Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Monitor can collect data directly from your hybrid machines into a Log Analytics workspace for detailed analysis and correlation. You can enable VM insights to collect data from your non-Azure virtual machines (VM). While there are different options for deploying the Azure Monitor Agent to your Arc-enabled servers, this tutorial shows how to do so by using the Azure portal to enable VM insights on a connected machine.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Use our quickstart to connect a hybrid machine to Azure Arc. This tutorial assumes that you already connected a machine to Azure Arc.
Verify that your hybrid machine uses an operating system supported by the Azure Monitor Agent.
Have permissions to create data collection rules (DCRs) and associate them with machines. See Data collection rule permissions.
Configure your network security group (NSG) or firewall to allow outbound TCP port 443 (HTTPS) traffic to the
AzureMonitorandAzureResourceManagerservice tag endpoints. These service tags are for your NSG and not Azure resource tags.For full requirements, see Azure Monitor Agent network configuration. You can run one of the following commands to configure traffic for your firewall. Replace
<resource-group>and<nsg-name>with your own values:$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName "<resource-group>" -Name "<nsg-name>" # Add AzureMonitor outbound rule $nsg | Add-AzNetworkSecurityRuleConfig ` -Name "AllowAzureMonitorOutbound" ` -Priority 150 ` -Direction Outbound ` -Access Allow ` -Protocol Tcp ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix AzureMonitor ` -DestinationPortRange 443 # Add AzureResourceManager outbound rule $nsg | Add-AzNetworkSecurityRuleConfig ` -Name "AllowAzureResourceManagerOutbound" ` -Priority 151 ` -Direction Outbound ` -Access Allow ` -Protocol Tcp ` -SourceAddressPrefix * ` -SourcePortRange * ` -DestinationAddressPrefix AzureResourceManager ` -DestinationPortRange 443 $nsg | Set-AzNetworkSecurityGroup
Enable VM insights
Sign in to the Azure portal. In the search bar, search for and select Azure Arc.
Under Infrastructure, select Machines, then select the connected machine you created in the quickstart article.
In the service menu, under Monitoring, select Insights. The portal opens the Monitor page for your machine. If enhanced monitoring wasn't enabled, several performance charts show no data and a message appears offering to enable it. Select Configure to open the Configure monitor page.
On the Configure monitor page, leave [Preview] OpenTelemetry metrics selected. A default Log Analytics workspace is automatically selected. If one doesn't already exist, one is created in the same region as your connected machine. To use an existing workspace instead, select Customize infrastructure monitoring and select the workspace.
Select Review + Enable, and then select Enable.
Status messages display while the configuration is performed and the Azure Monitor Agent extension is installed on your connected machine. This process takes a few minutes.
When the process is complete, a message displays that the machine is onboarded and that Insights is successfully deployed.
View data collected
After the Azure Monitor Agent is installed, it takes a few minutes for enough data to be collected to populate the portal.
In the service menu, under Monitoring, select Insights to return to the Monitor page.
If you enabled both the metrics-based and logs-based experiences, a selector appears at the top of the page. Select each experience to compare the available charts and insights:
Metrics based visualizations (Preview) - Shows performance indicators focused on CPU, memory, disk, and network utilization. Also incorporates status from Service Health and Resource Health.
Log based visualizations (Classic) - Uses summarized performance data collected in your Log Analytics workspace. Select the Performance tab to view counters for your machine. Scroll down to view more counters, or hover over a chart and view averages, and percentiles from the time the Azure Monitor Agent was installed.
Select the Map tab. The maps feature shows the processes running on the machine and their dependencies. The log-based classic view includes an extra tab. Select Expand property panel to open the property pane.
Note
Even though the Map tab is visible in both experiences, see VM Insights Map and Dependency Agent retirement guidance to learn more.
To view log data, in the service menu, under Monitoring, select Logs. A list of tables stored in the Log Analytics workspace for the machine appears. The tables available differ between Windows and Linux machines. By default, VM insights populate the Heartbeat and InsightsMetrics tables.
(Optional) If you're using a Windows machine and configured Windows event log collection, select the Event table. Log Analytics opens with a simple query to retrieve collected event log entries. If this table isn't present, event log collection isn't configured. To add it, see Collect Windows event logs with Azure Monitor Agent.
Next steps
To learn more about Azure Monitor, see the following article: