1 Create and configure a Log Analytics workspace
Create and configure a Log Analytics workspace – Training | Microsoft Learn
Azure Monitor collects log data and stores it in tables.
Administrators use Log Analytics in the Azure portal to configure their input data sources and conduct queries for their Azure Monitor logs.
Each workspace has its own data repository and configuration but might combine data from multiple services.
Create a workspace
Search Log Analytics workspaces, 1, 2 and 3.
1.1 Configure access to Log Analytics workspaces
2 modes
- 1 Workspace-context: You can view all logs in the workspace for which you have permission.
- 2 Resource-context: When you access the workspace for a particular resource, resource group, or subscription, such as when you select Logs from a resource menu in the Azure portal, you can view logs for only resources in all tables that you have access to.
View mode
Edit mode
1.2 Log Analytics RBAC roles
2 roles
- Log Analytics Reader
- View and search all monitoring data.
- View monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
- Log Analytics Contributor
IAM add
View current roles
1.3 Configure Log Analytics data retention
Retention policies define when to remove or archive data in a Log Analytics workspace. Archiving lets you keep older, less used data in your workspace at a reduced cost.
During the interactive retention period, data is available for monitoring, troubleshooting, and analytics. When you no longer use the logs, but still need to keep the data for compliance or occasional investigation, you can archive the logs to reduce costs.
Archived data stays in the same table, alongside the data that’s available for interactive queries. When you set a total retention period that’s longer than the interactive retention period, Log Analytics automatically archives the relevant data immediately at the end of the retention period.
1.4 Configuring default Log Analytics Workspace retention policy
Data retetion
1.5 Configure retention and archive policies by table
By default, all tables in your workspace inherit the workspace’s interactive retention setting and have no archive policy. You can modify the retention and archive policies of individual tables, except for workspaces in the legacy Free Trial pricing tier.
Configure if needed
1.6 Configure Log Analytics health status alerts
Azure Service Health monitors the health of your cloud resources, including Log Analytics workspaces. When a Log Analytics workspace is healthy, data you collect from resources in your IT environment is available for querying and analysis in a relatively short period of time, measured as latency. When Azure Service Health detects average latency in your Log Analytics workspace, the workspace resource health status is Available.
To enable recommended alert rules:
view + set up
If you want to create a new action group, you will perform the following steps before setting up the alert rules
If you want to create a new alert rule, perform the following steps
Configure Log Analytics health status alerts – Training | Microsoft Learn
2 Configure monitoring for applications
Configure monitoring for applications – Training | Microsoft Learn
3 Configure monitoring for virtual machines
Configure monitoring for virtual machines – Training | Microsoft Learn
Azure Monitor for VMs enables you to monitor Virtual Machines that are hosted in Azure or server operating systems connected through Azure Arc.
To collect logs and performance data from the guest operating system of the virtual machine, though, you must install the Azure Monitor Agent and have deployed a Log Analytics workspace.
To install Azure Monitor Agent using the system-assigned managed identity on a Linux IaaS VM use the command:
az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --ids <vm-resource-id> --enable-auto-upgrade true
# https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/features-linux?tabs=azure-cliCreating a data collection rule through the Azure portal automatically deploys the Azure Monitor Agent on an IaaS VM if it is not already deployed.
Go to
Data collection rules
Add rule must be in same region as resource
Select platform type
Add vm
Enable data collection endpoints
Create and enpoint
On the Collect and deliver tab, select Add data source to add a data source and set a destination.
Select a Data source type.
Select which data you want to collect. For performance counters, you can select from a predefined set of objects and their sampling rate. For events, you can select from a set of logs and severity levels.
On the Destination tab, add one or more destinations for the data source. You can select multiple destinations of the same or different types. For instance, you can select multiple Log Analytics workspaces, which is also known as multihoming.
Review and create
3.1 Monitor Performance with VM insights
VM insights provides a quick and easy method for getting started monitoring the client workloads on your virtual machines and virtual machine scale sets. It displays an inventory of your existing VMs and provides a guided experience to enable base monitoring for them.
VM insights includes a set of performance charts that target several key performance indicators to help you determine how well a virtual machine is performing.
Enable VM insights
Enable
