什么是 Log Analytics?What is Log Analytics?

Log Analytics 是 Operations Management Suite (OMS) 中的一个服务,用于监视云和本地环境,使其保持较高的可用性和性能。Log Analytics is a service in Operations Management Suite (OMS) that monitors your cloud and on-premises environments to maintain their availability and performance. 它可以收集云和本地环境中的资源生成的数据以及其他监视工具的数据,针对多个源提供分析。It collects data generated by resources in your cloud and on-premises environments and from other monitoring tools to provide analysis across multiple sources. 本文简要介绍 Log Analytics 提供的价值及其工作原理的概述,并提供更详细内容的链接,帮助你深入了解此产品。This article provides a brief discussion of the value that Log Analytics provides, an overview of how it operates, and links to more detailed content so you can dig further.

Log Analytics 是否适合你?Is Log Analytics for you?

如果 Azure 环境中当前尚未部署监视机制,应该先使用 Azure Monitor 来收集和分析 Azure 资源的监视数据。If you have no current monitoring in place for your Azure environment, you should start with Azure Monitor, which collects and analyzes monitoring data for your Azure resources. Log Analytics 可从 Azure Monitor 收集数据,将这些数据与其他数据相关联并提供更多分析信息。Log Analytics can collect data from Azure Monitor to correlate it with other data and provide additional analysis.

若要监视本地环境,或者部署了使用 Azure Monitor 或 System Center Operations Manager 等服务的现有监视机制,则 Log Analytics 可以大大提高其价值。If you want to monitor your on-premises environment or you have existing monitoring using services such as Azure Monitor or System Center Operations Manager, then Log Analytics can add significant value. 它能直接将代理中的数据以及其他此类工具中的数据收集到单个存储库。It can collect data directly from your agents and also from these other tools into a single repository. Log Analytics 中的分析工具(例如日志搜索、视图和解决方案)可针对收集的所有数据运行,提供整个环境的集中分析信息。Analysis tools in Log Analytics such as log searches, views, and solutions work against all collected data providing you with centralized analysis of your entire environment.

使用 Log AnalyticsUsing Log Analytics

可以通过在任意浏览器中运行的 OMS 门户或 Azure 门户访问 Log Analytics。在这些门户中,可以访问配置设置和多个工具来分析和处理收集的数据。You can access Log Analytics through the OMS portal or the Azure portal, which run in any browser and provide you with access to configuration settings and multiple tools to analyze and act on collected data. 可以在该门户中使用日志搜索,在此过程中,可以构造查询(分析收集的数据)、仪表板(可以使用最有价值的搜索的图形视图自定义)和解决方案(提供其他功能和分析工具)。From the portal you can leverage log searches where you construct queries to analyze collected data, dashboards, which you can customize with graphical views of your most valuable searches, and solutions, which provide additional functionality and analysis tools.

下面是 OMS 门户的屏幕截图,其中的仪表板显示了工作区中安装的解决方案的摘要信息。The image below is from the OMS portal, which shows the dashboard that displays summary information for the solutions that are installed in the workspace. 单击任一磁贴可以进一步深入到该解决方案的数据。You can click on any tile to drill further into the data for that solution.

OMS 门户

Log Analytics 提供用于快速检索和整合存储库中数据的查询语言。Log Analytics includes a query language to quickly retrieve and consolidate data in the repository. 可以创建并保存日志搜索,以便直接在门户中分析数据,或者自动运行日志搜索,在查询结果指示重要状况时创建警告。You can create and save Log Searches to directly analyze data in the portal or have log searches run automatically to create an alert if the results of the query indicate an important condition.


要获取整体环境运行状况的快速图形视图,可将已保存日志搜索的可视化效果添加到仪表板中。To get a quick graphical view of the health of your overall environment, you can add visualizations for saved log searches to your dashboard.


可以将 OMS 存储库的数据导出到 Power BI 或 Excel 等工具,以在 Log Analytics 外部分析数据。In order to analyze data outside of Log Analytics, you can export the data from the OMS repository into tools such as Power BI or Excel. 还可以使用日志搜索 API 生成利用 Log Analytics 数据的自定义解决方案或与其他系统集成。You can also leverage the Log Search API to build custom solutions that leverage Log Analytics data or to integrate with other systems.

