Azurecloud~5 mins

Log Analytics workspace in Azure - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

A Log Analytics workspace collects and stores data from your cloud and on-premises resources. It helps you search, analyze, and visualize logs to understand what is happening in your environment.

When you want to monitor the health and performance of your Azure resources in one place.

When you need to collect logs from multiple virtual machines to troubleshoot issues.

When you want to create alerts based on specific events or metrics in your infrastructure.

When you want to analyze security events across your cloud environment.

When you want to visualize trends and patterns from collected log data.

Config File - log_analytics_workspace.bicep

log_analytics_workspace.bicep

param workspaceName string = 'example-law'
param location string = 'eastus'

resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' = {
  name: workspaceName
  location: location
  sku: {
    name: 'PerGB2018'
  }
  properties: {
    retentionInDays: 30
  }
}

output workspaceId string = logAnalyticsWorkspace.id

This Bicep file creates a Log Analytics workspace named 'example-law' in the East US region.

The sku defines the pricing tier, here 'PerGB2018' which is a common choice.

retentionInDays sets how long logs are kept, here 30 days.

The output workspaceId gives the resource ID for use in other deployments.

Commands

This command deploys the Log Analytics workspace to the resource group 'example-rg' using the Bicep template. It sets the workspace name and location.

Terminal

az deployment group create --resource-group example-rg --template-file log_analytics_workspace.bicep --parameters workspaceName=example-law location=eastus

Expected OutputExpected

{ "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Resources/deployments/deploymentName", "name": "deploymentName", "properties": { "provisioningState": "Succeeded" }, "type": "Microsoft.Resources/deployments" }

→

--resource-group - Specifies the Azure resource group where the workspace will be created

→

--template-file - Points to the Bicep file defining the workspace

→

--parameters - Sets parameters like workspace name and location

This command retrieves details about the created Log Analytics workspace to verify it exists and check its properties.

Terminal

az monitor log-analytics workspace show --resource-group example-rg --workspace-name example-law

Expected OutputExpected

{ "customerId": "00000000-0000-0000-0000-000000000000", "location": "eastus", "name": "example-law", "retentionInDays": 30, "sku": { "name": "PerGB2018" }, "type": "Microsoft.OperationalInsights/workspaces" }

→

--resource-group - Specifies the resource group of the workspace

→

--workspace-name - Specifies the name of the workspace to show

Key Concept

If you remember nothing else from this pattern, remember: a Log Analytics workspace is your central place to collect and analyze logs from your Azure resources.

Common Mistakes

Trying to create a workspace without specifying the resource group

Azure needs a resource group to organize resources; without it, the command fails.

Always include the --resource-group flag with a valid resource group name.

Using an invalid or unsupported location for the workspace

Not all Azure regions support Log Analytics workspaces, so deployment fails if the location is unsupported.

Use a supported Azure region like 'eastus', 'westus2', or 'centralus'.

Not setting retentionInDays and expecting logs to be kept indefinitely

Logs are kept only for the retention period; if not set, default retention applies which may be shorter than expected.

Explicitly set retentionInDays in the configuration to control how long logs are stored.

Summary

Use a Bicep template to define and deploy a Log Analytics workspace with desired settings.

Deploy the workspace using Azure CLI with resource group and parameters specified.

Verify the workspace creation by retrieving its details with Azure CLI.