Part 28 – Configure Azure Log Analytics WorkSpace

Loading

Azure Log Analytics can be used to collect logs centrally on Azure from which we can run log queries with the data in Azure monitor logs. Thus Log Analytics Workspace serves as a logical storage unit where you can quickly store, keep, and query information gathered from multiple resources that have been monitored in Azure to offer insightful data for those resources.

What Is the Difference Between Azure Monitor and Log Analytics?

Azure log analytics is an offering or service within Azure Monitor. Azure log analytics and App Insights have been moved into Azure Monitor to provide a consolidated monitoring experience in one place. The term log analytics now primarily applies to the page in the Azure portal used to write and run queries and analyze log data.

Creating a Log Analytics Workspace for Azure Monitoring

Azure Log Analytics workspace is a central place where you can monitor and manage all the Azure Monitor logs collected from one or more Azure resources.

Log in and search for Log Analytics Workspace.

  • Fill in the details like:
  • Workspace name
  • Subscription name
  • Resource group name
  • Location
  • Pricing tier

Click Review and Create to begin the provisioning

Defining a Log Analytics Data Collection Rule

Its data collection rules that determines how alerts are going to be collected on the loganalytics workspace.

Open the Azure Monitor Service to create data collection.

Generating Alerts based on Metrics

  • Fill in the details like:
  • Rule name
  • Subscription name
  • Resource group name
  • Platform Type – Choose the OS as Windows

Select the resources we wish to monitor so we will pick our windows VM in here. Analyse the logs on the Windows machine and send it to the workspace is what this actually does.

Our VM is thus added

There are two datasources we can use

  • Data source type – Perf Counters such as CPU. Memory etc
  • Data source type – Windows Event Viewer Logs based on its severity

For us to analyse the logs based on “metrics” on the Windows machine and send it to the workspace I will just choose memory metric here.

Under Windows Event logs as this is an IIS server, we will choose all the Critical warnings being generated

Under the destination tab choose the workspace we created so logs are directed to the Workspace

Our Windows Event Logs and Perf Counter data collection rule is now enabled

Click Review and Create for our Workspace to be created

All resources section will now show us the workspace and also the data collection rule

On the VM, this will create two agents on it as shown

Adding Additional VM’s to Log Analytics Workspace

In this section, we now add our new VM to an existing log analytics space. The easiest way to do this is go to the Azure Monitor and then go the data collection rules and add the new VM in.

Click Add button to add the new VM in

Our second VM is thus added in.

After few minutes, we can now see logs being generated in the Workspace tab.

Alert rules to email etc can be created from here.

Some Log Analytics Queries

1. This can be used to check for the events generated in the previous 5 minutes

Event | where TimeGenerated > ago(10m)

2. This can be used to project certain properties

Event | where TimeGenerated > ago(5m) | project EventLog, Computer

(Visited 31 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.