Azure Monitor collects two types of data: metrics and logs. The document provides tips for reducing data volume in Azure Monitor by changing configurations for security events, performance counters, event logs, syslog, AzureDiagnostics, and solution data. Configurations can be changed to reduce the frequency and number of items collected, and to only collect required event levels and logs. This helps reduce the amount of data sent to Azure Monitor.

1. Azure Monitor

2. DevScope
Where I Work
Systems Engineer | Microsoft Azure MVP
What I Do
@psousa75
pedro.sousa@devscope.net
pmsousa
Where To Find Me

7. All data collected by Azure Monitor fits into one of
two fundamental types, metrics and logs

9. Tips for reducing data volume
Source of high data volume How to reduce data volume
Security events Select common or minimal security events
Change the security audit policy to collect only needed events. In particular, review the need to collect events for
- audit filtering platform
- audit registry
- audit file system
- audit kernel object
- audit handle manipulation
- audit removable storage
Performance counters Change performance counter configuration to:
- Reduce the frequency of collection
- Reduce number of performance counters
Event logs Change event log configuration to:
- Reduce the number of event logs collected
- Collect only required event levels. For example, do not collect Information level events
Syslog Change syslog configuration to:
- Reduce the number of facilities collected
- Collect only required event levels. For example, do not collect Info and Debug level events
AzureDiagnostics Change resource log collection to:
- Reduce the number of resources send logs to Log Analytics
- Collect only required logs
Solution data from computers that don't need the solution Use solution targeting to collect data from only required groups of computers.

10. #GlobalAzure
Scenario

12. #GlobalAzure
No more slides…