Log Analytics, within the Operations Management Suite is a service within Azure that allows for collecting, analyzing and actions that can be taken based on log data. Log Analytics supports Windows and Linux virtual machines and can be integrated with Cloud and On-Premises services. The scope of what logs are available to collect is growing very rapidly and Log Analytics will eventually consume almost any type of logs that are surfaced from Azure services and will soon support logs generated from AWS.
Create the OMS Workspace
The first step is to create or link an existing Operations Management Suite (OMS) Workspace. This Workspace or dashboard is where you can add more solutions to monitor and connect to data sources and provides the overall UI for managing and viewing the log data.
After the OMS Workspace is created the dashboard will guide you through some basic steps to get you up and running.
The first step after the Workspace is created is to add Solutions, OMS has a number of solutions that log analytics can process and more are available in the Gallery and over time will be expanded even further.
For now, we will add the following solutions:
- Log Search
- Azure Automation
- Azure Network Analytics (Preview)
- Security and Audit
Connecting to Data Sources
Data Sources are where the log data is retrieved from or connected services that push logs to OMS. These connected systems can be in the form of VMs with the MOMS Agent installed or integrated with on-premises SCOM Management Groups. There are variety of other data sources that can be connected to including Diagnostic Storage Accounts and external systems such as Office365.
For now, we will download and install the MOMS Agent on a Windows Server.
After we have downloaded the Agent and copied it our Virtual Machine, run the installation and configure it to connect to Azure Log Analtics (OMS) with the WorkSpace ID and the Key.
Back in the OMS Portal, we can configure the Data we want to log. In this example Application and System Log have been added and we are only interested in Errors. Once we are finished click Save up the top left.
After this is completed the initial setup will be 100% and show a connected data source
Viewing Log Data
Once data is being collected or ingested into OMS, the Log Search can be used to perform queries on the Log data
There are a number of pre-defined queries that can be used and Log Analytics also supports complex queries that can be saved for later use.