For example, Azure Network Performance Monitoring aggregates incoming data over 3-minute intervals, which effectively adds 3-minute latency.Īnother process that adds latency is the process that handles custom logs.
Some management solutions implement heavier algorithms to aggregate data and derive insights as data is streaming in. This process typically adds 5 to 15 seconds. Pipeline-process timeĪfter the data is available at the data collection endpoint, it takes another 30 to 60 seconds to be available for querying.Īfter log records are ingested into the Azure Monitor pipeline (as identified in the _TimeReceived property), they're written to temporary storage to ensure tenant isolation and to make sure that data isn't lost. To determine a solution's collection frequency, see the documentation for each solution.
LOG FILE MONITOR UPTIME WINDOWS
Windows Analytics solutions (Update Compliance, for example) data is collected by the solution at a daily frequency.Microsoft 365 solution polls activity logs by using the Management Activity API, which currently doesn't provide any near real time latency guarantees.Some solutions collect data at regular intervals without attempting near real time collection. Some solutions don't collect their data from an agent and might use a collection method that introduces more latency. They might take 10 to 15 minutes if you instead use the legacy integration. Activity log data is ingested in 30 seconds when you use the recommended subscription-level diagnostic settings to send them into Azure Monitor Logs.To examine this latency in your environment, see the query that follows. Work is in progress to improve this time further. Some Azure services (specifically, Azure SQL Database and Azure Virtual Network) currently report their logs at 5-minute intervals. Resource logs typically add 30 to 90 seconds, depending on the Azure service.Azure platform metrics are available in under a minute in the metrics database, but they take another 3 minutes to be exported to the data collection endpoint.Azure metrics, resource logs, activity logĪzure data adds more time to become available at a data collection endpoint for processing:
Network conditions might negatively affect the latency of this data to reach a data collection endpoint. Upload frequency varies between 30 seconds and 2 minutes depending on the type of data. To ensure the Log Analytics agent is lightweight, the agent buffers logs and periodically uploads them to Azure Monitor. Weekly assessment of your Active Directory infrastructure The agent collects the logs only when assessment is complete. Windows events, Syslog events, and performance metricsįor IIS logs, this schedule is influenced by the rollover schedule configured on IIS. Some specific examples are listed in the following table. Agent collection latencyĪgents and management solutions use different strategies to collect data from a virtual machine, which might affect the latency. Indexing time: The time spent to ingest a log record into an Azure Monitor big data store.ĭetails on the different latency introduced in this process are described in the following sections.This time period includes parsing the properties of the event and potentially adding calculated information. Pipeline time: The time for the ingestion pipeline to process the log record.More latency might be introduced by the network. In most cases, this process is handled by an agent. Agent time: The time to discover an event, collect it, and then send it to a data collection endpoint as a log record.The total ingestion time for a particular set of data can be broken down into the following high-level areas: The specific latency for any particular data will vary depending on several factors that are explained in this article. The average latency to ingest log data is between 20 seconds and 3 minutes.
Latency refers to the time that data is created on the monitored system and the time that it becomes available for analysis in Azure Monitor. This article explains the different factors that affect this latency. There are often questions about the time it takes for log data to become available after it's collected. Azure Monitor is a high-scale data service that serves thousands of customers that send terabytes of data each month at a growing pace.
0 kommentar(er)
