Create a Log Analytics workspace with Azure PowerShell

• 09/18/2018
• 3 minutes to read
• Contributors
  • 
  • 
  • 
  • 
  • 

The Azure PowerShell module is used to create and manage Azure resources from the PowerShell command line or in scripts. This quickstart shows you how to use the Azure PowerShell module to deploy a Log Analytics workspace in Azure, which is a unique environment with its own data repository, data sources, and solutions. The steps described in this article are required if you intend on collecting data from the following sources:

• Azure resources in your subscription
• On-premises computers monitored by System Center Operations Manager
• Device collections from System Center Configuration Manager
• Diagnostic or log data from Azure storage

For other sources, such as Azure VMs and Windows or Linux VMs in your environment, see the following topics:

• Collect data from Azure virtual machines
• Collect data from hybrid Linux computer
• Collect data from hybrid Windows computer

If you don't have an Azure subscription, create a free account before you begin.

Open Azure Cloud Shell

Azure Cloud Shell is a free, interactive shell that you can use to run the steps in this article. Common Azure tools are preinstalled and configured in Cloud Shell for you to use with your account. Just select the Copy button to copy the code, paste it in Cloud Shell, and then press Enter to run it. There are a few ways to open Cloud Shell:

Select Try It in the upper-right corner of a code block.
Open Cloud Shell in your browser.
Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal.

If you choose to install and use the PowerShell locally, this tutorial requires the Azure PowerShell module version 5.7.0 or later. Run Get-Module -ListAvailable AzureRM to find the version. If you need to upgrade, see Install Azure PowerShell module. If you are running PowerShell locally, you also need to run Connect-AzureRmAccount to create a connection with Azure.

Create a workspace

Create a workspace with New-AzureRmResourceGroupDeployment. The following example creates a workspace named TestWorkspace in the resource group Lab in the eastus location using a Resource Manager template from your local machine. The JSON template is configured to only prompt you for the name of the workspace, and specifies a default value for the other parameters that would likely be used as a standard configuration in your environment.

The following parameters set a default value:

• location - defaults to East US
• sku - defaults to the new Per-GB pricing tier released in the April 2018 pricing model

Create and deploy template

1. Copy and paste the following JSON syntax into your file:

   {
   "$schema": "https://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
       "workspaceName": {
           "type": "String",
           "metadata": {
             "description": "Specifies the name of the workspace."
           }
       },
       "location": {
           "type": "String",
           "allowedValues": [
             "eastus",
             "westus"
           ],
           "defaultValue": "eastus",
           "metadata": {
             "description": "Specifies the location in which to create the workspace."
           }
       },
       "sku": {
           "type": "String",
           "allowedValues": [
             "Standalone",
             "PerNode",
             "PerGB2018"
           ],
           "defaultValue": "PerGB2018",
           "metadata": {
           "description": "Specifies the service tier of the workspace: Standalone, PerNode, Per-GB"
       }
         }
   },
   "resources": [
       {
           "type": "Microsoft.OperationalInsights/workspaces",
           "name": "[parameters('workspaceName')]",
           "apiVersion": "2017-03-15-preview",
           "location": "[parameters('location')]",
           "properties": {
               "sku": {
                   "Name": "[parameters('sku')]"
               },
               "features": {
                   "searchVersion": 1
               }
           }
         }
      ]
   }
   

2. Edit the template to meet your requirements. Review Microsoft.OperationalInsights/workspaces template reference to learn what properties and values are supported.

3. Save this file as deploylaworkspacetemplate.json to a local folder.

4. You are ready to deploy this template. Use the following commands from the folder containing the template:

       New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateFile deploylaworkspacetemplate.json
   

The deployment can take a few minutes to complete. When it finishes, you see a message similar to the following that includes the result:

Next steps

Now that you have a workspace available, you can configure collection of monitoring telemetry, run log searches to analyze that data, and add a management solution to provide additional data and analytic insights.

• To enable data collection from Azure resources with Azure Diagnostics or Azure storage, see Collect Azure service logs and metrics for use in Log Analytics.
• Add System Center Operations Manager as a data source to collect data from agents reporting your Operations Manager management group and store it in your Log Analytics workspace.
• Connect Configuration Manager to import computers that are members of collections in the hierarchy.
• Review the management solutions available and how to add or remove a solution from your workspace.