Azure Monitoring Overview | V S Varma Rudra Raju | Skillshare
Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
11 Lessons (2h 42m)
    • 1. Introduction to Azure Monitoring & Diagnostic related services

      14:54
    • 2. Introduction to Azure monitor

      14:41
    • 3. Introduction to Activity logs and metrics

      14:24
    • 4. Introduction to Alerts and Autoscale

      8:05
    • 5. Lab demo - Walk-through of Azure monitor and configure an alert

      15:11
    • 6. Introduction to Azure monitor logs

      18:52
    • 7. 7Lab demo - Create and configure log analytics work space

      13:34
    • 8. Lab demo - Configure log search alert and import monitor solutions

      21:42
    • 9. Lab demo - Walk-through of monitoring solutions

      11:26
    • 10. Introduction to Application Insights

      13:38
    • 11. Lab: Walk-through of Application insights features by connecting Azure API App

      15:27
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

23

Students

--

Projects

About This Class

The objective of this class is to introduce you through different building blocks of Azure monitoring and diagnostics solution. This class includes the following lectures and lab demonstrations.

  • Introduction to Azure Monitoring & Diagnostic related services.
  • Introduction to Azure monitor.
  • Introduction to Activity logs and metrics.
  • Introduction to Alerts and Autoscale.
  • Introduction to Lab demo -  Walk-through of Azure monitor and configure an alert.
  • Introduction to Azure monitor logs.
  • Introduction to Lab demo - Create and configure log analytics workspace.
  • Introduction to Lab demo - Configure log search alert and import monitor solutions.
  • Introduction to Lab demo - Walk-through of monitoring solutions.
  • Introduction to Application Insights.
  • Introduction to Lab: Walk-through of Application insights features by connecting Azure API App.

By the end of this class, you should be able to use different tools that are provided in Azure so that you can respond and integrate with some other services in Azure in order to remediate the issues.

Meet Your Teacher

Teacher Profile Image

V S Varma Rudra Raju

TOGAF Certified Enterprise Architect

Teacher

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Your creative journey starts here.

  • Unlimited access to every class
  • Supportive online creative community
  • Learn offline with Skillshare’s app

