Introduction

As explained in previous blog post, you can use the Kusto Query Language (KQL) for Anomaly detection and forecasting.

This is great for ad-hoc querying the logs, and visualizing the data with the metrics explorer. However, having a tool ready to explore the metrics is much better.

Azure Monitor Workbooks are the perfect tool for that.

For your convenience, I’ve created an example workbook.

Workbook

Parameters

Timerange: The TimeRange

Subscription: The Subscription

Workspace: The Log Analytics Workspace

ResourceType: The Resource Type to filter out

Resource: The Resource Selected

Metric: The Metric

Aggregation: The type of aggregation (Avg, Min, Max, Pct5, Pct10, Pct50, Pct90, Pct95)

Forecast

This is done using the series_decompose_forecast() function.

Trendline

This is done using the series_fit_line() function.

Anomalies

This is done using the series_decompose_anomalies() function.

I also added a table that extracts the outliers for the anomalies using the mv-expand operator on the timeseries.

Download

Here’s the ARM Template the Gallery Template.