Log Analytics is a tool in Azure to edit and run log queries from data collected by Azure Monitor Logs and interactively analyze their results.
We can use Log Analytics queries (like KQL) to retrieve records matching particular criteria, identify trends, analyze patterns, and provide a variety of insights into your data.
We attach a Log Analytics workspace to any of the copute services such as Virtual machines, SQL Managed Instances, Redis Cache etc.
We can also create custom alerts based on the Log Analysis and custom queries.
Provisioning Log Analytics Workspace using Azure Portal
Step 1: Go to Azure portal and search for Log analytics and then click on Create
Step 2: Enter the details like Name of the workspace and resource group and pricing tier
You can enter the same resource group we created in last blog post – https://thewebspark.com/2021/01/16/azure-series-part-1-creating-resource-groups-in-microsoft-azure/
Step 3: Select the pricing tier
Step 4: Provide the tags for the workspace
We will use the same tag we used during resource group creation
Step 5: Review and Create the workspace
Step 6: Validate the provisioning
Provisioning Log Analytics Workspace using Azure CLI
We can also use the Azure CLI commands to provision the analytics workspace
Step 1: Use the below azure cli command to create the workspace
az monitor log-analytics workspace create –resource-group –workspace-name [–capacity-reservation-level] [–ingestion-access {Disabled, Enabled}] [–location] [–no-wait] [–query-access {Disabled, Enabled}] [–quota] [–retention-time] [–sku] [–subscription] [–tags]
az monitor log-analytics workspace create –resource-group thewebspark-eastus2-dev –workspace-name thewebsparkanalyticsdev1 –location eastus2 –sku perGB2018
Step 2: Validate the provisioning in portal
Provisioning Log Analytics Workspace using Azure ARM templates
Step 1: Create the template.json file and add the below code
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"sku": {
"type": "string"
},
"tags": {
"type": "object"
}
},
"resources": [
{
"apiVersion": "2017-03-15-preview",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"type": "Microsoft.OperationalInsights/workspaces",
"properties": {
"sku": {
"name": "[parameters('sku')]"
}
}
}
]
}Step 2: Create the parameters.json file and add the below code
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"value": "thewebsparkanalyticsdev"
},
"location": {
"value": "eastus2"
},
"sku": {
"value": "pergb2018"
},
"tags": {
"value": {
"blogseries": "Azure"
}
}
}
}Step 3: Open cmd and run below azure cli command to deploy the ARM templates
$az deployment group create –resource-group thewebspark-eastus2-dev –template-file template.json –parameters parameters.json
You will get provisioningState as “Succeeded”
That is all for now, In the upcoming posts we will see how we can use the Kusto Query Language to query the logs recorded in our log analytics workspace.
Thanks!
The Web Spark 