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

Transcripts

1. Introduction to Azure Monitoring & Diagnostic related services: Hi. Welcome to this lecture. In this lecture, I'm goingto take you through different building blocks off on your monitoring and diagnostics solution. Generally, when you are trying to design and deliver monitoring and diagnostic solution, you tend to focus on fi key areas. Okay, fast money's the data. Sources from where you want to collect the data and second money is a data collection. What type of data you want to collect from data sources? Totally. Where you're going to store the data up? Fort Lee. How you're going to analyze the data in order to Diagne eyes Any issues you identified in the data sources Finally, how you're going to visualize the data and also respond to any incidents and finally, how you're going to integrate your monitoring and diagnostic solution with other solutions . Okay, so these are the freaky areas that you tend to focus when you're delivering monitoring and diagnostic solution, not only in our job, but in any other place. Also okay. And in terms of data sources, generally, they tend to be applications. They can be virtual machines are even the operating system within the virtual machine. Andi, it can be data center infrastructure all those stuff, okay. And in terms off data collected from these data sources, they can be made clicks which are basically aggregated information collected from the data sources. So, for example, for Sunday CPU utilization off watchful machine. That's a classic example off metrics. And the second type of data is activities. You won't understand what kind of activities are being performed on your data sources. So, for example, virtual machine start and stop. Okay, that's one activity and you want to understand when it has happened in case off any shoes sized from the particular virtual machine? Hardly diagnostics information. For example, Window seat went lock. He's a perfect example off diagnostics, information using those even longs you can ableto analyze and also try to find a good cause off any issue that I raised in the particular watchful mission. Okay on in terms of stories, you gently stolen matrix in their own table, and you generally store loss in their own table and you will store any evens for which you need to respond immediately. And you might start some messages and in terms off analyzing, diagnosed generally you want toe deep dive into the information, so for example, you want to filter the information to narrow down a particular virtual machine. Are you want to compare the trends with an ideal trance? So, for example, of application, you say, when you are comparing the trends between one month and another month are one day and another day, then you'll identify any issues on. Also, you can do trend analysis, okay. And the starting generally you do is transformation. In case if you want to visualize the data, then you need to transform the found data that you collected from the application in tow. Understandable information so that you can present it to your users. Okay. And in terms of visual ization, generally you use reports and also you can clear dashboards and finally you can use alerts in orderto alert. Somebody are trigger some action whenever there, particularly shoe, has been identified. Okay, so far, I have explained about monitoring and diagnostic solution in a very genetically. Now, let me put some on your flavor haunt up off this. Okay, So in terms of data sources in azure, they can be on your I s A. B says about your past three cents. For example, clouds are these service from break service bullets and so on. And they can be ordered infrastructure down the links subscriptions, watchful networks and so on. And they can be very applications that are hosted on your bear in mind data. So says need not to be in ***, they can be NATO bs our on premises data centers. Also, as long as you configure them correctly, they can aim it the data and put the data into azure. Okay, So please bear in mind data sources need not to be in a jury. And in terms of data collector, generally are ju will collect metrics which are aggregated information that will explain about different aspects off your audio series. So, for example, availability, performance, and so on, and secondly, active belongs, which are basically contains all the administrative activities that has been performed on. Are you serious? Is okay. Only exception is activity looks will not contain your on your active directory activities . So, for example, if you ended a user into your on your active directory, that will not come into activity. Lungs that will come into all the clothes off on your active directly. Okay, so as far as I know that's the only exception. Rest of all administrative activities will come and do activity locks and the second i p's guest always diagnostics. These are basically even longs performance controls and so on, which will get collector by azure venue enabler diagnostics on the particular argue service . Okay. And finally, using instrumentation package embedded in your application, you can able to collect application logs also in Georgia and in terms of storage, there are number of places where you can store the data collected in a job. One thing is on your monitor. Contour monitor has an underlying data platform. We had this metric information on blocks. Information will get stored, but in case if you want to retain this matrix and activity longs for a larger period. So, for example, one year, two years, then you can use our new storage. And also, if you want oh, configure something like to react to uneven that is happening in your subscription. Then you can feel those even seem to even tub onda configure something like large cap toe get triggered. If I never particularly even entered him to even have okay and finally on your monitor logs Elian. This used to be called us Log Analytics. Now Microsoft changed its name and calling it as on your monitor logs, where you can store all this guest aureus diagnostics, information security center related information. Also own these logs information which you want to retain for a longer period off pain. And also you want O M allies and bag noise by finding some search queries than the right approach is to use. Aren't Euromonitor locks okay? And in terms off analyzing diagnosed Firstly, you can use on your monitor for every resource. Aren't your monitor provides some charts. Okay. Using those charts, you will be able to view the matrix, and also you can able to view information stolen activity locks. Also, either you can view them centrally are going into each individual resource. Okay? And for complex analysis, you can use on your monitor logs on your monitor. Longs has its swollen quite a long ways using being you can ableto deep that even to the logs when you are trying to find a group cause off a particular issue. Okay, In the subsequent labs and lectures, I'm going to explain in detail aboard. What is this under monitor loss. Aunt. How you can say it's the data beaten locks using locks. Itch Okay, on the hard one you can use in order, dental is and diagnoses application inserts. This is specifically designed with Bob Application in mine. OK, so using application in science, you can ableto view the uses trends which pays off. Your Obama is more popular, and also you can able to see the page performance hitched to DPR girls and so on. So application insights are very, very useful. Tool. We have a dedicated lecture and lab where I'm going to take you through in bit more detail about application insights on the final Money's Security center Security Center is very, very critical when it comes to analyzing the security portion off your solution. In the previous section of this course, I on your security section off this course, I only taken you through in detail off our new security send up. I'm finally in terms off visualizing, responding and integrating you can use on your monitoring solutions. These are basically ready made solutions. Using page, you can monitor a particular focus Ayla So, for example, you have activity log narratives, using which you can ableto view that the lungs from a different viewpoints. Okay, Similarly, you have profit analytics on also security and complaints. So there are a lot off your monitoring solutions which I'm going to take you through in the subsequent labs and lectures. And the second thing is on true dashboard. You can design audio dashboard on Do you can ableto being different metrics on talk a friend dashboard. I'm finally in terms off responding. You can use alerts in order to send emails are a summers are trickle logic up also with alert meta data and also most importantly, include computing. The biggest advantages is auto scaling. Soto do auto scaling. You should monitor the performance, our lord on your workload within larger If the Lord is increasing, then you can spin off an additional virtual machine in your watcher missions came set using auto scale. So that is one of the very important elements off monitoring and diagnostic solution on a job. Okay, so these are under on your service says that arm apatow, each competent are stays off monitoring and diagnostics solution, and you use own these focus areas toe design, a monitoring solution that focus on a particular aspect off on your infrastructure. Okay, so let me take you through different areas off monitoring. Also. Firstly, you will do health monitoring because you want to understand, wants the health off, Jules. And also how it will impact your work clothes. So, for example, let's say our Juries down in not euro ons, you might have some infrastructure located in North Europe. In the case, you need to take a quick action in order promoted beyond within vast Europe. Okay, so the health monitoring is very important. You can able to configure email ideas on trigger SMS or emails tow system Administrator. By now, it s service health issue is identified by Microsoft and secondly, availability monitoring this particular one will focus on Bitten data center. So return data center. If you have 45 machines in a watchful machine skill set, then let's say if one thing is done, then you want to monitor and make sure the Lord balance Aries routing the traffic to other machines. Okay, Most of the time, it is automatically done, but you want to understand how many times it is happening and take appropriate preventive measures. Hardly. You need to do performance monitoring. What is your watchful mission performance? The application performance? Is there any issues in terms off Second piece off cold within your job application on so on . Okay. And also, one aspect of performance monitoring is on auto scaling. If the performance off your application is going down because off increasing Lord, then you want to spin off additional virtual machines, isn't it okay on fourth money security monitoring you will lose security center most of the time in order to monitor the security off your work lowers in Azure on the fifth Tony's Celje monitoring six twenties or anything, particularly for only thing. You will use activity logs for our new subscription on on drugs for your active directory, both off them. I will explain in detail in the upcoming labs and religious, and finally, you will track uses off your resources within azure, and also you'll drag any issues identified on take remedial actions. So this is a snapshot off on June monitoring and diagnostic solution. In the upcoming labs and lectures. I will pick each one off them, for example, on your monitor on your monitor logs, and I'll try to explain what kind of data will get collected for them with the other data will be stored. How you can analyze and Diagne eyes using these tools in your how you can respond An integrated with some other services in azure in order to remedy a day issues. Okay, it is going to be a very, very interesting journey. So join me in the next lecture, which is all aboard on your monitor. 2. Introduction to Azure monitor: Hi. Welcome to this lecture. In this lecture, I'm goingto provide you an introduction toe on your monitor and its capabilities on your monitor, Maximus, is the availability and performance off your applications by delivering a comprehensive solution for collecting, analyzing and acting on to limit Lee from your cloud as well as on promises in your own words. So basically, on your monitor is a central tool for monitoring everything in our George. You name any of you serve us and it will be monitored by on your monitor. Okay, so let me take you through capabilities off your monitor in a structured manner. First a phoner. Data sources for your monitor data source can be an application host to don't assure our application. That is conficker toe a mid data in toward your monitor. Okay, so the application can be hosted on a juror are it can be hosted some burials as long as it is configured. Toe came it. Data in 200 monitor at your monitor will start collecting the data. OK. And secondly, operating system, This will be a guest. Oh, yes. On the watchful machine, that particular virtual machine can be Module Veum, our aws, easy to on your own. Promotes watchful manship. Okay. And the tar data source is on jewelry sources. They can be logic caps, service, bus and swore on the fourth monies, are your subscription any administrative activities happening in a subscription level? Our only source is another subscription will be collected by all your monitor and at the highest level are your monitor will collect the logs at the training level also. Okay. And in addition to all these things, you can have customs or says, for example, applications hosted on your love years. You can configure them in such a way it will limit the data into our Euromonitor. Okay, so you can see how many sources from here until the morning together will collect the date up. And in terms of the type off the data collector, I will take you through in detail in the next life. But predominantly the type of data collected from these resources. You can divide into two parts for sleep matrix, and the 2nd 1 is lost. So all the data that is collected from these sources will be stolen. A metal table are lock stable on once the data is stolen those tables. They need to be further process, doesn't it? So they need to be analyzed. They need to be visualized on. You should be able to get some insights into this matrix and logs and you should be able to respond to anomalies. And you should be able to integrate your monitoring solution with some other solutions. So, for example, you won't talked with the larger camp in order to be there. Incident occurred in some is not Okay, So let's go toe some of the key capabilities off your monitor in these respective areas. Firstly, analyze in, analyze you have metrics and log analytics every on your resource. Wilhelm. It looks associated with it and you can access matrix using larger Porter. There are two ways you can access. Either you can view it centrally using our Euromonitor. You know, your porter are you can goto individual resource and view metrics related to that individual resource using of your put that okay and intention to both off these methods. You have rest a PS exposed using wage. You can call me some metrics information and in comes off locks. You have log analytics workspace where you can store the logs. Analyze the logs using long cyst queries. I will explain in detail of all this Log Analytics in its dedicated lecture and lab administration and in terms of visualization of the data are your monitor has a capability called dashboards views and also you can use power bi A in order to view and present the data, and you can use workbooks Basically using our reporter, you can ableto design some dashboards and bean different Charles off the Matrix to the dashboard. So that's one way. Secondly, written log analytics workspace. You can ableto configure different views and club those views into dashboard. Okay, And there is another capability called World Book. The Beauty of Love Bookies. You can amber a quarry window within the World Book, so basically, you can ableto query the internal data as well as present. The data in a nice dashboard within about book okay and in palms off in sires on your monitor has a capability called application insights, which is specifically targeted towards with the applications behind a dedicated lab in lecture on application insights and similar the application insides for containers, there is a container monitoring solution and also for virtual machine. There is a dedicated solution, and there are several other monitoring solutions. Vich you can import into your log analytics workspace. Okay, Each of these monitoring solutions targeted a particular area. So, for example, if you want to monitor your just ways system of this so any critical security catchers are any other things if you want to monitor them, then you can use a great management monitoring solution. I show you in one of the upcoming labs how you can import, monitor and solutions into Log Analytics book space and view the same, and in terms off respond on your monitor has to capabilities. One is alert, and the 2nd 1 is auto scale. There are different types off alerts that are available. You have making based a load and also log such a load activity longer. Lord, on these alerts, you can configure within on your monitor and when the other conditions are met, then you can treat us Amir's send an email on even to get a logical and similarly but a particular condition is met. Then you can trigger auto skip. So, for example, if the CPU utilization is granted than 90% then you might want to spin off another watchful mission. Okay? And finally, in terms off integrated, you can integrate geologic camps and the A P s it off. Your monitor basically