Monitor containers with Azure Monitor logs

This article covers the steps required to set up the Azure Monitor logs container monitoring solution to view container events. To set up your cluster to collect container events, see this step-by-step tutorial.

Note

As part of the ongoing transition from Microsoft Operations Management Suite (OMS) to Azure Monitor, the OMS Agent for Windows or Linux will be referred to as the Log Analytics agent for Windows and Log Analytics agent for Linux.

Note

This article was recently updated to use the term Azure Monitor logs instead of Log Analytics. Log data is still stored in a Log Analytics workspace and is still collected and analyzed by the same Log Analytics service. We are updating the terminology to better reflect the role of logs in Azure Monitor. See Azure Monitor terminology changes for details.

Set up the container monitoring solution

Note

You need to have Azure Monitor logs set up for your cluster as well as have the Log Analytics agent deployed on your nodes. If you don't, follow the steps in Set up Azure Monitor logs and Add the Log Analytics agent to a cluster first.

  1. Once your cluster is set up with Azure Monitor logs and the Log Analytics agent, deploy your containers. Wait for your containers to be deployed before moving to the next step.

  2. In Azure Marketplace, search for Container Monitoring Solution and click on the Container Monitoring Solution resource that shows up under the Monitoring + Management category.

    Adding Containers solution

  3. Create the solution inside the same workspace that has already been created for the cluster. This change automatically triggers the agent to start gathering docker data on the containers. In about 15 minutes or so, you should see the solution light up with incoming logs and stats, as shown in the image below.

    Basic Log Analytics Dashboard

The agent enables the collection of several container-specific logs that can be queried in Azure Monitor logs, or used to visualize performance indicators. The log types that are collected are:

  • ContainerInventory: shows information about container location, name, and images
  • ContainerImageInventory: information about deployed images, including IDs or sizes
  • ContainerLog: specific error logs, docker logs (stdout, etc.), and other entries
  • ContainerServiceLog: docker daemon commands that have been run
  • Perf: performance counters including container cpu, memory, network traffic, disk i/o, and custom metrics from the host machines

Next steps