Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Your agent can already query Log Analytics and Application Insights through built-in Azure observability without any setup. These connectors are an optional optimization: add one when your team queries the same workspaces frequently and you want lower latency and reduced token consumption.
Built-in observability vs. connectors
Without a connector, the agent uses az cli, Resource Graph, and raw KQL to discover and query any Azure Monitor resource on the fly. This approach works well for ad-hoc investigations, but it costs more tokens because the agent must locate the workspace and construct query parameters each time.
A connector gives the agent preconfigured access parameters (workspace ID, resource group, and subscription) so it can skip the discovery step and query directly. Authentication is handled automatically through the connector mapping, and RBAC roles are assigned when you save.
| Built-in (no connector) | With connector | |
|---|---|---|
| Discovery | Agent finds workspaces via Resource Graph | Agent targets a preconfigured workspace |
| Token usage | Higher because the agent constructs parameters on its own | Lower because parameters are preset |
| Latency | Higher due to discovery before each query | Lower with immediate query execution |
| Auth | Managed identity; permissions resolved at query time | Preconfigured at setup time |
| RBAC | Managed manually per resource | Autoassigned on save |
How it works
- Add a connector: Select Log Analytics or Application Insights from the connector picker.
- Select a resource: Choose a workspace or resource from the autodiscovered list.
- Save: The agent automatically assigns the required RBAC roles to its managed identity.
- Query: Ask your agent about your logs in natural language.
Capabilities
After you configure a connector, the agent can:
- List available tables in connected workspaces.
- Run KQL queries against connected workspaces or Application Insights resources.
- Correlate log data with other data sources during investigations.
- Display query results as tables in chat.
Example
During an incident investigation, your agent detects elevated error rates. By using a connected Log Analytics workspace, you ask:
Show me failed sign-in events from the last 24 hours grouped by user principal name
The agent queries your SigninLogs table through KQL, identifies a pattern of failed MFA attempts from a single IP range, and surfaces the finding in its investigation timeline, all without you leaving the chat.
Related content
- Set up a Log Analytics connector
- Kusto tools for deterministic, parameterized KQL queries against ADX clusters
- Diagnose with Azure observability for built-in monitoring queries
- Scheduled tasks to automate recurring log queries