您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

什么是 Azure Log Analytics?What is Azure Log Analytics?

Log Analytics 在 Azure 管理中发挥中心作用,具体表现在:从各种源收集遥测数据和其他数据,以及提供查询语言和分析引擎,用于了解应用程序和资源的运行情况。Log Analytics plays a central role in Azure management by collecting telemetry and other data from a variety of sources and providing a query language and analytics engine that gives you insights into the operation of your applications and resources. 可以通过日志搜索和视图直接与 Log Analytics 数据交互,也可以在其他 Azure 服务(例如 Application Insights 或 Azure 安全中心,可以将其数据存储在 Log Analytics 中)中使用分析工具。You can either interact directly with Log Analytics data through log searches and views, or you may use analysis tools in other Azure services that store their data in Log Analytics such as Application Insights or Azure Security Center.

Log Analytics 需要的配置最少,已经与其他 Azure 服务集成。Log Analytics requires minimal configuration and is already integrated with other Azure services. 只需创建一个工作区来启用集合。You just need to create a workspace to enable collection. 然后即可在虚拟机上安装代理,以便将其包括在工作区中并启用管理解决方案。这些解决方案包含可以更深入了解不同应用程序的逻辑。You can then install agents on virtual machines to include them in the workspace and enable management solutions which include logic to provide additional insights into different applications. 在后台,数据类型是预定义的,或者是在收集数据时自动创建的。Behind the scenes, data types are either predefined or automatically created as data is collected.

在监视中的角色Role in monitoring

若要了解 Azure 中的不同监视服务,请参阅监视 Azure 应用程序和资源The different monitoring services in Azure are described in Monitoring Azure applications and resources. Log Analytics 所起的中心作用是:从不同的源整合监视数据,并提供一种强大的查询语言,用于整合和分析。Log Analytics plays a central role by consolidating monitoring data from different sources and providing a powerful query language for consolidation and analysis.

不过,Log Analytics 不限于监视 Azure 资源。Log Analytics isn't limited to monitoring Azure resources though. 它可以从位于本地或其他云中的资源收集数据,用于创建混合监视环境;可以直接连接到 System Center Operations Manager,以便从现有代理处收集遥测数据。It can collect data from resources that are on-premises or in other clouds to create a hybrid monitoring environment and can directly connect to System Center Operations Manager to collect telemetry from existing agents. Log Analytics 中的分析工具(例如日志搜索、视图和管理解决方案)可以处理收集的所有数据,让你能够集中分析整个环境。Analysis tools in Log Analytics such as log searches, views, and management solutions work against all collected data providing you with the capability to centrally analyze your entire environment.

数据收集Data collection

Log Analytics 从各种源收集数据。Log Analytics collects data from a variety of sources. 收集以后,数据会按数据类型整理到不同的表中,这样就可以对所有数据进行集中分析,不管其最初来源是什么。Once collected, the data is organized into separate tables for each data type, which allows all data to be analyzed together regardless of its original source.

将数据收集到 Log Analytics 中的方法包括:Methods for collecting data into Log Analytics include the following:

Log Analytics 组件

使用管理解决方案添加功能Add functionality with management solutions

管理解决方案提供预打包的逻辑,适用于特定的产品或方案。Management solutions provide prepackaged logic for a particular product or scenario. 这些解决方案可以将额外的数据收集到 Log Analytics 中,也可以处理已收集的数据。They may gather extra data into Log Analytics or process data that's already been collected. 此类方案通常会包括一个视图,用于分析这些额外的数据。They'll typically include a view to help you analyze this additional data. 解决方案适用于各种功能,我们将持续添加更多的解决方案。Solutions are available for a variety of functions, and additional solutions are consistently being added. 可以轻松浏览可用的解决方案,并将其从 Azure Marketplace 添加到工作区You can easily browse available solutions and add them to your workspace from the Azure Marketplace.

