Azure Resource logs overview

Azure Resource logs are platform logs emitted by Azure resources that describe their internal operation. All resource logs share a common top-level schema with the flexibility for each service to emit unique properties for their own events.

Note

Resource logs were previously known as diagnostic logs.

Collecting resource logs

Resource logs are automatically generated by supported Azure resources, but they aren't collected unless you configure them using a diagnostic setting. Create a diagnostic setting for each Azure resource to forward the logs to the following destinations:

Destination Scenario
Log Analytics workspace Analyze the logs with other monitoring data and leverage Azure Monitor features such as log queries and log alerts.
Azure storage Archive the logs for auditing or backup.
Event hub Stream the logs to third-party logging and telemetry systems.

Compute resources

Resource logs differ from guest OS-level logs in Azure compute resources. Compute resources require an agent to collect logs and metrics from their guest OS, including such data as event logs, syslog, and performance counters. Use the Diagnostic Extension to route log data from Azure virtual machines and the Log Analytics agent to collect logs and metrics from virtual machines in Azure, in other clouds, and on-premises into a Log Analytics workspace. See Sources of monitoring data for Azure Monitor for details.

Resource logs schema

For more information on the resource logs schema and categories, see Resource Log Schema.

Next Steps