Database watcher FAQ (preview)

Applies to: Azure SQL Database Azure SQL Managed Instance

This article provides answers to frequently asked questions about database watcher for Azure SQL. It is intended for readers who have a general understanding of Azure SQL, and are looking for answers to specific, commonly asked questions about database watcher.

For an overview of database watcher, see Monitor Azure SQL workloads with database watcher (preview).

General

What is database watcher?

Database watcher (preview) is a managed monitoring solution for database services in the Azure SQL family. It collects in-depth monitoring data from Azure SQL resources and ingests it into an Azure Data Explorer database, or into a Real-Time Analytics database in Microsoft Fabric. Estate and resource-level dashboards provide detailed data visualizations in the Azure portal. Customers retain full control over collected data and can query, analyze, export, visualize, and integrate it with downstream systems.

What Azure SQL resources can it monitor?

At this time, database watcher can monitor Azure SQL databases, elastic pools, and SQL managed instances. All service tiers, compute tiers, and purchasing models of Azure SQL Database and Azure SQL Managed Instance are supported.

Does database watcher support other SQL offerings in Azure or on-premises, or other database services?

Not at this time. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement. For more information about performance monitoring for Arc-enabled SQL Server, see Monitor SQL Server enabled by Azure Arc (preview).

What kind of data visualization solutions can I use with database watcher?

Database watcher provides detailed visualizations using Azure Workbooks in the Azure portal. In addition, you can create dashboards in Azure Data Explorer or Real-Time Analytics, create visualizations in Power BI, Grafana, or use any other data visualization solution that supports connectivity to Azure Data Explorer or Real-Time Analytics.

Does database watcher support alerts?

Not at this time. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement.

How much does it cost?

See Database watcher price. There is no per-database or per-user cost, and no license cost.

Are there any limits?

Yes, at this time there is a limit on the number of watchers per subscription, and on the number of SQL targets per watcher. For more information, see Limits.

Can I monitor a large Azure SQL estate?

Yes. For more information, see Monitor large estates.

Does it support cross-subscription and cross-tenant monitoring?

The watcher and the SQL targets it monitors can be in different subscriptions within the same Microsoft Entra ID tenant. Similarly, if the watcher is using a database on an Azure Data Explorer cluster as its data store, the cluster must be in any subscription within the same tenant as the watcher. If you want to monitor SQL targets in multiple tenants using a single data store, create a watcher in each tenant, and use a database in either Real-Time Analytics or on a free Azure Data Explorer cluster as the data store for all watchers. For more information, see Monitor large estates.

Watcher

Can I create and configure a watcher using Bicep or an ARM template?

Yes. See Create a database watcher for an example you can customize to your needs.

Can I create and configure a watcher with PowerShell or Azure CLI?

Not at this time. You can create and configure watchers in the Azure portal, using Bicep and ARM templates, or using REST API. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement.

Does a watcher have an identity I can use to grant it access to my Azure resources?

Yes. A system-assigned managed identity is automatically assigned to a watcher when it is created, and is deleted when a watcher is deleted. Grant access to this managed identity to allow a watcher to collect and ingest data. Revoke access at any time to stop collection of monitoring data.

Can a watcher have a user-assigned managed identity?

Not at this time. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement.

Are there any built-in RBAC roles or actions specific to database watcher?

Not at this time. Viewing the watcher resource requires the assignment of the Reader RBAC role. Operations such as creating, starting, stopping a watcher, or creating/removing targets and the data store require the assignment of Contributor or Owner Azure RBAC roles. Role assignments can be made at the watcher, resource group, subscription, or management group level.

What permissions are required to access database watcher dashboards?

To access dashboards, users require the assignment of the RBAC Reader role on the watcher resource or on a higher scope such as resource group, subscription, or management group. They also require the assignment of the Viewer RBAC role on the Azure Data Explorer or Real-Time Analytics database. These assignments can be made directly or via Microsoft Entra ID group membership.

Data store

Which data services are supported as the data store for the SQL monitoring data?

You can use a database on an Azure Data Explorer cluster, on a free Azure Data Explorer cluster, or in Real-Time Analytics in Microsoft Fabric. To compare between these options, see What is the difference between Real-Time Analytics and Azure Data Explorer?

I already have an Azure Data Explorer cluster. Can I use it for my database watcher data store?

Yes, if streaming ingestion is enabled on this cluster. Create a new database and grant the managed identity of a watcher access to this database. For smaller cluster SKUs, and depending on the query and ingestion workloads already running, you might need to scale the cluster to support the additional load.

How can I query and analyze SQL monitoring data?

You can use Kusto Query Language (KQL) to query this data. See Use KQL to analyze monitoring data. KQL provides many advantages for analyzing telemetry data. However, you do not need to learn KQL to use database watcher. You can connect to the data store using SQL Server Management Studio, Azure Data Studio, or any other SQL client tool, and use T-SQL to query your SQL monitoring data.

Can I query SQL monitoring data in Azure Data Explorer from a Log Analytics workspace?

Yes. You can execute a KQL query in a Log Analytics workspace that references tables in Azure Data Explorer. For more information, see Correlate data in Azure Data Explorer with data in a Log Analytics workspace.

Can I export SQL monitoring data from Azure Data Explorer?

Yes. For example, you can export data to Azure storage, a data lake, or a SQL Server or an Azure SQL database.

Data collection

How does database watcher collect SQL monitoring data?

A remote data collection agent running on a Microsoft managed compute hosting platform connects to your Azure SQL resources, periodically executes T-SQL queries to collect monitoring data from SQL system views, and ingests this data into the data store.

Will database watcher impact my workload performance?

This is unlikely. For details, see Data collection.

How often do the monitoring queries run?

It depends on the dataset. For example, frequently changing data such as performance counters might be collected every 10 seconds. Mostly static data such as database properties is collected at longer intervals, for example every five minutes.

What is the typical data latency?

The typical data latency from collection to ingestion into the data store is in the 0.5-10 second range. Latency might be higher for large datasets such as Query runtime statistics. You can see current data ingestion latency using the Ingestion statistics link on dashboards.

Does it monitor secondary replicas?

Yes. All types of secondary replicas, including readable high availability replicas, geo-replicas, and Hyperscale named replicas are supported. If a Hyperscale database has more than one high availability replica, only one of these replicas can be monitored at a given point in time.

How does it connect to monitoring targets?

Database watcher can use Azure Private Link to connect to monitoring targets. When configuring a watcher, create managed private endpoints for your Azure SQL resources. The resource owner must approve each private endpoint for database watcher to use it. Public connectivity is supported as well. For more information, see Network connectivity.

How does it authenticate to monitoring targets?

Both Microsoft Entra authentication (recommended) and SQL authentication are supported. If you use SQL authentication, additional configuration to store the login name and password as secrets in a key vault is required.

What kind of SQL monitoring data does it collect?

Data is collected from more than 70 dynamic management views (DMVs) and catalog views into datasets to enable detailed database engine and query performance monitoring.

Can I choose the datasets to be collected, and the frequency of collection?

Not at this time. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement.

Can I add a custom dataset?

Not at this time. Send us feedback if you find the existing datasets insufficient.

Can database watcher collect extended events?

Not at this time. For planned improvements to database watcher, see the roadmap section in the database watcher preview announcement.

Feedback

I have a comment or suggestion. Where do I send my feedback?

See Send feedback. For database watcher technical support, open a support case.