want you do is you will configure in a load on beating that alert. One of the actions is triggering the logic cap on 8 p.m. And when this logic cap or a PM piss triggered the alert scheme on will be possible. That and you can forces that schemer between the logic hap on trigger something. So, for example, creation of a ticket in service now. Okay, so these are all the different capabilities off at your monitor. Next thing I would like to take you through in bit more detail on what? What kind of data is collected by on your monitor? Okay, So in terms of data sources, I already explained to you on your more literal Colin data from tenant subscription Resource is guest Hoyas application, and you can convert custom sources also. Okay, so no, in terms off paper data clippard from all these data sources with respect to opinion, it will collect the data from active territory. Are you Are you acted erratically. So what kind of do w could collector It will colored on the clocks and signing logs. Basically, audit longs with contain every activity that is performed within your on your active directory. It can be adding a user are changing some group settings. Anything will get logged into our your active, directly ordered gloves. And there is something else called Sign in Logs that signing logs will condemn all user signs into your on your active directory. Okay, and when it comes to subscription data source, there are two types off day target collector. One is service health information, and a little one is activity logs. These activity longs will contain all that. Do it is that performed at a subscription of it are even on the resource level within their subscription. So starting and stopping a virtual machine changing some settings real. It'll be a service bus and so on. And in terms of resource data source are your monitor will collect two kinds of data. One is matrix. Megaplexes basically riveted the confirmation, for example, CPU utilization from story that can prospective how much capacity consumed and sore, and also you can enable diagnostics on a particular jury source. And from that moment onwards of Euromonitor, longs will start collecting diagnostics locks also. So basically, you can collab windows, even log performers control sys log and so on. Okay. And in terms of gas stories, data source, you can call it number off things you can install diagnostic extension by what you often storing it. It will collect all the diagnostic related information from Gast aureus. Similarly, you can install long analytics agent on a particular watchful mission. That watchful machine need no Toby in AJ, You're OK. They can be in onto my CWS are some other cloud provider. Okay, as long as you install that log analytics Egion on the particular virtual mission, then this agent will collect the data on push the daytime do on your monitor locks. Okay. And in addition to that, you can start dependency agent also, which will collect information related to dependency on external process, our internal processes dependency and so on. Okay. And in terms off application data source, you can go two things. Firstly, you can member instrumentation package within your application. By doing that, your application will start emitting the data into on your application insights, which is a capability off on your monitor. Okay, So particularly, this instrumentation package is very useful when you are working with Bob applications. Okay. And Michael's half continuously monitor your web applications up time and carry out and, well, ability. Does the results of that available get us? Also, you can view using on your application insights. Okay? And you can configure it. Some custom sources in orderto emit their data into on your monitor. So basically, custom source can be an application. Are can be anything where you have conficker instrumentation packets off your okay. So you can see here how different types of data from different data sources collector and present it to you using on your monitors. Different capabilities. I hope. Now you can appreciate the capabilities off your monitor from different dimensions. Okay. And once on the details collector, they don't needs to be stored somewhere or something. So predominantly, there are four places. Were the data bigger store by default for matrix activity, longs and everything. The data will get started on your monitor. Okay. On your monitor has its own underling data platform. Very constructed. Medics and locks. In addition to that if you want to store the data for a longer period of time, then you can use on your stories hardly in case. If you want to go deep, dive into the logs information and also develop your own visualization solutions. Then you can store the data log Analytics books based and do analysis. You know, providing the fire root causes offsetting issues. Our present the data in your own customized views. Okay, and finally, in guess some of these activities metrics or evens. You want to respond to them immediately. Then you can stream those logs. Make legs are something else into even home on trigger some logic cap when a particular condition is met with even data. Okay, so that's it for this lecture. In this lecture I have taken you Drew on your monitor capabilities and also different types of data. So says different time self data collector understory serious. In the next lecture, I will take you through in great detail about at 30 lakhs and my clicks. So if you have some time to join me, the next lecture 3. Introduction to Activity logs and metrics: Hi. Welcome to this lecture. In this lecture, I'm going to provide you an introduction toe on your monitor activity logs and metrics. Before I start explaining aboard activity loss, let me take you through different kinds off Long's that are available in a Jew. 1st 1 he's obviously activity longs, which I will take you through in a second. Second Money's diagnostic logs. These logs contains information emitted by guest. Always So, for example, in those even logs performance. Kondo's I'm so on. Okay, on Unit two specifically enable this diagnostic loss on when you enable them. You have an opportunity to fear that locks in peer stories account are even. Top are. You can rule that. Log information India Log Analytics workspace, toe do further troubleshooting Okay, on the third kind off losses application logs, you can enable application logs on the applications, our mobile applications and get that long information into application insights on do. You can use the rich visualization capability off application insights in order to troubleshoot the shoes and also gain insights into the performance. There are a lot of things you can do. Oh, using application insights, which I will take you through in the appropriate lectures and labs. Okay, so three kinds off lawns 1st 1 is activity long. 2nd 1 is diagnostic. Undermine his application. Now let's goto This activity longs in lot more detail are your activity. Long is a subscription law that promotes inside in tow subscription level events that have occurred in our job. This includes a range of data from a new resource manager. Operational data to updates on service healthy events basically on your activity logs contains lords off information. Anything that user do using azure portal are partial R C L I. R s tape. Yes, as long as that activity is going through. Ah Jewell, resource Manager That particular activity information will get long in activity logs. In addition to that information, there are different kinds of information that will get loved into activity loss. So let me take you through different record categories that will get logged into activity. Logs foster fundamental money's administrative category. This category contains the record off. All create update believed and action operations performer through Resource Manager has a Sedalia. Anything you do through resource manager will get logged. For example, it can be a role assignment. You provided a contributor role. Play a virtual machine. Let's say that we'll get logged into activity lock. You start and stop the virtual machine that will get logged into activity lock so you can imagine anything you do will get longer and o activity log. And the next thing is sad reason. Resource healthy events. This category contains that it called off any service health incidents and resource health events. So, for example, let's say, are your secret databases not performing properly in not Europe region? That particular even will get logged into art. Your activity log and you can define alerts based on it and get notified to yourself. Okay, on the Torben is alerts. Basically, you can create different kinds off alerts such as metallic alerts, law Gillers, activity log alerts, Onda Vanover and allergies. Trigger that particular instance. Off alert will get long and go on your activity log. Okay, I know you might be thinking about What is this? A lot is all aboard. Bear with me in the next lecture. I'm going to explain that in the day on the next record categories. Auto scale. This category contains that accord off any events related to the operation of the auto scale engine based on any auto scale settings you have defined in your subscription. So let's say you have a watchful machine, Scale said. With three observers, you can clear the auto scale sitting in such a way. If the CPU utilization off those servers is beyond 80% then you want to spin off another post service, Let's say kind of the number that although skills sitting got triggered on additional two servers are deployed and then we will get recorded into activity law. OK, and the next thing is that a commendations on security. This category is very much focused on security. It will contain all the recommendation events from all your advisor on recourse off any security alerts from Security Center. I'm going to take you through this in detail in the security center, lectures and labs. I'm finally policy. When you define a policy Onda play that policy and a management group our subscription, our resource group level, then all it will happen regularly and venom A that what had happened that particularly even ordered execution again will get logged into activity log. Okay, now you can see how much different kinds off information that will get logged into activity law. How? What? You might have one question in your mind. Okay? I have all this information now. What can I do with it? Let me explain what exactly you can do with all this information in activity logs using activity. Long's first of all, you can create alerts. So let's say, for example, a role assignment happened on a critical resource within a Jew, you can define an alert. So basically, whenever a role assignment happen, you can configure the alert in such a way to send an email to the owner of that particularly source are triggered of a book. Okay, that's the first thing. And the second thing is, you can feel this activity long into on your monitor locks. This is the new town, By the way, on your monitor, Longs is nothing but a log analytics. And you can feed all the activity log information into log analytics workspace and you can install activity log analytics management solution on top. Off it on, you can start deep diving into activity lock information, OK, on the thorn thing you can do is even, huh Basically, whenever in even is recorded in activity law. You can feel that information and do even help. And if you want to visualize the data on a dollop, custom reports, then you can feel the activity log information into power bi a on start defining your own reports and dashboards. Similarly, you can push the activity lot information into our new stories. Also on if you want to explore the data written activity long, there are set off tools that you can use, which is on your portal for Russia are a Stabia. Okay, these are all the things you can do using activity law in the next lab. I'll show you how out of your activity loss using a reporter and also we're going to define an alert based on a rule assignment happened be a particular resource. Okay, it's going to be interesting. But before we go to that lamp, let me cover Matrix also, and in the next lecture I'll cover alerts and then I probably lab demonstration. Okay, so this is all about activity Long. Let's go through matrix in detail, medics all the numerical values that describes some aspect off the system at a particular time. Matrix are collected every glint of us and are useful for alerting because they can be sample frequently. Andan alert can be fired quickly with literally simple logic. So matrix are specific to the resource. By the way, for example, if you have a virtual machine you have made it takes something like memory in and out CPU utilization person to CPU. All those stuff. OK, But when it comes to database, if you look at our your secret out of this, then you have give you consumption. I saw on when you come toe or do stories you home. It takes like capacity and so on. So, based on the resource, that kind of metals that are available will differ on most importantly, you to remember these metrics on numerical values. Most of the time they are aggregated information. You can't keep dying in tow metrics information. Okay, you can only can see at the statistical basis or aggregated basis on take actions based on it. So, for example, if the CPI organization is greater than 80 person, then send an alert to support person our automated also So, for example, spinoff an additional virtual machine. Okay, so there are number of things that you can do. So let's go through these things one by one. Falsely, you can analyze and visualize metrics. In order to do that, you can use metrics exploder to analyse collected metrics on a chart and compare medics from different resources. Basically, you can define charts using different metrics on been them toe dashboard and start comparing them. Okay, and the second thing you can do is alert. You can confident in particular tool they're sending notification are takes an automated action when the medic value process it special. I already told you an example. If the person does CPU is greater than 80 person, either you can Segni Male are spinoff. An additional virtual machine on the starting is automated. I'm not going to repeat. I already explained that four twenties export. You can root metrics to longs to analyze the data in on your monitor metrics together with their data in a juror so you can feed this metrics information pool log analytics workspace At the same time, you can feed diagnostic longs also so you can combine all of these things together. Toe get really inside on Also, these are extremely useful when you're troubleshooting, nature's okay. And finally you can retreat. Admitted values using different wills Whether it is on your portal are poor. Shell are less stabilize. Okay, Now you have different types of metals that are available. Some medics are generated it. Infrastructure level on summitry. Sergeant. Ended at the platform level on so on. So let me take you through this metric sources. 1st 1 is platform metrics. Platform metrics are created. Pay on your resources and give you visibility into their health and performance platform. A Clegg's are collected from jewelry sources at one minute frequency unless specified on the rest in the middle definition. So if you want an example stolen account capacity is a platform metric because it is a platform level. Also, when you look at on your sequel databases DPU consumption, it's a platform level metric. Okay, so those are the example. So platform metrics. But if you have I asked her visa signature, you will get guest ways. Metrics. Also, they are basically collected from the guest operating system off a watchful machine. So percent a CPU utilization off a virtual machine is a classic example for guests, always metric and the town type of metric is application metrics. They are created by application insights for your monitored applications and help you politic Performance issues and track transcend how your application is being used. So if you enable application insights on your job application, then this matrix will get collected from your application on Friday into application insights and using the rich pool set off application inserts. You can be dire and troubleshoot any performance issues and also analyze uses trans off your application by users and in in Shinto, all these things you can define your own custom metrics, also, in addition to standard metrics that are automatically available. Okay, so this is all about metrics. So that's it for this lecture. In this lecture I have taken you through activity longs different record pipes that are available e not to DeLong's on what you can do using activity loss, and I also touched upon make clicks what you can do on different sources off metrics. In the next lecture, I'm going to discuss about alerts, and in the next two next lecture, I'm going to provide a lab demonstration on how to human tricks and also hold of your activity loss and finally, how confident alert based on a roll assignment activity. Okay, so it's going to be interesting if you have some time, join me in the next lecture. 4. Introduction to Alerts and Autoscale: Hi. Welcome to this lecture. In this like share, I'm going to promote you and in production trailers and auto scale. These two are very important capabilities off your monitor. So let's go through them in detail before I start taking you through alerts capability. Let me explain why we need alerts in the first place. In a real world scenario, generally, customers will have tens off services running on a jury so you can have hundreds of virtual machines. You can have hundreds off. Absolutely, says Sotheby's buzz logic caps and so on. And only the service says needs to be monitored 24 73 65 days based on their criticality. So you have two options. Either you can put a lot off resources to continuously monitor the matrix are you can configure something in azure, which will alert you when something is going wrong. So between these two options, obviously many customers we go with second option. That means conflating something in a Jew in order to alert you when something is going wrong. That's where exactly this alerts capability fits. Indo alerts proactively notify you when important conditions are found in your monitoring. Dig up they know you pointing to fight and there does issues before users off your system Notice them. So, basically, in stuff, having number off resource is continuously monitoring you are, sir Visa Signature. You can configure these alerts on defined them in such a way you'll get notified. For example, let's say, whenever CPU person days in the watchful missions going beyond 90% our whenever the stories capacity is about to be exceeded, you can put conditions like that beating alerts on get notified so you can get in assemblers. You can get any email. Oh, you can trigger the logic cap from their Lord and cleared incident into service. Know, for example. Okay, so what is this alert actually constitute off fasting is alert rule. They let rule captures the target and criteria for cycling. The alert rule can be in a neighbor state, are disabled state alerts. We get only fired when a neighbor so a lot of jewelry consists off footings. First, when his target targeting time well conserved. Two things target resource. We should defines the scope and signals available for alerting so a target can be any or jewelry source. For example, a jewel watchful machine and your passerbys service Bascue. So basically it can be any of your service. And the second thing you need to select his signals bitch signals you want to consider for matching the condition. So, for example, which may click, it can be CPU position our memory utilization in case of watchful machine and similarly que sais in service bascue or something else with the logic cap ex cetera. So basically, you will define a target which consists of two things. Target, resource and signal. And the second part off a literalist criteria criteria is basically a condition to match. So, for example, if CPU utilization is gathered all 90% that's one condition. Secondly, if the stories capacity is 90% utilized, that's one condition. Okay, on Vancouver, that condition is met. You want to perform in action? These actions are grouped under action group. Okay, so basically an electric you can suffer a little which can soft target with source signal and condition. And once the criteria is met, you can take number of factions. All these actions are group dinner action group. Okay, so this is all about alert and the next important capabilities Auto scale. Let me take you through that auto scale. Enable suit of dynamically allocated or remove resources based on the Lord on the Services . You can specify the maximum and minimum number of instances toward her and on our remove Ian's based on a set of rules within the range. So this is one very, very important capability that you should consider when you're migrating your workloads from compromise to endure. Okay, because the most important benefit when moving to the cloud, ease close elasticity so installed having on the work floors matching with the peak load, you can have work lords with computer polar at an average level on the number the lure is increasing. You can increase the compute power in reacting to the Lord and also decrease the computer over as soon as the Lord decreases. That's the beauty of cloud computing, so you don't need to pass chase your computer forward to match your peak lore, okay, And in order to implement auto scale, you can implement in two ways. Firstly, you can consider really source metric trigger auto scaling. Basically, if the percentage CPU utilization is greater than 90% in a watchful mission scale said. Then you want to start adding additional virtual machine into their skill set. Similarly, let's say your website will receive lots off sales orders during the data and during the night time you get very minimal orders. In that case, you can schedule this auto scale based on the time so basically from morning to evening eight oclock you want to have 100 virtual machines, but from evening 80 clock morning it a plug. You can have only 20 because the Lord during that time is consistently less okay, These two things you can consider on you can define a rule. A rule, basically is if the CPU person this is gravel, 90% are time basic rule, as explained earlier. And once the rule matches, you can perform number of factions. It can be either adding or deleting much permissions based on the Lord on. You can send an email to an administrative whenever DeSanto scale has happened. Are you can trigger the book? Also, basically, report will be very much useful if you want to do some customized actions because the book an intern trigger number off other things. Okay, those can be functions logic, cap are thought party Abia. Okay, so auto scary is a very, very important capability. I know it's not very security related thing, but it will make sure you are very highly available. And most optimize of solution in accordance to the Lord that is on your solution. Okay, so that's it for this lecture. In this lecture, I have discussed double poor important capabilities off at your monitor first monies and loads. And the 2nd 1 is auto scale. Next lecture is a lab where I'm going to take you to Matrix activity logs. And also, I'll show you how to create an activity log alert. In such a way you will be notified whenever a role assignment happened on a particular watchful machine. Okay, so it's going to be a very interesting lab. If we have some time, join me in the next land 5. Lab demo - Walk-through of Azure monitor and configure an alert: Hi. Welcome to the slab in this lab. I'm going to show you how to view matrix activity logs using larger monitor and also how to configure activity. Log alert using at your monitor. By the way, there are three kinds off loads. One is activity longer load. 2nd 1 is metric alert. And the tall when his long search alert in this lab I'm going to show you hope to conficker activity log alert. But in the subsequent labs, I'm going to cover locks a chiller. Okay, Medical. It is very easy, which you can try on your own. So first of all, let me start with Matrix in orderto human tricks. You can go in Dodger Porter on they don't. Two days. You can you metrics. Either you can view resource prospect matrix by going to a particular resource. For example, just machine here. If you come down you can you Some of the metric information, for example, CPU average neck for total and so on. This is where you will view resource Pacific metrics. OK, but if you want to view metric centrally in one place, then you can use on your monitor. Okay, So click on matrix fasting you need to do in order to view matrix is to select a resource. So click on Select a Resource Celik subscription, which is our jewel trainings on. I'm going to sell it minder test Argie. Okay. And you can see I have number off resources in that monitor. Just hardy Resource Group. Now I'm going to select test mission, which is a watchful machine. Okay, apply on die. Have different kinds of metal extent are available. Okay. So CPU credits can zoom reminding on if you come down here, you can view Discreet and wives network, and they should be something called person to CPU. Let's sell it this on. You can have different types off aggregations. Either you can view average count minimum max. Some exeter. Okay. And another thing you can do is to define the time duration also. So here we are displaying last one before I was trade. But if you sell it last active in years and a play so you can view the CPU person these over the last 20 minutes. Okay. And you might have noticed the title of the chart automatically changed to metric name, but if you want to customize. You can customize this. So, for example, just a machine Have this person to Cebu. Ok, Similarly, you can keep on adding new charts on being this toe dashboard also. So if you could come here being to current dashboard, it got been on. If you want to configure alerts, you can click on here and configure a lot. Okay, So let me show you the dashboard Here. You can see that chart got attached on the dashboard on. In case if you want to design a new dashboard and and touch all these charts as times, then you can click on here and start defining new dashboard. Okay, so let's go to monitor again. On the second thing is activity log. As I said in the P lecture activity, Long is very, very important because here you can see all the administrative activities that has been carried out by your users on our jury sources. In addition to that, you can even see security alerts OD its recommendations on and so on. Okay, so you can see a lot of information basically on in case if you want to export this to even help our stories account although here it is mentioned as export even help. But if you click on it, you can export the stories account also And you condone Noda CSP are if you want to feed on this information in tow on your monitor logs I e In other words, log analytics. Then you can click on here. Andi, if you want to be in the current field us than you can pin aid and so on. Okay, So faster Fall. We need toe. Identify Satan activities related to our watchful mission likes it. Okay, I'm having subscription here. Now I'm going to add for the filters, so click on it. Here, sell it the resource Look. But if you want to select resource our resource type or operation, you can sell it so many things. But select a resource group on monitored astrology And then I'm going to add further filter here because I want to meet you don't owe particular resource. Isn't that so? Click on it. Here. Here. Resource type via on board compute watchful machine. Microsoft compute! That's what I want, Okay? And then you can add further filter and see who initiated a particular operation off. What operation you want of you. Okay, so there is no end to this. You can drill down to a particular resource on a particular resource time, etcetera. OK, so I'm going to delete this. And here resource is all resources light. So I'm going to select a particular resource, which is test mission. Okay, so this is how you can do laundry, particularly source. No. What I'm going to do is I'm going to pin this current filters and I'm going to give a name . Destine machine. Do these click on. OK. And if you close this down here, you can see test emission activities. Now, let me go into a watchful machine, click on it, and then I'm going to start this watchful mission. I just want to show you how you can view this stopping activity. Written activity law? No. My watchful machine has been successfully start. So going to the dashboard and click on this. Now you can see Bielik it watchful machine that got initiated and accepted also. Okay, So this is how you can viewed activities related to each resource, whatever that activity might be. As long as they're using on your resource manager in order to carry out that activity. Then that activity we will get logged into activity lock. Now, the next thing we want to do is tow confident alert in such a way. Whenever there is any role assignment happen on the particular watchful machine, you want to get alerted. Okay, let's say that's as an example. So go to monitor Goto allures here you can configure new allures man is existing alerts. And also there is something called classic alerts. Not all the functionality of classic killers has been migrated into new alerts. For example, activity log alerts. It is still in classic alert. I tried to configure using new Ehlers, but it hasn't worked, So I'm going to use classic alerts. But by the time you're taking this lecture, it might work that duty log alerts might get migrated into new alerts model and it might work also. Okay, who knows? So first of all, let me configure an alert. So click on you. Classical lords on activity Log alert. Onda, I'm going to give a name as Alaa assignments Alerts Okay. On subscription is our trainings resource group. I'm going to select the Times Monitor Test RG! And in terms, off even category role assignments comes under administrative, even category. Okay, so we need to select administrator the moment your selected mistreat. Oh, this screen is going toe hang for some time, Believe me is going to happen for you also. Just give it a few seconds on all these things will go away on. You'll get resource name resource group on all those stuff. So I'm going to pass this for a few seconds. See, you might know notice this weapon is using significant memory because it's trying to load a lot of things into drop downs. But anyway, I'm going to leave everything as it is. Okay? The thing that I'm interested is operation name again. This is a huge drop down list, so it's going to stuck for some time, so I'm going to give foot. Okay, this came up. Now I'm going to type in a rule assignment. Okay, Which will be create role assignment is what we are interested in. Okay, Click on it. I'm then sorry. I might want to confine this to monitor to star Jim. Okay. He says type is all the source groupies monitor test. Archie on the operation name is create full assignment. Okay? I don't mind. Who is initiated. Watched the liabilities. All those stuff on. The second thing you need to do is to create an action group whenever an injury off create full assignment. God created with interactive. The long you want to send alert to somebody, Let's say Okay, so I'm going to call this action group. Name is security. It means, let's say okay on the same thing goes for the short name. Also on the first action I want to do is to asem us. Okay, Action type female. Click on it. Here on I'm going to select my country Called again. You can send multiple things at the same time. You can send email by specifying an email idea. Oh, you can send email to all the users in a particular group. So if you're selling this, you can send your toe owner contributor on those stuff. Okay, On the tarting is a Samos four thing is on Jura push notifications. I'm not sure whether you in startled Europe or not. It's a very nice app that you can install in iPhone or Android, to which a push notification will be sent make sure you're logging in with the same of your I d that you're configuring here. And if you want to have a y school, also, you can configure it here. But in this case, I'm sending a summons to my own mobile. I d Okay, so that's it. Let's click on. OK, what's day, Sarah? Okay, lets result out. Okay, that goat resort on. I'm going to press okay in order to configure this alert. So the object of behind showing this to you is particularly with respect to security. If you want to monitor citizens security related administrative activities and want to get a loaded whenever that actively is performed, then you can configure activity log Alers. So that's the reason I want to show you this. Okay, so let's close this on corn alerts again. You should see one alert here. Okay on. I'm going to do a rule assignment now toe one off the resources within that resource group . Okay? And as soon as I done the role assignment, you should hear it, ping, because I put my mobile not in silence. More ideally should here being some. Okay, so let's go toe watchful machine, click on the virtual machine and click on access Control. Pick on our Advil assignment on sell it contributor here with type in more here. I can I'm going to provide access to this user. Contributed access. Okay, as soon as this rule assignment is completed. Ideally, we should get a message, Basically an SMS to my phone. Okay, so let's go, Dodger, monitor the role assignment has been applied. Let's see whether this a lot got regard or not. Otherwise, I might know the reason because we just can't figure this alert. It might be taking sometimes. I'm not sure, Sure, because I really should have got fine, but it is not showing here, So let me do one thing. I'm going toe punts This. Oh, I got that message. You might have heard this. So there, some months I got is security fired. Guard Euromonitor Alert Roll assignment. The loads on test machine. There you go. So this is how you can configure activity. Lobular it's related to security on Did send us a message to your security administrator by never a critical security activity has been carried out. Okay, so that's it for this lab in this lab. I have shown you how to view matrix and activity, longs using on your monitor and also have shown you hope to configure activity log alerts. Okay, in the next lecture, I'm going to take you through on your monitor logs. I, in other words, log analytics. It's going to be a very interesting Well, so if you have some time, join me in the next lecture. 