5.4.2. Azure Monitor and Data Collection Rules

💡 First Principle: Azure Monitor collects and analyzes data from Azure resources. Data Collection Rules (DCRs) define what data to collect and where to send it.

Scenario: You need to monitor network security events and send them to a Log Analytics workspace for analysis.

Data Collection Rules

• Purpose: Define data sources and destinations
• Sources: Performance counters, Windows events, Syslog
• Destinations: Log Analytics workspace, Azure Storage, Event Hub

Configuring Alert Rules

• Resource scope: Individual resources or resource groups
• Condition: Metric or log query threshold
• Split by dimension: Create separate alerts per dimension value

Key Decision: To alert when any VM in a resource group exceeds 80% CPU, create one alert rule and split by dimension on the resource group name. Don't create individual rules per VM.