Join David M. Franklyn for an in-depth discussion in this video Log Analytics service, part of Microsoft Azure: Management and Security Essentials.
- [Instructor] Log Analytics Service. OMS provides log analysis by using the log analytics feature. Log analytics helps you collect and analyze data that resources in your cloud and on-premises environments generate. It gives you real-time insight by using integrated search and custom dashboards to analyze millions of records across all of your workloads and servers, regardless of their physical location.
Enterprise administrators can add solutions to log analytics that delineate the data to be collected and the logic for its analysis. At the center of log analytics is the OMS repository, which the Azure cloud hosts. You can configure data sources and add solutions to your subscription to collect data in the repository from connected sources. Data sources and solutions will each create different record types that have their own set of properties, but you can still analyze together by using queries to the repository.
This allows you to use the same tools and methods to work with different kinds of data that different sources collect. Connected sources are the computers and other resources that generate data. These can include agents on Windows and Linux computers that connect directly, or they can be agents from a connected management group. Log analytics can also collect data from Microsoft Azure storage. Data sources are the different kinds of data collected from each connected source.
These can include events and performance data from Windows and Linux agents, in addition to sources such as IS logs and custom text logs. You can configure each data source that you want to collect, and the configuration is automatically delivered to each connected source. Most of your interaction with log analytics will be through the OMS Portal, which runs in any browser. This portal provides you will access to configuration settings and to multiple tools that help you analyze and act on collected data.
From the portal you can use log searches to construct queries to analyze collected data. You can also customize dashboards with graphical views of your most valuable searches and use solutions that provide additional functionality and analysis tools. Log analytics provides a query syntax to retrieve and consolidate data quickly in the repository, and you can create and save log searches to analyze data directly in the OMS Portal, and you can run log searches automatically to create an alert if the results of the query indicate an important condition.
To analyze data outside of log analytics you can export the data from the OMS repository into tools such as Microsoft's Power BI or Excel. You can also use the log search application program interface to build custom solutions that use log analytics, or to integrate with other systems. Solutions add functionality to log analytics. They primarily run in the cloud, and provide analysis of data collected in the OMS repository.
They can also define new record types, which you can collect to analyze by using log searches, or by using the additional user interface provided by the solution in the OMS dashboard. Solutions are available for a variety of functions, and you can easily search for available solutions and add them to your OMS workspace from the solutions gallery in the Marketplace. Many solutions will automatically deploy and start working immediately, while others might require some additional configuration, and will need to be purchased.
Costs may vary. Log analytics deployment requirements are minimal because the Azure cloud hosts the central components. The components include the repository and the services that allow you to correlate and analyze collected data. You can access the OMS Portal from any browser, so there is no requirement for client software.
- What is Operations Management Suite (OMS)?
- Deploying and configuring OMS
- Collecting and analyzing data
- Analyzing Log Analytics data
- Using OMS to monitor an on-premises environment
- Identifying critical updates
- IT Service Management Connector