6. Introduction to Azure monitor logs: Hi. Welcome to this lecture. In this lecture, I'm going to provide you an introduction to our your monitor Logs in the earlier labs and lectures have taken you through on your monitor metrics and activity lungs. They are really important in terms off carrying out basic monitoring. How? Well, if you want to do a deep dive analysis in orderto diagnosed set any issues in the case, for example, in terms of virtual machine, you need to look into the information off. Even longs Performance counter system longs, etcetera. OK, so the basic metric information will not be sufficient. And when it comes to activity locks also using or your monitor, you can able to look into the activity lance. But you will not be able to visualize them from different viewpoints. Okay, if you want. Oh, do both of the activities I e. Deep Dave analysis. In order to diagnose that because of some of the issues and also at the same time, visualize the data from different viewpoints in depth, Then you can go for on your monitor logs. It's a long data platform that collapse activity longs and diagnostic longs along with the other monitoring data to provide deep analysis across your entire set off resources. Bear in mind, these resources need not to be in a jure. They can be known for myself data center on AWS or azure. The logs in on your monitor contains different kinds of data organized into records with a different set of properties for each type in that coming lab, I'm going to show this to you different record types such as Let's Say, events which will store be knows, even log related information, and you can help performance condos and so on. And as the Sedalia, these logs really differ from make the data in the the very in their structure and are often not collected at regular intervals. One important thing that you need to remember is in terms off your monitor loss log information will be emitted by the target resource and updated into workspace. It's not underwear on. So basically, once you enable Log Analytics agent on a particular resource, that resource will push the information into Log analytics workspace, and it can feel the information into multiple organ Olympics workspaces also. Okay, keep that in mind, by the way, when I'm mentioning Log Analytics It's unholy. Name off on your monitor locks, okay? And in palms off any monitoring solution, you generally have four steps for Stone is collecting the data from different sources into monitoring solution. On the 2nd 1 He is storing that data somewhere securely. Talabani's able to analyze the data on the 4th 1 is able to visualize the data. Okay, those are the four key steps. So from Log Analytics perspective, sorry on your monitor logs perspective. Let me show you what kind of logs that you can collect in terms of data collection you can collect activity longs along with service health information. That is one very important information that you'll always collecting to lock analytics walks piers, and you can use monitoring solution such as activity log analytics on top of it to get a deeper insight into activities being carried out on your or do resources. OK, so that's one key information that will be fed in tow on your monitor locks, workspace and the second money's matrix and diagnostic lungs that is coming from our jury. Sources on the torment is just operating system. Compute resources in azure are in other clouds and on to my says have a guest operating system to monitor. With the installation off one or more agents, you can gather telemetry from the guest into the same monitoring rules as those who services stem cells. So in other Moors you can feel the information from your guest operating system, such as Windows, even longs, performance controls and so on. And even you can feel application logs also. But I will discuss that in another lecture so you can feed different kinds of information that is emitted by guest operating system into Log analytics workspace. Okay, And in terms of storing all this information, you'll store in a workspace and that is called Log Analytics workspace. It's a nodule resource and is a container for a device collector, fabricated, analysed and presented in nodule monitor. So in terms off log Analytics workspace, it will provide you a geographical location for data stories. So from complaints perspective, you want to make sure the monitoring data is also stored in a second particular location. So if you look into European complaints with the jelly PR regulation in place, you have the store on the locks. Information within Europe. If the data is emitted by European resources because some of the time these longs can contempt personally identifiable information. So in that case, you need to be very careful and both selecting geographic location for data stories. Okay, on the second thing is date isolation toe. Define different user access rates in workspace. Single more So, for example, let's say you have a central monitoring team. I'm Some parts of the team are dedicated to monitor, which will machine on some parts of the team is dedicated to monitor your ab services. In that case, you can create to workspaces one workspace. You feel the data from watchful machines and another workspace. You feed the data from happening, he says. On once you've done that, you provide access to the team who wanted to switch for missions. So that particular workspace very watchful machine log data is getting store similarly for other one also. Okay, that might be one reason why you want to create separate workspaces on the Taliban is it provides a scope for configuration off settings like pricing, tired retention, data capping, etcetera and finally, charges related to data ingestion and retention are made on the workspace resource. Okay, so these are the four Iranians, which will define where you deploy this workspace on how many of them and how you'll configure the workspace. Okay, and the next thing I want to take you to it. He's about user access to this monitoring date up because it is extremely important for you to control who want access to this monitor data. Because, as Sedalia, some of these data might contain security sensitive information on from end user perspective. Also some personally identifiable information. OK, so that's the reason you need to clearly understand how you can manage user access to work spaces. So let me take you through that in terms off workspace, permissions and scope. There are four things that you need to keep in mind. One is access more access. More defines how user is accessing your log analytics workspace. Generally, you help to tapes off access malts. One is user is going to a particular watchful machine, let's say, and trying to access longs related to the particular watchful me ship. So it is a very resource specific. As long as user hands that he had access to that particular watchful mission, he or she will be able to view locks, okay. And the second group of users might be centrally monitoring all watchful missions. In that case, the more they will be using is today directly going to log analytics workspace and try to access the data off all virtual missions in a single go. So to access more. One is why our resource in that case, you that will be accessing resource Pacific longs. And the second thing is workspace simply basically usable. Going to log analytics workspace and view old information. OK, next thing is access control more. It is a sitting on each walk space that defines how permissions are deter mined for the workspace it can be requiring workspace. Permissions are used resource our workspace, permissions. You can either centrally manage permissions at a workspace level. Are you can use both resource our workspace permissions. Okay, So for example, let's say you flagged your workspace and required workspace permission. In that case, any user, whichever the more they are using, if that accent alongs of it in the workspace, they should be assigned an appropriate permission. It a workspace level, not at the resource level. Okay, but if you are using use resource our workspace, permissions that control more in the case when users trying to access watchful machine longs by going into that watchful machine resource, the resource permissions will be evaluated and workspace permissions will be ignored. Okay, I know it might be confusing to you, but in one off the upcoming labs, I'm going to show you practically how you can control access using this access control more okay on the part of his permissions, there are different permissions using which you can create a custom role and provide their custom role to a user. On the fourth money is able level role based access control, which allows you to define specific date or perhaps that are accessible only to us space. Fix it off users. I could table level. Also, you can control the access to the users. For this purpose. You have to create custom roll. You can't use any invent rolls. You can clear the custom rule with specific permission to specific tables and assign the floor the particle user so that user will be able to view, for example, let's say even state only nothing else. Okay, anywhere. Don't worry. If you don't understand this in one of that coming labs. I'm going to show you how to do this. And the next two steps off monitoring is analysing and visualising the data. We discussed the war collection of data we discussed aboard storing the data and also securing access to that store Data for the remaining two steps is analyze and visualize. So let me take you through that in terms off analyzing the data, you can use something called LA Queries and it uses a specific long was called Cast a long wish using which you can ableto create long queries to retrieve any long data from on your monitor, whether you are analyzing the data or configuring L. A troll and also one more. Very good thing is you can define alerts. Also, if you remember our previous lecture, I have spoken about three kinds off loads. Remember this very carefully activity longer lords, matricular hours and locks, air chillers. Okay, This particular thing here I'm talking about is locks and Chaillot. Basically, what you can do is you can create a long query on using that locally you can create in a lot. So, for example, let's say you have written a lock worry. So identifying successful Rdp Loggins with critical watchful machine during a certain period. You don't want any users to RGB in productive, tickle, watchful mission. Onda Vanover. Anybody succeeded in that? You want to get a loaded so you can create a long search and the final alert in such a way you'll get idea servers or email ex cetera Okay, in the upcoming lab. I'm going to show you how to configure this lock, said Charlotte. On the second thing, you can do using lock or disease. LA quarries behind the scenes will support use and dashboards. Basically, you can create a visualization of data, results off iniquity and pin them their dashboard Okay, and you can do number of other things. Also, you can run a partial scape from a command line are a juror automation run book that uses get aged operational insights. Search results to retrieve the long data module Monitor Andi. If you want to use rest a Pia's, you can use a rest a p I in orderto pretty the long data and in case if you're decided, toe export this data into, let's say, power bi I and want to visualize the detail using for being rich capabilities. You can do that also. Okay, So in a nutshell, you can use LA quarries in order to analyze the data and use that Locke worries behind the scenes, not auto. Define alerts, defined use and dashboards. Get the long search query results using poor channel rest AP eyes our export, the results into power. Bi I excell etcetera. OK, so now you can see how much you can do using on your monitor locks for what? If you need to do everything manually. So, for example, you want to collect the data manually into on your monitor longs and you need to manually create a lot off local ease. And also you need to create lots of use and dashboards. It is going to be a mangle project. Believe me, you will need at least 23 people to work for six months in order to do all these things for you installed that there are number of monitoring solutions that are available. Vitina jure. They are designed by either Microsoft art our parties retort, being building them from scratch. So let me take you through this monitoring solutions in big more editor. But in the next lab I'm going to show you those monitoring solutions and even okay, monitoring solutions R p packets of solutions that typically kalitta long data on premier quarries and views toe Analyze the collector date up. They may also leverage under services such as on your automation to perform actions related to the application. Our service There are literally tens off monitoring solutions that are available in on your marketplace. Okay. And when you look at monitoring solution, you can look like a pre buttal package for you. Bitch typically consists off the long data queries and use to analyze the collector date up . So, for example, there is a solution called activity lock Analytics. He nodded to collect activity, longs and visualize using different viewpoints. And also the reason another moment in solutions such as security and complaints, Traffic analytics on so on. So there are lots of monitoring solutions, but I'll pick some of the key ones in the next lab, and I'm sure you do. You okay. And when you are deploying these monitoring solutions for certifying toe create a Log analytics work space to store the data collector by the solution and Also because monitoring solution is a bundle off lark searchers and views they need somewhere to host up , isn't it? So the place where the host this long searches and abuses log analytics workspace. In addition to log analytics workspace some off the monitoring solutions also have some automation embattled within them. And if you want to take that won't. Is off the automation that comes as part off monitoring solution You should create on your automation account toe contain this automation from books and related resources. Okay, so I would strongly advise you to look into the monitoring solutions. Fast toe, deliver your requirements. Don't try Taubate. Anything from scratch because there is no point in treatment in the village. Okay, so going Dodger Marketplace, try to find out existing monitored solutions that deliver your comments. If nothing day waas at least 60% off your required functionality, then start building everything from scratch. But I would really, really doubt you want o build something from scratch Onda. None off the existing monitoring solution. Deliver your common. Okay, So that's it for this lecture in this lecture. I help wanted you an introduction to on your monitor loss and I have taken you through wanting walls in order, monitor loss in terms of delivering the four steps in a monitoring solution that is collection of data storing the data, analyzing the data visual isn't the date up. And finally, I have talked about monitoring solutions, which are basically a pre bundled package of solutions that typically colored law gator and provide quarries and views toe unless the collected data. Okay, next lecture is a lab where I'm going to create a log analytics workspace. Go to some of the important configuration settings. Onda also feed of different kinds off information into log analytics workspace and analyze the data and visualize the data using different monitoring solutions. Okay, It is going to be a very interesting lab, but it needs your 100% attention. So go for a cup of coffee and then sit on the lab. Okay. See you in the next lab. 7. 7Lab demo - Create and configure log analytics work space: Hi. Welcome to the slab in this lab. I'm going to take you through a number of things related to on your monitor locks because this lab is going to be a very lengthy lab. I'm splitting it into two parts in the first part of the lab. I'm going to create log analytics workspace and also feed information from different sources into Dr Log Analytics workspace. And in the second part of the lab, I'm going to show you how to use lock worries in order to analyze the data stored in the log analytics workspace and also how to configure lock such alerts and also hope to use different wanting solutions in order to analyze and visualize the data. Okay, by the way, these different monitoring solutions I'm going to import them in the first part of the lab itself. Because some of these monitoring solutions is going to take 24 of us in order to gather, analyze and visualize the data. OK, so the first step is creating log analytics workspace. In order to do that, going toward your porter, click on create a resource and type in log analytics. Click on log Another day, X click on Create and I'm going to call the size Rudra Locking digs and subscription is going to be on your trainings on resource group. I have an existing one which I'm going to select and location. I'm going to sell it best Europe. The reason I'm selecting fact location is I want to show you traffic analytics and for profit. Candler takes your log Analytics workspace should be located in a particular region are particularly stuff regions. Okay, I'm not Europe. Is not one among them. Handsome choosing rest Europe. Okay, so and pricing time, I'm going to select free. But you can serve different pricing times based on your recovers on. Click on OK and click on. OK, generally, it is pretty quick, so I'm going to wait for its creation toe Get completed. Now our log analytics workspace has been successfully created. So let's go to resource groups. Click on Resource Group and click on the workspace. And here you can configure number off things related to log analytics workspace. But let me take you through some of the important ones. Remember, In the theory lecture, I have talked about four steps related toe Any monitoring solution 1st 1 His collection of data. 2nd 1 is storing the data. Todd, when is analyzing? 