Share via

Azure Arc Server Alerts - Data Difference in Insights Performance vs Logs

Terrell Woodard 0 Reputation points
2023-07-18T18:10:51.89+00:00

Hello everyone,

Problem:

I am trying to setup an alert that fires when an Azure Arc server is below 10% total free space percentage based off all drives. The problem is, the data showed in the Monitoring>Insights>Performance section of the server doesn't match up with the Data pulled in Monitoring>Logs from a KQL query.

Insights:
User's image

Query:

InsightsMetrics
| where Origin == "vm.azm.ms"
| where Namespace == "LogicalDisk" and Name == "FreeSpacePercentage"
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Computer, _ResourceId

User's image

Questions:
Why doesn't this data match up despite having the same time range?
What is the best way to set up alerting for azure arc severs. I have been doing it through Alerts

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,037 questions
Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
382 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AnuragSingh-MSFT 21,246 Reputation points
    2023-07-19T07:40:57.1533333+00:00

    @Terrell Woodard , Thank you for the question.

    I see that you are trying to query Log Analytics workspace to get the result similar to "Logical Disk Performce" section in VM Insights --> Performance.

    Note that the values obtained in table (1) posted above, are also obtained from the LA workspace where the insights are storing the telemetry data. However, there are some issues with the queries being used:

    1. Origin does not equal "VM", hence you should be filtering based on the Computer column.
    2. Summarize by _ResourceId creates aggregates based on VM as the _ResourceId field points to the VM source. However, the table shows values aggregated by disks for the selected VM.
    3. You are querying "FreeSpacePercentage", however the table shows used %, hence you will have to subtract from 100.

    Here is a sample query which you can use to get a similar result. Note that this query is based on information available about performance record - VM Insights Performance Records

    InsightsMetrics
| where Computer == 'MM-Windows-UM'
| where Namespace == 'LogicalDisk' and Name == 'FreeSpacePercentage'
| summarize AggregatedValue = avg(Val) by bin(TimeGenerated, 15m), Tags //Tags store information about the logical disk, see "VM Insights Performance Records link above.
| project Disk=split(Tags,'"')[-2], UsedPct= 100-AggregatedValue

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.