使用管理解决方案添加功能Add functionality with management solutions

管理解决方案可将功能添加到 OMS,为 Log Analytics 提供更多数据和分析工具。Management solutions add functionality to OMS, providing additional data and analysis tools to Log Analytics. 这些解决方案还可以定义要收集的新记录类型,并使用日志搜索或通过仪表板中的解决方案提供的其他用户界面进行分析。They may also define new record types to be collected that can be analyzed with Log Searches or by additional user interface provided by the solution in the dashboard. 以下示例截图显示了更改跟踪解决方案The example image below shows the Change Tracking solution


解决方案适用于各种功能,我们将持续添加更多的解决方案。Solutions are available for a variety of functions, and additional solutions are consistently being added. 可以轻松浏览可用的解决方案,并将其从解决方案库或 Azure Marketplace 添加到 OMS 工作区You can easily browse available solutions and add them to your OMS workspace from the Solutions Gallery or Azure Marketplace. 许多解决方案可自动部署并立即开始运行,还有一些解决方案可能需要经过适度的配置。Many will be automatically deployed and start working immediately while others may require moderate configuration.


Log Analytics 组件Log Analytics components

Log Analytics 的中心是托管在 Azure 云中的 OMS 存储库。At the center of Log Analytics is the OMS repository, which is hosted in the Azure cloud. 通过配置数据源和向订阅添加解决方案,将连接的源中的数据收集到存储库。Data is collected into the repository from connected sources by configuring data sources and adding solutions to your subscription. 数据源和解决方案将分别创建具有自身属性集的不同记录类型,但是仍可在对存储库的查询中同时对它们进行分析。Data sources and solutions will each create different record types that have their own set of properties but may still be analyzed together in queries to the repository. 这允许使用相同的工具和方法来处理不同资源收集的各种数据。This allows you to use the same tools and methods to work with different kinds of data collected by different sources.

OMS 存储库

连接的源是生成 Log Analytics 收集的数据的计算机和其他资源。Connected sources are the computers and other resources that generate data collected by Log Analytics. 其中可包括直接连接的 WindowsLinux 计算机上安装的代理或 连接的 System Center Operations Manager 管理组 中的代理。This can include agents installed on Windows and Linux computers that connect directly or agents in a connected System Center Operations Manager management group. 对于 Azure 资源,Log Analytics 将从 Azure Monitor 和 Azure 诊断收集数据。For Azure resources, Log Analytics collects data from Azure Monitor and Azure Diagnostics.

数据源 是从各个连接的源中收集的各种数据。Data sources are the different kinds of data collected from each connected source. IIS 日志自定义文本日志等源外,还包括 Windows 和 Linux 代理中的事件性能数据This includes events and performance data from Windows and Linux agents in addition to sources such as IIS logs, and custom text logs. 可以配置要收集的各个数据源,配置会自动传递到各个连接的源。You configure each data source that you want to collect, and the configuration is automatically delivered to each connected source.

如果有自定义方面的要求,可以使用 HTTP 数据收集器 API 将数据从 REST API 客户端写入存储库。If you have custom requirements, then you can use the HTTP Data Collector API to write data to the repository from a REST API client.

Log Analytics 体系结构Log Analytics architecture

由于中心组件在 Azure 云中托管,因此 Log Analytics 的部署要求很少。The deployment requirements of Log Analytics are minimal since the central components are hosted in the Azure cloud. 除允许关联和分析收集的数据的服务之外,其中还包括存储库。This includes the repository in addition to the services that allow you to correlate and analyze collected data. 门户可以通过任意浏览器进行访问,因此对客户端软件没有要求。The portal can be accessed from any browser so there is no requirement for client software.

必须在 WindowsLinux 计算机上安装代理,但是已属于 连接的 SCOM 管理组 成员的计算机无需安装其他代理。You must install agents on Windows and Linux computers, but there is no additional agent required for computers that are already members of a connected SCOM management group. SCOM 代理将继续与管理服务器进行通信,该服务器会将通信数据转发到 Log Analytics。SCOM agents will continue to communicate with management servers, which will forward their data to Log Analytics. 但是一些解决方案需要代理才能直接与 Log Analytics 进行通信。Some solutions though will require agents to communicate directly with Log Analytics. 各解决方案的文档将指定解决方案的通信要求。The documentation for each solution will specify its communication requirements.

注册 Log Analytics 时,会创建一个 OMS 工作区。When you sign up for Log Analytics, you will create an OMS workspace. 可将工作区视为独特的 Log Analytics 环境,其中包含自身的数据存储库、数据源和解决方案。You can think of the workspace as a unique Log Analytics environment with its own data repository, data sources, and solutions. 可以在订阅中创建多个工作区来支持生产和测试等多种环境。You may create multiple workspaces in your subscription to support multiple environments such as production and test.

Log Analytics 体系结构

后续步骤Next steps