4th 1 is visualizing. Okay, So in towns off collection, you can come down here and fear the information from different data sources into log analytics workspace. They can be watchful machines. Stories accomp longs on your activity. Log on the different other kinds off our jewelry sources. Okay. And once you collected the data, if you go up, click on the logs. You can able to view the data using this locks. So if you click on a log management, you can see number of tables based on the data sorts from where the data is coming, they probably get populated in the appropriate table. So, for example, if the source of the data is from on your activity logs, then the data will get stored in this stable. Okay, Andi, if the data is matrix, it will get stolen on your matrix. Andi, if the data sources, let's say from even clock, then the data will guys told him even table OK, and in terms off analyzing the information, you can start writing your own qualities here on deep dive into the information available in the locks. And the final step is visualising the data eyes under. For that purpose, you can use a view designer in Harto design some tiles and grew those tiles under dashboard . How? I'm not going to do all of this views from scratch. I'm going to use monitoring solutions. Beach, aren't people back is off data quarries views. Okay, so let's close this down. Now. Let's start everything by confident the data sources in orderto booed on If you come down, click on watch with machines and click on it. Andan, you need to press connect as simple as that. OK, on the next. A gator source that I want to connect is on your activity logs. So click on it, Click on it. Frankly, continent. Okay. And in terms off collection of data from some of these resources, you can able to configure what type of data you want to color. Okay, so for example, watchful machines. If you go up here on good and once of sittings here, you can see war servers that are already connected with this workspace. Okay, I know it is showing Jiro here because we just connected. It is going to take some time because it is in progress is under here. So once it is completed, then you can see one Windows computer character. Okay, But we want to conficker one type of data. Very good quality from this windows are well, So if you click on data here, you can specify in number off data sources later Tubindo service you can configure, which even clogs. You want to gather information from Windows Performance Contours? Ah, yes. Logs Lennox performance Contreras, custom fields, custom logs and so on. But for demo purposes, I am interested in rdp in terms off three more disturbed connections that little stored in one of the even longs. So let me search for it. See, this is the one where you can able to view who are deep field into your watchful mission, including their I peered. That's also OK, so technically, Condi's on def. You come to the left. Sorry to the right. Click on here. Now you will start collecting the data from the particular even block. Okay, so click on See? Similarly, if you want. Oh, add a further hearing clocks you can add, but I will leave that to you to try. Okay, let's close this. So we have done configuration collected two windows servers, and we connected our your activity log also. Okay, now, if I go back to our power point here, you can see I have computer activity logs, even clunks. And the next thing I need to do is updates and anti malware. Okay. So, father purpose, I'm going toe go to what shall machine and click on the virtual machine. And if you come down here, you can see somewhere update management. Here, click on it. Andi, I'm going to enable update management on top of this watchful mission. Okay, Onda, whenever you enable, I'm good management on this watchful machine. You basically get to select log analytics workspace. Here. You can see the log Olympics. Workspace is already selected. Okay, So automation account subscription is at your trainings on. I'm going to create a new automation Akane. Okay, click on enable. By the way, I'm not explaining much because we already done this object management in one of her previous labs. Okay, click on anybody. Okay, so we enable doctored punishment. That means it will also add a monitoring solution into our log analytics workspace, which I'm going to show you in the next lab. And the next thing I want to do is to enable Microsoft anti malware on top of this watchful machine so that I will be able to show you on dim Oliver Assessment monitoring solution in locking addicts workspace. Okay, so let's go up and then click on extensions and then pick on ad. And if you come down here, Lord, more on you can see Microsoft Anti malware selected, Click on Create. And I'm going to leave all the default settings as it is and click on. OK, okay, so we have done the third source also now, which is updates and anti malware on the 4th 1 is an energy locks. This is going to be big different because the traffic analytics solution is not going to be explained as part off log analytics workspace. It is displayed under not your monitor. Okay, so let me go into Network Security group and enable this traffic analytics settings. I know it might be a bit confusing to you, but bear with me in the head, everything will become clear to you. Okay, so let's go. The NSG click on it on. If you come down here, you can see energy flow logs click on it. Basically, by enabling profitable takes, we are rooting and nasty flow logs into log analytics workspace. Okay, so click on it. Here, click on on. I'm going to use Russian too, because it is the latest and most enduring one on the conflagration account. I hope I have one. Yeah, let's click on OK, and attention. I'm going to retain these longs for one day and here you can enable Traffic Analytics okay . And we need to select a log Olympics works pairs, which I'm going to sell it on it. We can see that said configure successfully. So we have done all the things that we need to do ask for this configuration strolling the slide on. The second thing I want to do in preparation for the next lab is toe import some of the management solutions and of itself so that I can wait for 24 of us to show the visualization part of them in detail. Okay, so let me import all these things. So let's go to log analytics. Sorry. I know I might be mentioning Log Analytics. Sometimes I'm mentioning on your monitor lands both one in the same. You know, bad habits don't easily. So I keep on going back to this log analytics technology. Okay, so click on law Journal gigs on. Then in order to import the solutions, you need to click on workspace Somebody on Donkey Kong ad Now, the 1st 1 I'm going to don't, Lord, He's activity Log Analytics. Okay, Simply con select Click on create. Okay, All the things got defaulted because I have only one workspace anywhere you can create. Okay. Again, we need to go to lock in, undertakes on workspace Summary. See, it is doing performance assessment for some of them. It comes very quickly, but for some of them, it is going to take a lot of time. Hence, I want to don't know itself. So click on, add on the second most important thing you generally do when you are using Log Analytics is security and complaints. Okay, So click on it and click on, Create on. I want both solutions, which is anti malware assessment and security and audit. While this is getting deplored, let me go back once again on Goto works. Place somebody click on, add one final thing I want to, And these are laid complaints, which is a very good monitoring tool. Let me click on it and click on. Create, Please. Country it. I just want to make sure I have done everything. I have connected all the data sources, toe log analytics, workspace and I have imported all of them except traffic analytics. Because traffic analytics you can view using at your monitor itself. You don't need to come to work space summary to view them. Okay, No. Let me pass this lamp for 24 of us, and I'll come back and show you rest of the things. So go for a cup of coffee and come back. See you in the next part of the lamb. 8. Lab demo - Configure log search alert and import monitor solutions: Hi. Welcome to this part of the lab in this part of the lab. I'm going to show you a number of things. Firstly, I'll show you how to write lock worries in order to analyze the data town that is stored in the last. Secondly, how buys alerts when a user or deep into critical virtual machine totally how to configure workspace, permissions. And finally, I'm going to provide you a very quick walk through off all monitoring solutions that we have imported in the previous part of the lab. Okay, so first of all, let's start it. Lock worries In order to bow down going Roger Porter, click on logging, Undertakes workspace and then pecan logs. Here you can view different kinds off information and based on the monitoring solutions that we have imported, the type of the one that you can view will differ. So, for example, Andi malware got at her because we imported condom always solution similarly up there. Scott added, because the importer updates solution okay, and so on. So let's say we want to view activity logs. Okay for that click on log management and you can see on your activity here the volatile corner and then landed. And you can you own the records in the particular table. OK, you can see Creator update, action group SAS, Stokan and so on. So, for example, if you want to filter down so I don't If I on the create or update action group activities , then you can click on here on day, gonna add here and that will get out. It has filter condition. So if you're not now now you can see only those particular activities. Okay, Now our objective usedto view security van's related to remove the stop activities. So basically, I want to view all the events there If you want user successfully loved him to my watch one machine. Okay, let's take that doesn't scenario. So let me delete this. And if you go down here, even this is where all the even log details will get stored. Double click on it and run this bear in mind. In the previous lab, we how collected only saving type of evens into log analytics workspace. So if you go to add once or sittings and then DeGraan and then here we are only collecting even circulated toe This particular log that means only more connection related events were gathering. Okay, keep that in mind. So no pecan logs click on love Management and then evens. But on this now let's say I want to filter down and view only those events related to remove the stop. Sex is OK, so let me type of you. Generally, this is in trend or description, so select select dot and then contains accidentally more. This top OK, this is how you can filter down the records. Also I don't it. And then if you click on here, come to the side and then if you come down here, you can see Dimona stops me. Says you the authentication succeed, er user is Rudra Oviedo. My knees are Jurietti and the source addresses so and so Okay. No, I want only sex us months and I want to raise alert based on the account of these events. Okay. Saying that space to there and run this now we help eugenic orgy in order bride interface, successful RGB connections. Okay, and now I'm going toe save this as a saver search and then use that Cory in order to create a lot. Okay, I can do straight away also. But I want to show you this also. Let's call this house only be even and save us. Equity category is security. Let's say okay and then see it once. You saved this successfully. Next time, If we want to run that 40 then you can go to sail searchers and then just type in Rdp, and then we cannot be people. Okay? That's how you can run the Corey's. So let's close this now. I want to confident. Alert. Okay, by the way, here it is. Showing totally loads. Elliot, I have configured one just to make sure everything is working properly and it is working properly. But anyway, I want to show you everything from scratch. So I'm going to configure an alert rule here. Okay? And the school, please. Log analytics workspace and our condition. Here, there. We can select that quick. Okay, this is our deep. Even I'm selecting. This is the same research by the minute. You can see in the description in the sense equity. Okay. And alert logic. Let's say if I have any of those events I want to get a loader. That means the threshold value is Jiro. Even the number off successful Rdp Loggins is garden Jiro, I want to get alerted. Okay? Onda will repeated off five minutes and this allowed quality will run able five minutes. That is defined by frequency here. So I'm going to leave them as it is actually conduct okay? No, you can see the price related to it. So you are going to incur that cost for running the seller. Keep that in mind. And the next thing is actions. So I'm going to out in action here. You can create action rule also. Okay, So click on action look and filter criteria. The main purpose of faction rule is basically to suppress some of their loads. So, for example, let's say I got the alert that I user removed their stupid successfully India particular virtual machine. But while I'm resolving that issue are addressing that issue. I might get more and more instance off users successfully loving into our DP. But I don't want my mailbox to be filled with. All these alerts is under. Sometimes you want to suppress them here. You can define the filters in such a really? If the alert is already active, you can suppress subsequent dealers. So, for example, if you click on, let's say monitoring condition and operators equals and then fired, that means if the alert is already fine, then I want to stop it. I don't want to write any more alerts. You can do that also. Okay, so let's close this. I'm not going to add anything. So basically, I want all alerts at the moment and I'm not suppressing any alerts. I'm going to configure action groups. Okay, Be very grateful. When you are suppressing the alert's, you need to have complete knowledge of what you're doing. Otherwise you might end up suppressing valued alerts also. Okay, but to do a lot of testing when you are doing this suppression, off alerts. And the next thing is actions to whom we want to send this alert. We don't have any actions. Grew up like some creatine action group. Root name is, let's say security. Short name is security. Subscription is on your training's. Hey, sauce groupies. I'm going to leave the capacities here. I'm going to call the sends e mail action Die, please. Email and any details email. I'm going to sell it one more. I had a little drawn in dot com. Okay, there to pass on s okay. And the action role unit to give. Let's say the seas Security Rdp. Okay, okay. I need to select action group that I just created, I think. Okay, so that's it. So what we have done, we have to find a school for action rule. We haven't defined any filter criteria because we don't want Don't play any filters Now, on on the scope. I'm not suppressing their loads. I just want to trigger some emails. So I have under an action group. And then finally, I'm providing action rule details and click on create By adding this action rules. I feel that Microsoft bit complicated than alerting, but sometimes it is useful, I would say, but I don't know, maybe I'm not just get used to the sectionals yet abjectly can create and then add in action. Okay, I'm going to call this answer. Security Rdp, See Vionnet, eu can specifying which is critical and enable rule of con creation. I'm supper sellers, So if you have a simple logic for suppressing alerts, then use it. Okay? Don't use action rules. So for example, if you want to suppress a lot for 20 minutes? Fine. You just use this because this is much more simplicity, Comparator. Action rules. How, uh there might be some complex logic that you want to implement in case off suppressing dollars. In that case, use action rules. Okay, Now I'm going to click on create a little No. Once you created an alert generally vague for five minutes for testing because it is going to take it placed five minutes based on my observations. So what I'm going to do is on going to pass this video for five minutes and come back. I'll be logging into the watchful machine and check, But I'll get email or not Bear in mind once we are deep in tow. Watchful machine. Also, we need to wait for five minutes because the frequency off this alert is for a verifying winners. It will look behind Rvp even for Simon situation. And if the count is more than Jiro, then if we initiate an action, always alert. Okay, so let me pause the video for five minutes now. I have waited for five minutes, so let's are deep into the machine. This is the machine. I'm goingto Rdp into it. Okay? And now I have successfully are deep into this in order to verify whether the saintly came into Logan allergic workspace or not going to log another digs and click on save researchers Click on a deep even and run this. Okay, you can see 1907 That means he doesn't. That came. So let's keep on running this. See? You can see it in, you know, 2010. So let's click on it, and then you can see here the more destructive visas you direct Indication succeeded. Okay, Thank you. Is there? But it's matter of five minutes because the alert will run every finance frequency. Okay, so we are going to wait for five minutes in order to trigger that alert on triggered action which is sending email toe were mired. The rate was during dot com. Okay, So once again, I'm going to pass this lecture for families and come back. No, I have waited for five minutes on. I received that alert. Let me show that to you. Here you can see a lot notification. Click on it and then you can see the name of the alert civility, resource search interval start time interval duration. Such quarry results and so on. Okay, so this is how you can Conficker Law Gillers. Second thing I want to show you is workspace permissions. So let me close this. And then if you go toe all of you here you can see access control More currently. Deciders use resource our workspace permissions. In other words, it will use either resource Permissions are workspace permissions in order to allow the user to access the logs. How are you Can change this in do another more also which is required only workspace permissions If you said this although user have access to that resource Still, he need to have access to a workspace before he or she can access the data related to that resource. No. Better demonstrate this to you. I'm going to do one thing. Let's go into a watchful machine. Click on it and I'm going to provide