Azure Operational Insights Basics

Azure Operational Insights

About roughly a year ago I wrote a blogpost covering the options available for monitor Azure assets using the Azure portal. As mentioned before, the options are somewhat limited when it comes to monitoring larger environments.

Fortunately, there are some tools available in case If you want to take monitoring to the next level and one of them is Azure Operational Insights, which I will cover within this post.

Azure Operational Insights – Why?

Your IT environment produces a lot of data every single hour and it becomes very cumbersome and time consuming if you would have to analyze the logs and get some meaning out of them for every single resource.

Operational Insights claims to provide powerful analytics and reporting capabilities (Real-time) that enable ad-hoc root cause analysis and automated troubleshooting across multiple data sources. This without the need for adding additional instrumentation within your applications or needing a deep knowledge of Azure assets. For data analysis, operational Insights depends on machine data like Windows events, the security log and IIS logs.

What’s important to know is that Operations Insight is part of OMS (Microsoft Operations Management Suite which contains many interesting components’ such as Capacity planning, System Update status, Change Tracking, security assessment and more however I’m focusing on the Operations Insight part only.

Getting started


My goal here is to see how easy it is to get started with Operational Insights. In addition, I’m interested to see if OI suits my monitoring needs.

Unfortunately, during this evaluation process I’ve discovered that OI didn’t turned out be the product I was looking for but want to share the steps anyways. OI heavenly focuses on monitoring MV’s and Azure PAAS solutions aren’t considered fist-class citizens. More on this later.

The start:

The steps for getting started are as follows:

  • Visit and click in Get Started (This will require to login using a Microsoft or Organizational account)

    Azure Operational Insights Get Started

  • At this point it’s required to create a workspace. Workspaces are used to segregate data based on your grouping requirements (customer, department, resource type, service etc.). Recourses can be included within multiple workspaces
    Azure Operational Insights workspace
  • In step 3 it’s required to link an azure subscription. I’ve used my Azure account for logging in and therefore the page is already aware of my Azure subscriptions. Selecting my subscription and pressing the LINK button completes the process and opens your newly created workspace.
    Azure Operational Insights link azure

The new workspace will be almost empty by default and contains shortcuts to the following items:

  • Log search – A Solution which has been enabled by default.
  • My Dashboard – A place where you can build a dashboard
  • Solutions Gallery – Here it’s possible to enable different solutions
  • Latest news
  • Get started Wizard

As mentioned above, the Log Search Solution is enabled by default and the only solution I’m using for this blog post. Unfortunately, it’s not possible to remove the News and Getting started wizard.

Note: Note: Solutions, previously known as Intelligence Packs, are a collection of logic, visualization and data acquisition rules that together help solving common challenges. Some examples are: App deployment monitor, SQL Assessment, Malware assessment and change tracking.

Note:Adding new workspaces is possible via the legacy Azure Management portal. Just select Operational Insights, Click Create a workspace, Quick Create and fill in all the details.

Configuring your workspace within Azure

After linking your azure subscription, the Azure portal should contain a new Workspace item which can be found under Operational Insights workspaces as displayed within the image below.

Azure Operational Insights Azure Portal

Currently it’s only possible to configure workspaces within the old Azure portal or the OI website. Clicking on a workspace will therefore open up a new window pointing to the legacy Azure portal. Once the legacy portal has opened, it’s possible to get some insight on usage (dashboard), configure storage for azure log collection (which I will cover later), and a listing of all servers with Operational Insights enabled or not, and the option change the subscription.

Azure Operational Insights Old Azure Portal

Note:Only Classic virtual machines will be listed within the overview.

Connecting Sources

At this point it’s time to start adding resources to OMS. There are three main types of resources that can be linked.

  • A windows or Linux Virtual Machine (installing/enabling an agent)
  • Use System Center Operations Manager to attach your management group
  • Use an Azure storage account configured with the Windows or Linux Azure diagnostic VM extension.

For my scenario only the first and third option are of interest given that I’m not managing hybrid environments or an environment with lots of servers. Now there are many ways to install the agent on your Azure VM. I’ve decided to enable OI via the legacy portal given that I’m only validating the service, but the recommended way would be to enable the extensions using PowerShell. Details can be found here: Connect Microsoft Azure to OMS

If you would like to monitor azure PASS services, it’s required to point to the storage location. At least this is what’s mentioned within several blogs however not covered. And After some research I understand why. There are several postings on the web complaining about the limitations and therefore halted the investigation. I’ve included links below but also wanted to includes a quote as well to get a quick grasp of the current status.

The comments on this one explain everything.


Operations insight claims to be a great platform for managing a large set of VMs and want to automate the process of analyzing logs and implementing intelligent alerting / monitoring. I’ve haven’t covered the reporting capabilities which are very rich (based on demo’s I’ve seen) and real-time due to the fact that I wasn’t really looking for solution to monitor VMs. Therefore, I will continue my journey, looking for a product offering which focuses on Azure PAAS monitoring. To be continued.

Post Navigation