Log Analytics & App Insights
- Your agent already queries Log Analytics and App Insights through built-in Azure observability — no connector required
- These connectors are an optimization — add one when you have specific workspaces your team queries frequently
- Connectors reduce token consumption and query latency by giving the agent pre-configured access parameters
- Permissions auto-assigned — the agent handles RBAC on save
Why add a connector when built-in observability already works?
Your agent already queries Application Insights and Log Analytics through its built-in Azure observability tools — using az cli, Resource Graph, and raw KQL. No connector is required for this. See Diagnose with Azure Observability for what works out of the box.
These connectors are an additional, optimized path for workspaces and App Insights resources your agent queries frequently. When you add a connector, the agent gets pre-configured hints for which parameters to pass to the Azure MCP server and handles authentication automatically through the connector mapping. The result: faster queries and lower token consumption.
Built-in (no setup needed): Your agent can explore and query any Azure Monitor data through az cli and Resource Graph — see Azure Observability. This works for ad-hoc investigations but uses more tokens because the agent must discover resources and construct query parameters on its own.
Connectors (this page): Add a connector when you have specific workspaces or App Insights resources your team queries daily. The connector provides the agent with direct access parameters — workspace ID, resource group, subscription — reducing token consumption and query latency for frequently-used resources.
| Without connector (built-in) | With connector (this page) |
|---|---|
| Agent discovers workspaces via Resource Graph, then constructs query parameters (uses more tokens) | Agent queries the configured workspace directly using pre-set parameters |
| Agent explores available workspaces before querying (higher latency) | Agent knows which workspace to query immediately |
| Auth handled through managed identity — agent figures out permissions at query time | Auth pre-configured via connector mapping at setup time |
| RBAC roles managed manually per resource | Roles auto-assigned when you save the connector |
How it works
- Add connector — Select Log Analytics or App Insights from the connector picker
- Select a resource — Choose a workspace or resource from an auto-discovered list
- Save — Permissions are automatically assigned to your agent's managed identity
- Query — Ask your agent about your logs in natural language
What the agent can do
Once connected, the agent can:
- List available tables in your workspaces
- Run KQL queries against connected workspaces or App Insights resources
- Correlate log data with other data sources during investigations
- Display results as tables in chat
Example
During an incident investigation, your agent detects elevated error rates. With a connected Log Analytics workspace, it runs:
Show me failed sign-in events from the last 24 hours grouped by user principal name
The agent queries your SigninLogs table via KQL, finds a pattern of failed MFA attempts from a single IP range, and surfaces the finding in its investigation timeline — all without you leaving the chat.
Related capabilities
| Capability | What it adds |
|---|---|
| Kusto Tools → | Deterministic, parameterized KQL queries against ADX clusters |
| Diagnose Azure observability issues → | Agent uses Azure Monitor data for root cause analysis |
| Scheduled tasks → | Automate recurring log queries on a schedule |