Note: To complete this lab, you will need an Azure subscription. in which you have administrative access.

Data Collection Rules (DCRs) specify the data to be collected, while the Azure Monitor Agent applies these rules to gather logs and metrics from virtual machines in Azure, other clouds, or on-premises. Together, they enable consistent and centralized monitoring across different environments.

Skilling tasks

  • Create and define a Data Collection Rule.

  • Select target resources for data collection.

  • Install the Azure Monitor Agent.

  • Configure data sources and destinations.

  • Select data source types and data to collect.

  • Choose a data delivery destination.

Exercise instructions

Create and define a Data Collection Rule, and install the Azure Monitor Agent.

Note: Create the data collection rule in the same region as your Log Analytics or Azure Monitor workspace. You can associate it with machines or containers from any subscription or resource group within the tenant. The Azure Monitor Agent will be automatically installed on Azure virtual resources.

  1. Start a browser session and sign-in to the Azure portal menu.

  2. In the search box at the top of the portal, enter data collection rules. Select Data collection rules in the search results.

  3. On the Data collection rules page, select + Create.

    image

  4. On the Basics page of the Create Data Collection Rule blade, specify the following settings (leave the others at their default values):

    Setting Value
    Rule details  
    Rule Name dcr-1
    Subscription Select your subscription.
    Resource group az-rg-1
    Region East US
    Platform Type Windows
    Data Collection Endpoint Leave the default setting as none

    image

  5. Click the button at the bottom of the Basics page labeled Next: Resources > to proceed.

  6. On the Resources page, select + Add resources.

    image

  7. In the Select a scope template, check the Subscription box in the Scope.

    image

  8. At the bottom of the Select a scope template, click Apply.

  9. At the bottom of the Resources page, select Next: Collect and deliver >.

    image

  10. On the Collect and deliver page, click + Add data source.

    image

  11. On the Add data source template, under Data source type, select the following settings:

    Setting Value
    Add data source  
    Select which data source type and the data to collect for your resource(s).  
    Data source type* Windows Event Logs
    Choose Basic to to enable collection of event logs.  
    Configure the event logs and levels to collect:  
    Application Critical, Error, Warning
    Security Audit success, Audit failure
    System Critical, Error, Warning

    image

  12. At the bottom of the Add data source template, select Next: Destination >.

  13. In the Add data source template, under the Destination tab, select the following settings.

    Setting Value
    Add data source  
    Destination + Add destination
    Destination type Azure Monitor Logs
    Subscription Select your Subscription.
    Destination Details azwrkspc1a (az-rg-1)

    image

  14. At the bottom of the Add data source template, select Add data source.

  15. At the bottom of the Collect and deliver page, select Review + create.

    image

  16. At the bottom of the Review + create page, select Create.

    image

Results: You have created a data collection rule and installed the Azure Monitor Agent.