Creating and Configuring a Log Analytics Workspace on Azure

Log Analytics Workspace is a cornerstone of monitoring and observability in Azure, providing a centralized platform to collect, analyze, and query data from multiple resources. This guide outlines the steps to create and configure a Log Analytics Workspace on Azure, complete with screenshots for clarity.

For instance, with a Log Analytics workspace, you can gather data from:

1. Your Azure subscription’s resources.

2. Virtual machine agents.

3. Application and performance usage data from Azure Monitor application insights.

4. Diagnostics or log data from Azure Storage.

Why Use a Log Analytics Workspace?

Centralized Monitoring: Consolidates logs from various Azure resources for unified analysis.

Powerful Querying: Utilizes KQL (Kusto Query Language) for advanced data analysis.

Integration: Works seamlessly with Azure Monitor, Application Insights, and other tools.

Compliance and Audit: Ensures you meet governance requirements by tracking resource activities.

1. Prerequisites

Ensure you have the following:

An active Azure subscription.

Sufficient permissions to create and manage resources in Azure.

2. Navigate to Log Analytics Workspace

In the search bar at the top, type Log Analytics and select Log Analytics Workspaces from the results.

3. Create a Log Analytics Workspace

Step 1: Start the Creation Process

Click on the + Create button.

Step 2: Configure Basics

In the Basics tab, provide the following details:

Subscription: Select the subscription you want to use.

Resource Group: Choose an existing resource group or create a new one.

Workspace Name: Enter a unique name for your workspace.

Region: Select the desired region.

Step 3: Review and Create

Skip to the Review + Create tab and ensure all configurations are correct.

Click Create to deploy the workspace.

4. Log Analytics RBAC Roles

There are two predefined RBAC roles associated with Log Analytics. These roles are:

Log Analytics Reader

Log Analytics Contributor

Log Analytics RBAC Scopes

You can set up role access for Log Analytics at the following levels:

Subscription: Provides access to all workspaces within the subscription.

Resource group: Grants access to all workspaces within the specified resource group.

Resource: Allows access to only the designated workspace.

To set up Azure RBAC permissions at the workspace level, follow these steps:

Go to the Log Analytics workspace in the Azure portal.

Choose “Access control (IAM).”

Click on Add, then Add a role assignment.

Select either Log Analytics Reader or Log Analytics Contributor and click Next.

Include the security principal to which you want to assign the role and click Next

Click Review + assign.

5. How to configure default Log Analytics Workspace retention policy

To configure the default workspace retention policy:

Go to the Log Analytics workspaces menu in the Azure portal and choose your workspace.

Select “Usage and estimated costs” in the left pane.

Click on “Data Retention” at the top of the page.

Use the slider to increase or decrease the number of days, then select OK.

6. How to configure retention and archive policies by table

To establish the retention and archive duration for a table in the Azure portal:

Navigate to the Log Analytics workspaces menu and choose Tables. This screen displays all the tables in the workspace.

Click on the context menu for the table you wish to configure and choose Manage table.

Configure the retention and archive duration in the Data retention settings section on the table configuration screen.

7. How to configure Log Analytics health status alerts

To activate suggested alert rules:

In the Azure portal, go to the Log Analytics workspace. Under Monitoring, choose the Alerts section, and then click View + setup

This action will open the Set up recommended alert rules page.

Conclusion

Creating and configuring a Log Analytics Workspace is a crucial step in implementing effective monitoring and observability on Azure.