Introduction
Log Analytics is a tool in Azure Monitor that allows you to edit and run log queries for data collected in Azure Monitor Logs. It offers query features and tools, supports the Kusto Query Language (KQL), and allows for detailed analysis and problem-solving.
Imagine you're an Azure Administrator working for a large e-commerce company. Your company recently experienced a major security breach, and you need to investigate the root cause and prevent future incidents. You have access to logs from various Azure services, but manually analyzing them would be time-consuming and inefficient.
By using Log Analytics, you can easily query and analyze the logs to identify any suspicious activities, track changes, and ensure compliance with security standards. With Log Analytics, you can quickly assess update requirements and time-to-complete, track changes, and identify access issues in your systems. It helps meet strict SLAs for businesses and provides a single interface for analyzing data from multiple sources.
The goal of this module is to provide you with the knowledge and skills to effectively use Log Analytics in Azure Monitor.
Learning objectives
In this module, you learn how to:
- Identify the features and usage cases for Log Analytics in Azure Monitor.
- Structure and create a Log Analytics workspace in the Azure portal.
- Use KQL to query a Log Analytics workspace and review results.
Skills measured
The content in the module helps you prepare for Exam AZ-104: Microsoft Azure Administrator.
Prerequisites
- Working knowledge of Azure Monitor including data sources and collected data.
- Experience with the Azure portal including navigating and locating resources.
- Familiarity with structuring and executing data queries.