You can use Log Analytics to edit and run log queries with the data in Azure monitor logs. With Azure Log Analytics you can easily sort, filter, and provide analysis to a simple query returning a set of records. Also, it can help in the case of more complex queries which perform statistical analysis and also visualize the output in form of a chart.
Check out this Intellipaat Microsoft Azure Full Course video:
What is Microsoft Log Analytics?
Log Analytics is a service offered by Microsoft for analyzing and querying log data in Azure.
It is a component of Azure Monitor, a solution for collecting and analyzing telemetry data from both cloud and on-premises settings.
For writing your own queries, Log Analytics provides you with its own custom query language, “Kusto”. You can run queries as per your need and analyze the results.
With Azure Log Analytics you can easily visually represent (i.e, charts and graphs) data and share it, also you can filter, sort, and group logs into different categories.
Saving, copying, and loading are possible for both the queries and results obtained.
What is Azure Log Analytics used for?
You may capture and analyze data produced by resources in your cloud and on-premises environments with Azure Log Analytics, a monitoring tool.
Log data from Azure resources, such as Azure Virtual Machines, Azure SQL Databases, and Azure App Service, may be collected using Log Analytics.
Additionally, log data from on-premises resources like Windows Server, Linux Server, and application logs can be collected.
To evaluate your data and generate insightful conclusions, you can run queries in Log Analytics. In addition, you can create customized dashboards to show your data.
Kusto Query Language
Kusto Query Language is used to query the log databases in Azure. Kusto is pretty simple to use and yet a powerful language used for querying structured, unstructured, and semi-structured data.
Kusto makes it easy to read and understand the query intent, is highly expressive, and is well-optimized for the authoring.
The query utilizes schema entities structured in a hierarchy identical to SQL’s: database, table, and columns.
What is Kusto Query?
A read-only request to process data and produce results is known as a Kusto query.
The request is made in plain text and is presented using an automated, read-friendly data-flow model.
One or more query statements can be found in Kusto queries.
What is Azure Log Analytics Workspace?
A Log Analytics workspace is a one-of-a-kind environment for logging data from Azure Monitor and other Azure services like Microsoft Sentinel and Microsoft Defender for Cloud.
Each workspace has a unique data repository and setup but might use data from various services.
A single workspace can be used for all your data collection, and multiple workspaces can be created depending on your requirements, like,
- the geographic location of data
- configuration choices like data retention, and price tiers.
- Access rights, which specify who has access to what data.
Why do we need Azure Log Analytics Workspace?
A Log Analytics workspace is the fundamental administrative unit of Azure Monitor Logs.
There must be a location where all monitor data can be controlled and stored. Log Analytics Workspace serves as a logical storage unit where you can quickly store, keep, and query information gathered from multiple resources that have been monitored in Azure to offer insightful data for those resources.
Creating Log Analytics Workspace
You can create an Azure Log Analytics workspace by following these steps:
- Log in to the Azure portal and look for Log Analytics Workspace blade.
- Click on Add button, and The Log Analytics Workspace blade will appear.
- Fill in the details like:
- Workspace name
- Subscription name
- Resource group name
- Location
- Pricing tier
- Click OK to create a Log Analytics Workspace
- Again click OK for submitting your deployment.
Log Analytics offers free as well as paid tiers. With the free tier, there are limitations like:
- 5 GB/month data ingestion limit
- Data retention 30-day limit
Get 100% Hike!
Master Most in Demand Skills Now!
How to Access Azure Log Analytics?
There are 2 types of Access Control Modes for Log Analytics Workshop which can be found on the overview page. Let’s discuss them:
- Use Resources or Workspace Permissions:
Granular role-based access control is possible with this access control mechanism. Only log data from resources that are permitted to use this access control mode can be viewed by the user.
The workspace rights that the user has been granted are applied when they access the workspace when it is in Workspace-Context mode.
Only resource-based permissions are taken into account and workspace-related permissions for those resources are ignored when a user uses the workspace in resource-context mode.
This is the access control mode that the Log Analytics Workspace uses by default.
- Require Workspace Permissions
This access control mode does not support granular role-based access control. A user must have authorization to the workspace or certain tables in the workspace before they can access it.
The workspace’s tables and data are all accessible to users who enter it in Workspace-Context mode.
A user can only access the resource’s data in any tables to which they have been granted access if they access the workspace in resource-context mode.
Conclusion
Azure Monitor gathers and organizes log and performance data for your monitored resources, including Virtual Machines, and Azure Log Analytics is used to run log queries for the data in Azure Monitor Logs. It is a reliable, simple-to-use, and secure system for collecting and analyzing performance information.