Configure diagnostic settings for resource logs, metrics, and destinations.
Last verified: May 2026
Configure diagnostic settings for resource logs, metrics, and destinations.
Required Fields
settingNametargetResourceIdlogslogs[0]logs[0].categoryOutput will appear here...The Azure Diagnostic Settings Builder helps you configure diagnostic settings that route platform logs and metrics from Azure resources to destinations like Log Analytics, Storage Accounts, Event Hubs, or partner solutions. Each Azure resource type generates different diagnostic categories, and configuring them correctly is essential for monitoring, compliance, and troubleshooting. This tool shows available categories per resource type and generates the settings configuration.
Yes. A single diagnostic setting can send data to a Log Analytics workspace, a Storage Account, and an Event Hub simultaneously. You can also create multiple diagnostic settings per resource to route different log categories to different destinations.
Platform metrics are numerical performance measurements collected automatically at one-minute intervals and stored in Azure Monitor Metrics. Diagnostic logs are structured event records that contain detailed operational data. Both can be routed via diagnostic settings, but they serve different monitoring purposes.
Your security team mandates that ALL Azure resources route audit and admin logs to a centralized Log Analytics workspace + a long-term storage archive. The builder generates diagnostic settings for each of 12 resource types you have (Key Vault, App Service, SQL Database, Storage Account, etc.), each with the right category filter (audit/admin only, not data plane logs which would be massive). You roll out via Azure Policy 'DeployIfNotExists' so new resources auto-configure correctly. Compliance: solved. Monthly cost: predictable.
The builder creates a Microsoft.Insights/diagnosticSettings resource with the resource being monitored (resourceUri), destination(s) (workspaceId, storageAccountId, eventHubAuthorizationRuleId), and the log/metric category arrays. It surfaces the available categories per resource type (drawn from a curated catalog) and validates that at least one log or metric category is enabled.
Azure Monitor Logs (Log Analytics) ingestion costs $2.30/GB on the standard tier — the largest line item for most diagnostic settings. Always use category-level filtering (e.g., AppServiceConsoleLogs but NOT AppServiceFileAuditLogs) rather than 'allLogs', which can quietly cost thousands per month for high-traffic resources.
Storage account destinations are cheap ($0.05/GB/month) but querying stored logs requires Log Analytics or Azure Data Explorer. The right pattern: route HOT logs (last 30 days, frequently queried) to Log Analytics, route ARCHIVAL logs (compliance retention) to a Storage account with lifecycle policy to Archive tier after 30 days.
Event Hub destinations are designed for SIEM integration. If you're routing diagnostic settings to Event Hub for Splunk/Datadog, choose Standard EventHub tier (not Basic) which supports Capture for replay. Without Capture, a downstream SIEM outage means lost events.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.