Azure Monitor Logs and Kusto Query Language (KQL)


The Azure platform consists of a variety of resources that generate large volumes of activity and diagnostic log data.  The source of this data can be subscription level events such as deallocating a virtual machine, deleting a resource group or creating a load balancer – essentially any create, update or delete operation on a resource.  It can also include resource level activities such as a VM Windows event logs, VM performance data, web app response times – logs related to resource utilitization.

