OPS115 - Log Analytics workspace design deep dive

In this session Pierre Roman and Meir Mendelovich discuss designing the proper structure for your Log Analytics workspace.

Log Analytics Workspace are the foundation of MANY Azure services like Azure Monitor, Azure Sentinel and many more. Therefore, you need to understand your requirements, your needs, and the capabilities you're trying to light up.

Meir Mendelovich, Principal Program Manager, working on Log Analytics discusses the options you have.

✔️ Resources:

  • IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks
  • IT Ops Talk Community Chat: https://aka.ms/ops115-chat
  • Designing your Azure Monitor Logs deployment: https://aka.ms/ops115-logsdesign
  • Manage access to log data and workspaces in Azure Monitor: https://aka.ms/ops115-logsaccess
  • Azure Monitor Logs Dedicated Clusters: https://aka.ms/ops115-logscluster
  • Azure Monitor customer-managed key: https://aka.ms/ops115-LogsCMK
  • Customer Lockbox for Microsoft Azure: https://aka.ms/ops115-lockbox

🔖 Chapters:

  • 0:00 Introduction
  • 1:33 What is today's session
  • 3:43 Design choices for diverse types of enterprises
  • 5:46 What is Azure Monitor?
  • 7:00 Agents and Azure Arc deployment
  • 10:05 Logs vs Metrics
  • 11:00 Tools (Insights, Visualize, Analyze, Respond, Integrate)
  • 16:00 Workspace topology
  • 19:00 Hub and spoke vs. monolithic design
  • 24:50 RBAC
  • 35:00 Consuming Logs in Resource-Context
  • 40:40 Enterprise Deployments
  • 41:00 dedicated clusters
  • 48:15 Enhanced Security & Control
  • 53:17 Availability Zones
  • 58:00 Log Export Usages
  • 1:03:00 Wrap Up