您现在访问的是微软AZURE全睃版技术文档网站,若需覝访问由世纪互蝔违蝥的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure Monitor 日志概述Azure Monitor Logs overview

Azure Monitor 日志是 Azure Monitor 的一项功能,它收集和组织来自各种源的日志数据,并使其可用于使用复杂的查询语言进行分析。Azure Monitor Logs is a feature of Azure Monitor that collects and organizes log data from a variety of sources and makes it available for analysis using a sophisticated query language. 不同源中的数据可以整合到单个工作区中,并进行分析以执行此类任务和趋势分析、警报和可视化。Data from different sources can be consolidated into a single workspace and analyzed together to perform such tasks and trending analysis, alerting, and visualization.

与 Azure Monitor 度量值的关系Relationship to Azure Monitor Metrics

Azure Monitor 度量值将数值数据存储在时间系列数据库中,这使得此数据比 Azure Monitor 日志更轻型,并支持近实时方案,使其特别适用于警报和快速检测问题。Azure Monitor Metrics stores numeric data in a time-series database, which makes this data more lightweight than Azure Monitor Logs and capable of supporting near real-time scenarios making them particularly useful for alerting and fast detection of issues. 不过,指标只能将数值数据存储在特定的结构中,而日志可以存储各种不同的数据类型,每个数据类型都有自己的结构。Metrics though can only store numeric data in a particular structure, while Logs can store a variety of different data types each with their own structure. 你还可以使用不能用于分析指标数据的日志查询对日志数据执行复杂的分析。You can also perform complex analysis on Logs data using log queries which cannot be used for analysis of Metrics data.

除了指标之外,数值数据通常从数据源发送到日志。Numeric data is often sent from data sources to Logs in addition to Metrics. 虽然在日志中收集和保留此数据还有额外的费用,但它允许您在日志查询中包含指标数据,并使用其他监视数据对其进行分析。While there is an additional charge for collecting and retaining this data in Logs, it allows you to include metric data in log queries and analyze it with your other monitoring data.

与 Azure 数据资源管理器的关系Relationship to Azure Data Explorer

Azure Monitor 日志基于 Azure 数据资源管理器。Azure Monitor Logs is based on Azure Data Explorer. Log Analytics 工作区大致等同于 Azure 数据资源管理器中的数据库,表的结构相同,并使用相同的 Kusto 查询语言 (KQL) 。A Log Analytics workspace is roughly the equivalent of a database in Azure Data Explorer, tables are structured the same, and both use the same Kusto Query Language (KQL). 使用 Log Analytics 在 Azure 门户中处理 Azure Monitor 查询的体验与使用 Azure 数据资源管理器 Web UI 的经验类似。The experience of using Log Analytics to work with Azure Monitor queries in the Azure portal is similar to the experience using the Azure Data Explorer Web UI. 甚至可以 在 Azure 数据资源管理器查询中包含 Log Analytics 工作区中的数据You can even include data from a Log Analytics workspace in an Azure Data Explorer query.

数据的结构Structure of data

Azure Monitor 日志收集的数据存储在包含多个表的 Log Analytics 工作区 中,每个表存储特定源的数据。Data collected by Azure Monitor Logs is stored in a Log Analytics workspace that contains multiple tables that each store data from a particular source. 工作区定义数据的地理位置、定义可访问数据的用户的访问权限,以及配置设置,如定价层和数据保留。The workspace defines the geographic location of the data, access rights defining which users can access data, and configuration settings such as the pricing tier and data retention. 你可以对所有监视数据使用单个工作区,也可以根据你的要求创建多个工作区。You may use a single workspace for all of your monitoring data or create multiple workspaces depending on your requirements. 有关创建多个工作区的注意事项,请参阅 设计 Azure Monitor 日志部署See Designing your Azure Monitor Logs deployment on considerations for creating multiple workspaces.