access to one user. So this particular which one machine? Okay, observe what I'm doing. Very careful. Late and everything will become clear to you. Okay, So this particular user I'm providing contributor access to this resource. Okay? Generally, anybody who have contributor access should be ableto click on logs here, and it will do view the locks. Okay, now, I couldn't view all the logs. The reason I'm able to view the logs is here. If you go into a workspace, access control more, I hope put record workspace permissions. But at the same time, what might road running dot com has access to this workspace. Okay, how are no? If I logged into one more dot rudra at road running dot com, I should not be able to view the logs from the resource. The reason is here if you click control assignment. That particular user for more dot rudra Attrill, drawn in dot com doesn't have access to this particular workspace. And because the access moon we have said as require workspace permissions, only the users that have access to this workspace will be able to access it. To prove that point, I'm going to log old under, log back in with that particular use ready. Remember again this particular use ready has access toe test machine as a contributor but doesn't have access to log analytics workspace because access control motives workspace permissions required. Hence this user ideally should not be able to access locks. Okay, so if you click on test machine and come down here pecan logs and then try to see the information, you're not able to see any information I really hear. It should come as access denied, but I'm not sure why this is coming like this. Let me check ones. This user has contributed access because we just given, isn't it? This is the contributor access, and he is not able to view the records. But when I tested this before, it generally used to come as access tonight. But I'm not sure why. It is not coming now, any of it now, if I provide toe this user toe workspace, he should be able to access the data. OK, so to prove that point, let me sign out and log in with war might hold on. I'm dot com me go to log analytics, work spares and then go to access control rule assignment had a rule and I'm going to provide contributed access to work more dog withdraw nine dot com free conceal I can. Now it go down it successfully Generally want a absurdities with the Log Analytics There is generally a time lag, but let's see. No, what we have done is we have provided toe this user both access to a watchful machine and also to log analytics workspace. Because the access control Mordy said to require workspace permissions, it will ignore this particular user access level test mission. It will only consider this particular user access to works best. So because he got access to a workspace now, he should be able to view the logs. Okay, recorded t uh, and then pecan logs in the Baltic on the event. Frankly, Condra, no idea. Let this users should be able to see the information. There you go usually able to view the information because I provided user a contributed level access to the workspace and also because the access control movies required workspace permissions. That's the reason I need to provide all users access and a workspace level. But in case if you want to provide access to some of the users at a resource level, only on warned them to view the information in the loss related to the particular resource , then at a walk specially well, you need to configure access control, mood as required resource our workspace permissions when you sell it that even know user doesn't have access at a workspace level as long as user ham access at a resource level I e , for example, in this case, watchful mission level. Then he or she will be able to view the information related to the particular resource. So you can see here the view is limited to test mission one. Okay, so in a real world scenario, configure the access control more as required, resource our workspace permissions and provide group off central monitoring users to have workspace level and the Resource Pacific's support users at a resource level. Dale by in orderto troubleshoot the shoes at a resource level, the user supporting the particular resource will still be able to view longs. He respect you off he or she having access it of works place level. At the same time, central monitoring users can be able to monitor everything holistically using workspace permissions. Okay, I hope you understand this, But if you don't understand, feel free to post your questions on guy will answer them asking clear as possible. So I have covered two things. Now, 1st 1 is how to write, lock or ease and use those lock. Where is in order to raise alerts. And the 2nd 1 is how to configure workspace access control more. No one going to take a break because the length of this lab administration is already 20 minutes. So I need a break. I suggest you go for a cup of coffee on join me in the next part of the lamp where I'm going to take you through different wanted and solutions. See you in the next part of the lab. 9. Lab demo - Walk-through of monitoring solutions: Hi. Welcome to this part of the lab. In this part of the lab, I will take you through different monitoring solutions that I have added into log analytics workspace in the previous parts of the lab. Okay, So I will take you through a and E Moloch assessment, which is part off security and compliance monitoring solution. And also, I'll take you through activity Log Analytics update management, Traffic Analytics, etcetera. OK, so let's go through these monitoring solutions in order to view monitoring solutions. There are two ways. Either you can click on the monitoring solution directly. So if you go to resource group and then you can click on the monitor in solution directly are generally you turn toe going to log an electric workspace and then click on workspace somebody and you can see on the monitor in solutions that you have and head into log analytics workspace. Okay. Fast money's anti mullah assessment. Click on it. Here you can see all the computers with the detective threats, but that they are active. You are remediated onder. What type of threat? Score detector the protection status. For example, if your computer doesn't have value signature my latest signature. Then you can see signature out of date, no real time production and so on. And any computer which has anti malware protection switched on. You can see here. Okay, One question that should come into your mind is what is this? Windows defender? Because in previous parts of the lab, I have enabled Microsoft anti malware solution on this particular computer. Okay, but here it is showing Windows Defender Why? Because Windows defender is enabled by default on Windows 2016 servers. OK, and when you try to install Microsoft anti malware on top off it, any optional configurations will get up data. But Windows defender will not get replaced, okay? And also Microsoft anti malware will not be get installed on top off it. Any optional configuration will get updated. That said OK, so this is all about anti muller monitoring solution. Now, if you go toe on your activity longs here you can see the activity logs by time duration, basically databases. But if you want to change, you can change it also in terms of the pain range and you can see activity logs by staters looks pretty source locks paid resource provided also etcetera. But the beauty off this is if you want to drill down into the logs behind these statistics , then you can simply press on it and then you can go toe underlying data. And also you can see the query that is supporting that Charles here, you can see on the activities that has happened on Test Machine one. OK, similarly, you can click on a chart and go into the underlying quickie and view the date also. Okay, that's the beauty off monitoring solutions. Okay, close this one. And this is all about on your activity. Longs. They're very straightforward. So if you want explore further, you can do the same in your free time. And the next thing is security and ordered. I am not going to go into it right now once we complete security center lectures. After that, I will come back and explain you security and ordered solution. OK? And the next thing is system of dead assessment. Here you can see which computers need critical updates on security updates on which Windows updates are missing. Similarly for line X computers, also, you can see which computers needs update on up to date on which type off line it's updates news to get updated. Basically, it is providing a snapshot. And again, when you click on one, you can see the underlying data and see what is exactly that particular updated that is missing. Okay. And the next thing is update complaints. I know it is not getting displayed here. I've waited for three days. Still, it is showing this. I'm not sure what is the exact problem with this, But there is an everyday to see. I'm dead. Complaints. That is, if you go to resource burbs. And if you click on automation account, here it is. And then click on update management. Here you can see the complaints. Traitors. So, basically, you can see none of my machines are known. Complaint. Off course test machine One is missing some of this, but they are not neither critical. No security. Okay, so this is how you can see update complaints. Although the monitoring solution is not working. Okay. And finally, I want to show you one more key monitoring solution. That is Traffic Analytics. In order to view Traffic analytics, you need to go to monitor click on a network and the bottom. You can see traffic analytics click on it. Here, you can see a whole host off information related to your watchful network and network security groups. You can see number of flows in terms off in bond and all bone. How many of them accepted? How many off them? Denied Also. So, for example, if you click on here, these many militias in bond flows got blocked. Okay. And also, there are some flows got blocked. Maybe because amnesty rules are blocking the traffic. Okay. And I had this much off in bone flows and this much off our bone flows and you can see this color is alone Out born floors. Similarly, these are allowed in bone flows. OK, on all the green or are safe loss basically on anything Red is militias. Okay? And if you come down here, you can see snapshot off your network environment. Basically deployed, or jewelry. Asians And how maney, which for networks you got? How many an excuse you got, How many subjects you got? And also one very, very good thing is view map. If you click on it, then you can see in which regions your watchful networks are located. And also, if you click on it here, you can view network topology. But unfortunately, I have only one network right now, so you will not get much out of this. But if you want to do this kind of analysis in your environment, for example, test our David arraignment. Go here and view network topology. This is a very, very nice functionality. I know it's showing blank screen, but it will show you on the networks on their peering in between now. OK, so very useful information. But unfortunately, I have only one watch one it right. But maybe in future, I will implement happen school network model and show you how you can use that network topology here. Okay? And I might include that in the complete walked through off network services course. Okay, so let's close this. And if you come down here, then you can see 12 of distribution i e. In terms off which resource that is getting most of the traffic. So, for example, if you have hundreds of virtual machines intense of virtual networks and sub nets, in that case here, you can see which one off them on getting the most traffic. So here my knees. I have only test mission one. That's the reason Only one night is getting more traffic. But if you have a whole host off public I p addresses, then you can see pop 20 eyepiece, which is receiving the most traffic. OK, Similarly sublet similarly wien it also The reason I'm showing this information is there is a security angle to it. Basically, ritual die peas are getting the most trophic are the ones that you need to Hard and more are secure more basically that he's your surface attack area which you need to reinforce your defenses. OK, that's why it is important you analyze this information in order to put proper security controls. And if you come down here, you can see top from the energy is filtering network traffic with respect to hits again by I didn't differing topped on peak unless years, you know those are the critical industries. You want to make sure they are well managed because most of the traffic will be coming through them. So that's how you have the security angle associated with traffic analytics. Okay. And if you come down here, application pours. You can see on def. You have VPN get a load balancer application gateways. Then you can see list of them here in terms off top 20 load balancers, our application gateways that is receiving the most traffic. So my recommendation is, once you build your networking in Iran, man in the 1st 2 to 3 months unit to carefully monitor using traffic analytics because using traffic analytics, you can able to view militias traffic from which I Pierre Du says they are coming. And also, you'll get to know which public eyepiece are getting craft the most and reinforce the differences against them and also talk 20 energies through which the traffic is getting filter and all those stuff. Okay, so that's it for this lab in this lab have given you have walked off different monitoring solutions that you can using log analytics from security perspective. Okay, next lecture is a boat on your active directory monitoring. We talked the boot on your monitor. We talked the board log analytics. But most importantly, all these things are used in order to monitor argue resource is okay, but we need to monitor our your active directory also. So join me in the next lecture. Well, I'm going to take you through our director directory monitoring. See you in the next lecture. 10. Introduction to Application Insights: Hi. Welcome to this lecture. In this lecture, I'm going to provide you an introduction toe application insights and its capabilities. Application inside is an extensible application performance Management service for Abdullah pours on multiple platforms. So basically, application inside is a comprehensive monitoring capability available in azure in order to monitor three types of applications. One is Web applications. 2nd 1 is a piece based applications told when he is your mobile back and services. Okay, So using application in science, you can wonder on these three types off applications and generally, in a typical of of application, you will have three layers. One is presentation earlier, which compresses off by Babs. 2nd 1 is a business layer which comprises off absolutely says are baby eyes on the thought of in his d'Italia, which is usually your sequel. Databases are what are called it a vase and also your of application might be consuming. Some external AP eyes are using some background services. Exeter, ANDI. Using application inside, you can monitor all of these three layers basically, by embedding the instrumentation package off application insights into those early years, you will get a different types off monitoring data into application, insides and application sides consists off Lord off powerful analytical tools which you can use in order to diagnose the shoes. And so understand what users are actually doing with your app in terms off, more tape of data collected and one type of tools available. I'm going to take you through that in the next two slides, okay? And once the data coming to application science, you can push the data into poor B. I. You can configure. So my lords in orderto get alerted when some conditions are made. Ondo. Also, you can use visual studio in order to give up your application using application insights, and you can use rest AP eyes in order to get the monitoring data, and you can continuously export the data all from application insights into on your stories . Okay, so, no, let me take you through different types of data that gets collected by application insights . In terms of the data collection, forced collection generally happens that have absolute level at a Web server level. Application in science will collect the day car related to his to depict WAAS time taken to process a request response calls from which claimed I P address in particular request came and also session of the information. All of his information you can use in order to monitor the performance off your Web server , and the next thing is that basis living information. So from the presentation layer monitoring perspective, you will get peace combs user instruction cones. How much time a particular page is taken to load any exceptions and any Jack's calls, all this information will get collected. The beauty is using this information you can ableto crack uses off your application. So basically you will know how much time usually spending on a particular page, which pays is taking the most heads on dso on. Okay, on the next level of monitoring is at a computer will. Because most of the time when you are trying to monitor the performance off your Web application, you will try to correlate that performance data off application with the end. Elaine Computer is also so. For example, if you are the application is taking a lot of time to Lord, then you might want to monitor the underlying CPU utilization off the Web server in order to identify any correlation between performance off your Web application with your son will capacity okay, and the next thing is claimed and settler context. This is one area that you want to focus when you are trying to G. Berg