Azure Monitor CLI Cheatsheet¶
Quick reference for common az monitor commands. All examples use long flags for clarity and script compatibility.
flowchart TD
subgraph "Azure Monitor CLI Commands"
A[az monitor] --> B[log-analytics]
A --> C[diagnostic-settings]
A --> D[metrics]
A --> E[alert]
A --> F[action-group]
B --> B1[workspace create/list/show]
B --> B2[query]
C --> C1[create/list/delete]
D --> D1[list/list-definitions]
E --> E1[metrics alert]
E --> E2[scheduled-query]
F --> F1[create/list/update]
end
style A fill:#0078d4,color:#fff
style B fill:#339af0,color:#fff
style C fill:#339af0,color:#fff
style D fill:#339af0,color:#fff
style E fill:#339af0,color:#fff
style F fill:#339af0,color:#fff Log Analytics Workspaces¶
Create a Workspace¶
az monitor log-analytics workspace create \
--resource-group <resource-group-name> \
--workspace-name <workspace-name> \
--location <location> \
--sku PerGB2018 \
--retention-time 30
List Workspaces¶
Show Workspace Details¶
az monitor log-analytics workspace show \
--resource-group <resource-group-name> \
--workspace-name <workspace-name>
Diagnostic Settings¶
Create Diagnostic Setting¶
az monitor diagnostic-settings create \
--name <setting-name> \
--resource <resource-id> \
--workspace <workspace-id> \
--logs '[{"category": "AppServiceHTTPLogs", "enabled": true}]' \
--metrics '[{"category": "AllMetrics", "enabled": true}]'
List Diagnostic Settings¶
Alert Rules¶
Create Metric Alert Rule¶
az monitor metrics alert create \
--name <alert-name> \
--resource-group <resource-group-name> \
--scopes <resource-id> \
--condition "avg Percentage CPU > 90" \
--window-size 5m \
--evaluation-frequency 1m \
--description "High CPU alert"
Create Scheduled Query Alert¶
az monitor scheduled-query create \
--name "<alert-name>" \
--resource-group "$RG" \
--scopes "$WORKSPACE_ID" \
--condition "count 'ErrorQuery' > 10" \
--condition-query "ErrorQuery=AppServiceHTTPLogs | where ScStatus >= 500 | summarize AggregatedValue = count() by bin(TimeGenerated, 5m)" \
--evaluation-frequency "5m" \
--window-size "5m" \
--severity 2 \
--skip-query-validation true \
--description "Trigger when App Service HTTP 5xx responses exceed the alert threshold." \
--output json
Metrics and Logs¶
List Metric Definitions¶
Query Metrics¶
Query Logs (Ad-hoc)¶
az monitor log-analytics query \
--workspace <workspace-id> \
--analytics-query "AzureActivity | take 10"
Action Groups¶
Create Action Group¶
az monitor action-group create \
--name <group-name> \
--resource-group <resource-group-name> \
--short-name "OpsAlert" \
--action email admin admin@example.com