每个工作区都包含多个表,这些表组织到具有多行数据的单独列中。Each workspace contains multiple tables are that are organized into separate columns with multiple rows of data. 每个表由数据源提供的数据行共享的一组唯一列定义。Each table is defined by a unique set of columns that are shared by the rows of data provided by the data source.

Azure Monitor 日志结构Azure Monitor Logs structure

Application Insights 中的日志数据也存储在 Azure Monitor 日志中,但根据应用程序的配置方式,存储的数据将有所不同。Log data from Application Insights is also stored in Azure Monitor Logs, but it's stored different depending on how your application is configured. 对于基于工作区的应用程序,数据存储在一组标准表中的 Log Analytics 工作区中,用于保存应用程序请求、异常和页面视图等数据。For a workspace-based application, data is stored in a Log Analytics workspace in a standard set of tables to hold data such as application requests, exceptions, and page views. 多个应用程序可以使用同一个工作区。Multiple applications can use the same workspace. 对于经典应用程序,数据不会存储在 Log Analytics 工作区中。For a classic application, the data is not stored in a Log Analytics workspace. 它使用相同的查询语言,并且你使用 Azure 门户中的相同 Log Analytics 工具创建并运行查询。It uses the same query language, and you create and run queries using the same Log Analytics tool in the Azure portal. 不过,经典应用程序的数据彼此分开存储。Data for classic applications though is stored separately from each other. 尽管表名称和列名称不同,但其常规结构与基于工作区的应用程序相同。Its general structure is the same as workspace-based applications although the table and column names are different. 有关这两种情况的详细比较,请参阅 基于工作区的资源更改See Workspace-based resource changes for a detailed comparison of the two.

备注

我们仍然针对 Application Insights 体验中的 Application Insights 经典资源查询、工作簿和基于日志的警报提供完全的后向兼容性。We still provide full backwards compatibility for your Application Insights classic resource queries, workbooks, and log-based alerts within the Application Insights experience. 若要根据新的基于工作区的表结构/架构进行查询/查看,必须先导航到 Log Analytics 工作区。To query/view against the new workspace-based table structure/schema you must first navigate to your Log Analytics workspace. 在预览版期间,从 Application Insights 窗格中选择“日志”即可访问经典 Application Insights 查询体验。During the preview, selecting Logs from within the Application Insights panes will give you access to the classic Application Insights query experience. 有关更多详细信息,请参阅 查询范围See Query scope for more details.

Azure Monitor 的日志结构 Application InsightsAzure Monitor Logs structure for Application Insights

日志查询Log queries

使用作为处理数据和返回结果的只读请求的 日志查询 从 Log Analytics 工作区中检索数据。Data is retrieved from a Log Analytics workspace using a log query which is a read-only request to process data and return results. 日志查询以 Kusto 查询语言编写 (KQL) ,这是 Azure 数据资源管理器使用的查询语言。Log queries are written in Kusto Query Language (KQL), which is the query language used by Azure Data Explorer. 使用 Log Analytics,它是 Azure 门户中的一种工具,用于编辑和运行日志查询并以交互方式分析其结果。Use Log Analytics, which is a tool in the Azure portal to edit and run log queries and interactively analyze their results. 然后,可以使用所创建的查询来支持 Azure Monitor 如日志查询警报和工作簿中的其他功能。You can then use the queries that you create to support other features in Azure Monitor such as log query alerts and workbooks.

Azure Monitor 日志的数据源Sources of data for Azure Monitor Logs

Azure Monitor 从各种源收集日志数据,包括在 Azure Monitor 和虚拟机中运行的代理中的资源。Azure Monitor collects log data from a variety of sources including resources in Azure Monitor and agents running in virtual machines. 有关将数据发送到 Log Analytics 工作区的数据源的完整列表,请参阅 什么是受 Azure Monitor 监视的内容See What is monitored by Azure Monitor? for a complete list of data sources that send data to a Log Analytics workspace.

后续步骤Next steps