issues with your Web application because they issues might be related to a particular operating system. Are device type are a particular Broza? Let's say somebody using chrome er five fox in article. Access your application on Do you have identified Onley? Crummy users are facing issues when they are accessing your Web application. That kind off contextual be begin that you can do by having all these kinds off information . Okay, and the next thing these exceptions and crashes. In case off any exceptions, you can get stag Dems build I D. C. Pure type X, a drop. And the next thing is dependencies. In case if your application is dependent on other applications are services. So, for example, within your application, you might be doing and trust validation by calling an FBI off post office. Similarly, your application might be updating or between the data from a sequel server. In that case, you can able to see how much duration your application spent when it is calling an external Abia. Similarly, how much time a particular store for Caesar is taken to process the data on that returned. The sexes are failure back to the application. OK, on the next thing is available. It'd us written application. In science, you can configure availability test on, see the responses. So basically, you can configure it test and make sure your application is available all the time. In case if one availability justice fail, then you can get alerted. Okay. And the next thing is custom. Even send metrics because you condemn bird instrumentation package off E I. I application insights into your bad cord. You can ableto right custom events and matrix to track business evens for example Number off displaced Morris Second period off duration. OK, so these are all the different types of data that will be collected by application and sides. But one of the keys trends off application insights is its tools. Using different tools that are available in application insights, you can hear brutal Diagne eyes visualize, analyze and also you'll get much or insights into the uses off your app by users. Okay, so let me take you through different tools that we have in application Insides in terms off tools. The 1st 1 is small detection manual alerts. Basically, application in science comes with a number off rules. Okay, those rules, when you enabled aren't on the monitoring data application. Insides will try to adopt to your abs normal patterns off telemetry and trigger when there is something outside the usual bathroom. Okay, So basically, let's say on a Saturday, you will have very less modoff app usage. But on a particular Saturday, if your app you saying is suddenly shooting up, then in that case application insides will identify it and send you an alert. Okay, this is very, very useful on one more thing you can do with smart detection. Yes, you can either enable or disable those rules. OK, So for example, if you're getting unnecessary alerts and you know the primary reason behind it, then you can disable that rule which will suppress all the Lords Lito particular rule. Okay. And the next thing is application map. As a sedalia, your application typically consists off three layers presentation business date up using application map you can able to see on these three layers off your app with key metrics and alors associated with each layer in the next lab. I'm going to show that to you. And the next thing is profiler. You can able to inspect the exertion, profiles off sample requests. Basically, by using profiler, you can ableto identify which part of the court is taking maximum time day by. You can find June that particle er part of the court. Okay. And the next thing is uses analysis. Using this tool, you can able to analyze user segmentation and pretension. Basically, what you can do is you can able to see how Maney had to users what they are doing, that your app in terms off how much time they're spending in each piece is how many sessions they are opening on a particular day over a practical adulation and swore These are really a gold mine for Data analytics because using all these information under uses and all this is you can ableto deep into underlying information and get a lot of good insights on your abuse It and the next thing is diagnostic such for instance, data monitoring is not about only visualization. At some point of time, you need toe dip dye into the underlying dig up. So using this diagnostic search, you can able to search and filter events such as requires exceptions, dependency calls, law places and page views. Okay, so basically, you'll be able Togo the underling, particularly instance, on a particular session and look into the information for debugging in the next lab. I'm going to show you how you convey Ebert your application, using these words todo and application insights. Okay, and the next thing is metrics Explorer. You can able to explore filter and segment aggregator data one big difference between metric Explorer off application insights that says Matrix off your Molitoris. With respect amateur monitor, you will get only basic level of metrics, but with application insights, you will get a whole lot of granular matrix, and also the frequency will be more with application insights. When compared. Toa one minute duration metrics off on your monitor, okay, and the next thing is dashboards. You can use Metric Explorer in October. Define your charts, and at then you can pin those charts into particular dashboard. On the tell a story basically, and dashboard is designed mainly to tell a story we told related metrics in one place and finally Lima text him among all these things. This is the more I like most on. I'm going to show this to you in the next lap. Basically, using Lima to extreme, you can ableto do near real time monitoring off your Web application performance, so make sure everything is working as expected most of the time. In my experience, you will use this'll. I'm it extreme in order to monitor your production application whenever change is gone. Life because initially when a change is gon my unit to closely monitor for any exceptions, are the relation of performance using Lima tricks. You can able to monitor that in near real time and make sure the changes implemented successfully on it is not hampering any of the existing functionality of the application on its performance. Okay, so this is all about application insides, key types of data collector and also different tools that are available in application insides to view monitor on. Also do some analysis on your Web application performance exceptions except rough. Okay, Next lecture is a lab where I'm going to show you how to enable application insights on a particular application using larger Porter and I will show you how to use some of these tools to monitor that application. OK, so if you have some time, join me in the next lab. 11. Lab: Walk-through of Application insights features by connecting Azure API App: Hi. Welcome to this lab in this lab. I'm going to show you how to enable application insights on an AP application and how to use different tools off application insights in order to monitor your AP application. And lastly, I'll show you how to use application insights Invisible studio in orderto monitor and de burgh your A B application. Okay, The reason I have chosen AP application instead off application he is BT a bear. I can easily anybody else swagger you I and trigger some events andare Devens. We are going to monitor using application insights. Okay, so first of all, let me create an A p m. Gonna be up if we can create. And I'm going to call the science Rudra nine test a p I and subscription. I'm going to leave that as it is, resource group. I'm going to create a new one and in terms off ab service plan, I'm going to create a new one and in terms off location, I'm going to sell it, not Europe. And in terms of pricing time, I'm going to sell it free. Click on OK, find in terms off application insights. Either you can enable application insights here are after creation off AP help. You can go into a pap and enable this. I'm going to show that later. One. Okay, so let me disabled this formal and click on a play entry country. It generally it is pretty quick, so I'm going to wait for its creation toe complete. Now, our A B F has been successfully creator. So let's go to resource. And in order to enable application insights, come down here and click on application insides and all known site extension. Okay. And in order to link this absolute V's with application insights, you need to provide an instance off application insights. Okay, at this moment of time, I don't have anything, so I'm going to clear the new resource. But bear in mind if you have an already existing application insights, then sell it existing resource. Okay? And you can control some other details also in terms off instrumentation. Basically, you can specify war tip off information, want liver you would like to collect. So if you can see here, if you switch on profiler, then you can call it profiling traces that will help you to see Wait. Time is spent in the court. Okay, In the later part of this lab, I'm going to show you where you can view this on. If you come down here, you can have snapshot de burger. Basically, it will collect call stacks for your application when an exception is thrown. Similarly, if you want to see the local available stunt and also then you can collect OK, so I'm going to leave them as it is and click on Apply now, the application in science has been successfully neighbor. Now it's time to publish in a B and application into this a b m in Azure. Okay, so let's go into the studio and start creating an E. P. M. Click is be dotnet with application. Click on OK and sell it on to Arabia. Okay, that isn't I'm selecting a jury appear appears it has in build support for swagger. You are so you don't need to write any court to friend and your a b I's Okay, so click on OK, I think now the next thing I want to book before I publish this application in the AP appears, I want to enables Father, you are so click ons vaguer confidants years. And if you come down here somewhere down the line, you can see a piece off gored. This is the one just uncommon. This which will enable Swagger. You are okay. And let's build this. And then I'm going to publish this application selling the baby and the re creator and click on. OK, okay. This is going to publish this AP application into the A P. F. Recreated in agile. Now a B ab has been successfully published. As you can see, we got the U. N. Later to it. But if you want to see the swagger you I related to this. That you need to type in swagger slash away slash index. Okay, click on values on. I'm going to trigger some of these AP s O that some amount off monitoring data will get fed into application insights. So, in that way, it is better to explain you when there is some data in there. Otherwise, you won't understand the visualization part off it. Okay, so you can get click on 23 times and then click on get again by I d provide some i d. 123 Let's say I tried out. Now let's go back into of your porter. Go to the cells groups to counter resource Group and click on the application insights. Now, it is very difficult to cover all the tools off application insights in one lecture. Okay, so I'm going to take you through 1st 23 off them, which is application map, smart detection, live mitt Extreme. Rest of them are pretty straightforward. On some off them, you can only see when, um, bird some instrumentation practice related court, even though the application Okay. For example, if you need to see the user sessions evens that you need to remember some cold into a p EP , which I'm not doing now. Okay, so let me show you application map. This is where you will be able to see all the components related to your application, OK, basically, you should be able to see your A p m. And also, if you're a P, eyes are interacting with the Secret service in Azure, then you should be able to see that. And if you are using the application, then you should be able to see on three layers off of application in here. Okay, on Essentially, you can pick on each of these layers. I'm see the details off performance related to those layers. I know it is showing no data caliber, but if you wait for sometime, then you should be able to see the data here. Okay, But let me take you through other things on once we spend some time, Then we will come back here and I will show you application, man. Okay. Next thing. A smart detection. Basically smart detection build. Analyzed the uses patterns off your application. And if there are any anomalies, detective, then it will send alerts to you. Okay. On. You can conficker want alerts. You want to get on, want alerts you don't want to get. So, for example, these are all the rules that are available in application insights. But let's say you don't want any alerts on slow pace slowed in that case, click on it and then disable it. But if you enable id this page Lord, email notifications can be sent as an email to subscription monitoring contributors and monitoring leaders. But if you want to specify some other email address, you can specify here. Okay. So you can go to each pool on either any village are deserve Miller and customers who used to be no different for beach type of issue. Okay, on the one that I like the most is like Mitt Extreme here, you should be able to see the lion evens that are coming to your AP AP. So if you go toe faggoty why? And let's say I'm going to treat us some evens here, Okay? Now, if you go to lame stream, then you can see here the records request duration that was failure, raid ongoing, requires and so on. So, basically, in near real time basis, you can monitor all the records coming to your application. See the request relation, how the performances on also, if you have some other dependencies. So, for example, if your application is relying on some other dependencies than you can able to see related information here, Okay? No, let's close this and go back to application map. Yeah, Here you can see there is only one complaint or layer within AP AP, and it is showing the information related to that. You can see here 29 calls 1 35 milliseconds and you can click on details related to it and you can see which function has been triggered. Get values, Get values. I d These are the two functions that I triggered using Spanger You are and you should be able to investigate the performance behind this particular calls. So, for example, which function is taking more time? Okay, so if you come down here, you should be able to see which one off them is taking more time. And if you click on it, you can see the details related to hear on. For example, let's say if one particular function is taking more time, then you can find junior court. Okay. It is extremely useful for you to use this performance to love application insights on start analyzing the performance off your court vite immune application. OK, so that said, I want to show you in application insides. You can goto other areas also like matrix availability of performance. All these things are very, very straightforward. You should be able to understand this on your own. The last thing I want to show you is how you can enable application insights using visual studio and use application insights. Toe developed this okay? Actually, not Diva King. But when you're running disciple locally, then you will be able to use application insights and understand any performance issues. Are any exceptions and swore. Okay, so let me close this. In order to enable application in science on this particular application, click on corn feed application insides and make sure you are digitally just to stick it. So click on update. US ticket. No, they're sticky. Quartet is successfully, and the next thing you need to do come down here and click on Start Free, and you need to link this particular application insights. Instance. Okay, so click on resistor. But I think I already have an application inside. Why we're creating New Resource. Select an existing application insights resource. Come down here and click on register Now. Application insights has been successfully added to this project. So let me around this application locally, and I'll show you how you can use application says in order to monitor performance when it is running locally. Okay, now it is locally launched. Now I'm going to enable swagger, click on values and before I trigger these functions, going to reverse to Europe and click on application insights here and you can see all the things that are happening within your application using application insights. Let me close on these windows. Okay. Here you can see lords off information so you can see the records that are coming to your application. What is the response times on all those stuff? So just to show you one example, go to swagger you A and trigger this on. Come back to his art studio, click on search. Then you can see the count is increased and the latest the question response has been recorded here, and you can see response time. One millisecond on you can search by using different fields here. I'm so on. So this is a very, very useful information. If you want to understand exceptions, dependencies, any customer events that you have added in your applications how you are each function is performing how much time it is taking on all those stuff. Okay, so that's it for this lab in this lab. I have shown you how to enable application insights on an a p. M on how to use application map smart detection like metrics Explorer in order to monitor your AP application. And finally I have shown you how you can use application insides to monitor a local instance off your application when you are developing a change, are casting a change. Okay, I hope you find this lab useful.