azure-observability
npx machina-cli add skill microsoft/GitHub-Copilot-for-Azure/azure-observability --openclawFiles (1)
SKILL.md
4.1 KB
Azure Observability Services
Services
| Service | Use When | MCP Tools | CLI |
|---|---|---|---|
| Azure Monitor | Metrics, alerts, dashboards | azure__monitor | az monitor |
| Application Insights | APM, distributed tracing | azure__applicationinsights | az monitor app-insights |
| Log Analytics | Log queries, KQL | azure__kusto | az monitor log-analytics |
| Alerts | Notifications, actions | - | az monitor alert |
| Workbooks | Interactive reports | azure__workbooks | - |
MCP Server (Preferred)
When Azure MCP is enabled:
Monitor
azure__monitorwith commandmonitor_metrics_query- Query metricsazure__monitorwith commandmonitor_logs_query- Query logs with KQL
Application Insights
azure__applicationinsightswith commandapplicationinsights_component_list- List App Insights resources
Log Analytics
azure__kustowith commandkusto_cluster_list- List clustersazure__kustowith commandkusto_query- Execute KQL queries
If Azure MCP is not enabled: Run /azure:setup or enable via /mcp.
CLI Reference
# List Log Analytics workspaces
az monitor log-analytics workspace list --output table
# Query logs with KQL
az monitor log-analytics query \
--workspace WORKSPACE_ID \
--analytics-query "AzureActivity | take 10"
# List Application Insights
az monitor app-insights component list --output table
# List alerts
az monitor alert list --output table
# Query metrics
az monitor metrics list \
--resource RESOURCE_ID \
--metric "Percentage CPU"
Common KQL Queries
// Recent errors
AppExceptions
| where TimeGenerated > ago(1h)
| project TimeGenerated, Message, StackTrace
| order by TimeGenerated desc
// Request performance
AppRequests
| where TimeGenerated > ago(1h)
| summarize avg(DurationMs), count() by Name
| order by avg_DurationMs desc
// Resource usage
AzureMetrics
| where TimeGenerated > ago(1h)
| where MetricName == "Percentage CPU"
| summarize avg(Average) by Resource
Monitoring Strategy
| What to Monitor | Service | Metric/Log |
|---|---|---|
| Application errors | App Insights | Exceptions, failed requests |
| Performance | App Insights | Response time, dependencies |
| Infrastructure | Azure Monitor | CPU, memory, disk |
| Security | Log Analytics | Sign-ins, audit logs |
| Costs | Cost Management | Budget alerts |
SDK Quick References
For programmatic access to monitoring services, see the condensed SDK guides:
- OpenTelemetry: Python | TypeScript | Python Exporter
- Monitor Query: Python | Java
- Log Ingestion: Python | Java
- App Insights Mgmt: .NET
Service Details
For deep documentation on specific services:
- Application Insights setup ->
appinsights-instrumentationskill - KQL query patterns -> Log Analytics KQL documentation
- Alert configuration -> Azure Monitor alerts documentation
Source
git clone https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/azure-observability/SKILL.mdView on GitHub Overview
Azure Observability unifies Azure Monitor, Application Insights, Log Analytics, Alerts, and Workbooks to deliver metrics, APM data, distributed tracing, KQL queries, and interactive reports. It enables centralized dashboards and proactive incident response across Azure resources. Note: Do not use for app instrumentation (use appinsights-instrumentation), direct Kusto/ADX queries (use azure-kusto), or cost analysis (use azure-cost-optimization).
How This Skill Works
When MCP is enabled, you access monitoring capabilities via MCP tools and the Azure CLI. The skill exposes commands for metrics queries (monitor_metrics_query) and log/KQL queries (monitor_logs_query), as well as lists and interactions with Application Insights and Log Analytics (e.g., kusto_cluster_list, kusto_query). Typical CLI usage includes az monitor log-analytics query, az monitor app-insights component list, and az monitor metrics list. Common KQL patterns (AppExceptions, AppRequests, AzureMetrics) power deep dive investigations within Log Analytics.
When to Use It
- You need a unified view of metrics, logs, alerts, and dashboards across Azure Monitor, Application Insights, Log Analytics, and Workbooks.
- You are troubleshooting application performance with APM data, distributed tracing, and KQL-enabled logs.
- You want to run KQL queries against Log Analytics to analyze events, exceptions, requests, and resource usage.
- You need to configure, test, or view alerts and proactive monitoring across resources.
- You are building interactive reports or dashboards (Workbooks) for stakeholders and operators.
Quick Start
- Step 1: Ensure Azure MCP is enabled (run /azure:setup or enable via /mcp).
- Step 2: Query data using MCP-friendly commands, e.g., monitor_metrics_query for metrics or az monitor log-analytics query for KQL results.
- Step 3: Create Workbooks and alerts to visualize data and respond to incidents, then verify results in the Azure Portal.
Best Practices
- Centralize observability by using Monitor, App Insights, Log Analytics, Alerts, and Workbooks together instead of separate silos.
- When MCP is available, prefer monitor_metrics_query and monitor_logs_query for live MCP-backed data access.
- Use KQL queries in Log Analytics (e.g., AppExceptions, AppRequests, AzureMetrics) with time-bounded windows to keep results relevant and cost-conscious.
- Leverage Workbooks to combine metrics and query results into interactive, shareable dashboards.
- Follow the DO NOT USE FOR guidelines: instrument apps with appinsights-instrumentation, avoid direct Kusto/ADX queries in this skill, and reserve for observability—not cost analysis.
Example Use Cases
- Create a unified dashboard showing CPU, memory, and request latency across a multi-tier app using Azure Monitor, App Insights, and Workbooks.
- Diagnose outages by querying recent errors (AppExceptions) and request performance (AppRequests) with KQL patterns in Log Analytics.
- List all Application Insights components and monitor their usage with az monitor app-insights component list for asset inventory.
- Set up CPU/spike alerts in Azure Monitor and link them to incident management workflows for proactive remediation.
- Build an interactive workbook that combines metrics (AzureMetrics), log searches (KQL), and alert status into a single view for operators.
Frequently Asked Questions
Add this skill to your agents
