful? How do you optimize the size of a Docker image? What happens when you run docker run internally? How do you troubleshoot a failing Docke...
Post a Comment
Read more