Today I want to show you how you can use icons, thresholds and heatmaps in Azure Monitor and Azure Sentinel Workbooks. These have long been things I’ve used in almost all my workbooks. Along with grouping and showing resource icons, these are what I consider nice touches that take your workbooks from a nice idea to a finished, polished final product.
There are several ways to set thresholds, depending on what you are working with. Thresholds can be found in heatmaps, all three bar options, but also under things like timeline, spark line and spark area. The different however, is that for heatmaps and bars, the minimum and maximum values control the color, whereas under spark line, timeline etc they control the height of the chart.
There are a ridiculous amount of color options for heatmaps.
The two I use the most are cold to hot and green to red.
When using heatmaps, the threshold settings are right below the color pallet. Where the left most color is the minimum threshold and the right most color is the max threshold. Anything above that will be the right most color.
This is an example of a heat map, from my Update Management workbook.
To get icons, for the column renderer set it to Thresholds. Once there, we have a number of options including regex to set icons with.
Much like heatmaps, there are a number of icons for you to choose from.
Initially upon inspecting the options, you think it needs boolean, but it does not. I have done 6 or 7 different icons before. These are examples from my LogicApp workbook.
and this one is from the Ultimate Azure Inventory workbook.
Additionally you can set colors instead of icons. Though I generally prefer the icons. There are a number of options to set that it works out for what I like to do.
Additionally for pie chart and time charts we have chart settings where we can customize the colors. In this instance from the Update Management workbook I linked to previously, I have defined the update classification with similar color scheme we’re familiar with from other MS reporting tools, where the more critical an update the deeper red it turns. The caveat being I couldn’t find a matching color for Update Rollups, so I made them purple.
Finally, we have custom formatting. This is a really nice touch. To apply custom formatting check the box and then select your units.
There are a number of different unit types from time, to bytes and counts.
When you apply this custom formatting correctly, if you have a field that is seconds based, but one log is more than 60 seconds it will automatically convert that to minutes instead of seconds. Similarly if you set it to Kilobytes or Megabytes and you have a response in the terabytes amount, it will automatically change that to TB.