We are currently investigating a spike in Azure Foundry usage observed during the month of May-2026 !!!

Partho Sarkar 5 Reputation points
2026-06-16T21:57:38.8333333+00:00

Hi,

We are investigating an unexpected usage spike for an Azure Foundry / Azure OpenAI endpoint during May-2026 billing period. We are trying to determine the root cause of the increased usage.

We have already reviewed the built-in Azure metrics, such as request count, token usage, latency, and response codes. These confirm the spike but do not provide enough request-level detail for root cause analysis.

We need to retrieve historical request-level logs or backend telemetry for an Azure OpenAI / Foundry endpoint when diagnostic logging was not enabled during this period. Where available and permitted, we are looking for the following can be retrieved through Azure Support or any other mechanism:

  • Request timestamps
  • Model deployment used
  • Application or caller identity metadata
  • Source region, network origin, or IP-related metadata
  • Request path and operation metadata
  • Request status, errors, retries, throttling, or abnormal usage patterns
  • Token usage at request level
  • Request/response payload details, if available and compliant with Azure data privacy policies

We understand that payload-level logs may be restricted due to privacy, compliance, retention and diagnostic logging limitations. Any guidance on how we can get the historical data may still be available and the correct support path to request it, would be appreciated.

Thanks in advance.

Foundry Models
Foundry Models

A catalog of AI models in Microsoft Foundry that you can discover, compare, and deploy using Azure’s built‑in tools for evaluation, fine‑tuning, and inference


1 answer

Sort by: Most helpful
  1. Alex Burlachenko 23,170 Reputation points MVP Volunteer Moderator
    2026-06-22T11:01:11.9966667+00:00

    Partho Sarkar hi & thx for sharing urs issue here at Q&A portal,

    u won’t be able to reconstruct full request-level history if diagnostic logging wasn’t enabled during May. Azure metrics can confirm the spike, but they’re aggregated. They usually won’t give u the full per-request trail with caller identity, source IP, request path, deployment, status, and token usage after the fact, that Azure OpenAI / Foundry metrics are mainly for aggregated usage, latency, tokens, errors, and safety signals https://learn.microsoft.com/en-us/azure/foundry/openai/monitor-openai-reference for request-level logging, the safer design is to enable diagnostic settings before the incident and send logs to Log Analytics, Storage, Event Hub, or another SIEM. If it wasn’t enabled at the time, Azure Support may be able to check limited backend/service telemetry, but I wouldn’t expect them to provide full historical request logs or payloads. Payload-level data is especially unlikely because of privacy and retention rules.

    I’d open a support case under Azure OpenAI / Azure AI Foundry billing or usage investigation and ask specifically whether backend telemetry exists for the May 2026 billing window for that resource ID and deployment. I’d include the resource ID, region, endpoint name, deployment names, subscription ID, billing period, UTC time range, and screenshots of the usage spike. For future RCA, I’d put the endpoint behind API Management or an app gateway layer and log caller/app identity, request timestamp, deployment name, token usage, status code, retry count, and client IP where policy allows it. https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-llm-logs

    From what u described the builtin metrics are probably the best self-service historical data u have right now. Anything deeper would need Microsoft Support, and even then it may be limited.

    rgds,

    Alex

    &

    If my answer was helpful pls mark it and additional thx if u follow me at Q&A portal

    Was this answer helpful?


Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.