Note: To complete this lab, you will need an Azure subscription. in which you have administrative access.
Data Collection Rules (DCRs) specify the data to be collected, while the Azure Monitor Agent applies these rules to gather logs and metrics from virtual machines in Azure, other clouds, or on-premises. Together, they enable consistent and centralized monitoring across different environments.
Skilling tasks
-
Create and define a Data Collection Rule.
-
Select target resources for data collection.
-
Install the Azure Monitor Agent.
-
Configure data sources and destinations.
-
Select data source types and data to collect.
-
Choose a data delivery destination.
Exercise instructions
Create and define a Data Collection Rule, and install the Azure Monitor Agent.
Note: Create the data collection rule in the same region as your Log Analytics or Azure Monitor workspace. You can associate it with machines or containers from any subscription or resource group within the tenant. The Azure Monitor Agent will be automatically installed on Azure virtual resources.
-
Start a browser session and sign-in to the Azure portal menu.
-
In the search box at the top of the portal, enter data collection rules. Select Data collection rules in the search results.
-
On the Data collection rules page, select + Create.
-
On the Basics page of the Create Data Collection Rule blade, specify the following settings (leave the others at their default values):
Setting Value Rule details Rule Name dcr-1 Subscription Select your subscription. Resource group az-rg-1 Region East US Platform Type Windows Data Collection Endpoint Leave the default setting as none -
Click the button at the bottom of the Basics page labeled Next: Resources > to proceed.
-
On the Resources page, select + Add resources.
-
In the Select a scope template, check the Subscription box in the Scope.
-
At the bottom of the Select a scope template, click Apply.
-
At the bottom of the Resources page, select Next: Collect and deliver >.
-
On the Collect and deliver page, click + Add data source.
-
On the Add data source template, under Data source type, select the following settings:
Setting Value Add data source Select which data source type and the data to collect for your resource(s). Data source type* Windows Event Logs Choose Basic to to enable collection of event logs. Configure the event logs and levels to collect: Application Critical, Error, Warning Security Audit success, Audit failure System Critical, Error, Warning -
At the bottom of the Add data source template, select Next: Destination >.
-
In the Add data source template, under the Destination tab, select the following settings.
Setting Value Add data source Destination + Add destination Destination type Azure Monitor Logs Subscription Select your Subscription. Destination Details azwrkspc1a (az-rg-1) -
At the bottom of the Add data source template, select Add data source.
-
At the bottom of the Collect and deliver page, select Review + create.
-
At the bottom of the Review + create page, select Create.
Results: You have created a data collection rule and installed the Azure Monitor Agent.