Azure Monitor, Sentinel QuickStart Workbook templates

If you’ve followed me at all over the last few years, I make a lot of workbooks. I have a number of them on my github. I have these workbooks for your usage, completely free.

But now I’m putting out the quickstart workbook templates I use to create workbooks. After creating so many client related workbooks, I got tired of always putting in the same parameters all the time. I’ve created four templates for you usage.

Subscription and TimeFrame

The first quickstart template has Subscription and TimeFrame. These two parameters are almost always included in my workbooks, so its two less parameters that I have to use.

QuickStart Workbook templates

Log Analytics Workspace

Building on the last workbook, this template has Subscription and TimeFrame and adds Azure Resource Graph to find all Log Analytics workspaces, either for Sentinel or Azure Monitor.

QuickStart Workbook templates

QuickStart Workbook templates

Log Analytics and Application Insights

Yes, eventually you’ll only be able to send your Application logs to Log Analytics, however, at this time pretty much everyone has separate workspaces for Log Analytics and App Insights. So this workbook builds on the Log Analytics workspace and uses Resource Graph to find all App Insights workspaces.

QuickStart Workbook templates

Dynamic Application Monitoring

I talked about building this on my IT Ops Talk blog post, but this is the logical conclusion of adding Log Analytics and App Insights together. Not to mention grabbing Azure Resource Metrics as well. This adds a parameter called AppPicker and it gets your Application Tags using Azure Resource Graph. This allows you to essentially build one workbook for multiple applications and developement and production, provided your applications are built similarly. For instance for one client they had 5 or so different applications but they were all built using a combination of App Gateways, IaaS VMs, App Services and SQL backend databases. Because they were all the same, you could simply select the Application tag and scroll through all applications and get their metrics and logs for all resources.

You’ll need to chant tags.AppName to the name you use for Application tagging in your environment. I use AppName in my azure sub, I have also seen simply Application as well as NS_Application.


QuickStart Workbook Templates

I’ve placed all these templates on my github, which you can find here.