Marketplace

查询语言Query language

Log Analytics 提供用于快速检索、整合和分析已收集数据的富查询语言Log Analytics includes a rich query language to quickly retrieve, consolidate, and analyze collected data. 可以使用日志搜索或高级分析门户创建和测试查询,然后使用这些工具直接分析数据,或者将查询保存下来,与可视化效果、警报一起配合使用,或者将其导出到其他工具,例如 Power BI 或 Excel。You can create and test queries using the Log Search or Advanced Analytics portals and then either directly analyze the data using these tools or save queries for use with visualizations, alerts, or export to other tools such as Power BI or Excel.

Log Analytics 查询语言适用于简单的日志查询,但也包括高级功能,例如聚合、联接、智能分析。The Log Analytics query language is suitable for simple log searches but also includes advanced functionality such as aggregations, joins, and smart analytics. 可以通过提供的多个教程快速了解此查询语言。You can quickly learn the query language using multiple tutorials that are available. 特定指南提供给已熟悉 SQLSplunk 的用户。Particular guidance is provided to users who are already familiar with SQL and Splunk.

日志搜索

可视化 Log Analytics 数据Visualize Log Analytics data

Log Analytics 中的视图可直观地显示日志搜索中的数据。Views in Log Analytics visually present data from log searches. 每个视图都包括各种可视化效果的组合,例如汇总了关键数据的列表,以及条形图和折线图。Each view includes a combination of visualizations such as bar and line charts in addition to lists summarizing critical data. 管理解决方案包括的视图汇总了特定应用程序的数据。你可以创建自己的视图来显示任何 Log Analytics 日志搜索的数据。Management solutions include views that summarize data for a particular application, and you can create your own views to present data from any Log Analytics log search.

Log Analytics 视图

也可将 Log Analytics 查询的结果固定到 Azure 仪表板,该仪表板可以将不同 Azure 服务的磁贴组合起来。You can also pin the results of a Log Analytics query to an Azure dashboard, which allows you to combine tiles from different Azure services. 甚至可以将 Log Analytics 视图固定到某个仪表板。You can even pin a Log Analytics view to a dashboard.

Azure 仪表板

根据 Log Analytics 数据创建警报Creating alerts from Log Analytics data

使用 Azure 警报主动向你发送通知,介绍 Log Analytics 数据中对你很重要的情况。Use Azure Alerts to proactively notify you of conditions in Log Analytics data that are important to you. 系统会自动按计划的时间间隔运行某个查询,并在结果复合特定条件的情况下创建警报。A query is automatically run at scheduled intervals and an alert created if the results match specific criteria. 这样就可以将来自 Log Analytics 的警报与其他源的警报组合在一起,例如,来自 Azure Monitor 的近实时警报、来自 Application Insights 的应用程序异常、为了响应警报条件而共享操作组This allows you combine alerting from Log Analytics with other sources such as near real time alerts Azure Monitor and application exceptions Application Insights, sharing Action groups for response to alert conditions.

警报

在其他服务中使用 Log Analytics 数据Using Log Analytics data in other services

服务(例如 Application Insights 和 Azure 安全中心)将其数据存储在 Log Analytics 中。Services such as Application Insights and Azure Security Center store their data in Log Analytics. 通常可以与这些服务所提供的富分析工具交互,但也可以使用 Log Analytics 查询来 访问其数据,并在可能情况下将其与来自其他服务的数据组合起来。You'll typically interact with the rich analysis tools provided by these services, but you can also use Log Analytics queries to access their data and potentially combine it with data from other services.

例如,以下视图来自 Application Insights。For example, the following view is from Application Insights. 如果单击右上角的图标,则会启动 Log Analytics 分析控制台,其中包含图形所使用的查询。If you click the icon in the top right, it launches the Log Analytics analytics console with the queries used by the graph.

Application Insights

导出 Log Analytics 数据Exporting Log Analytics data

Log Analytics 还在 Azure 外部提供其数据。Log Analytics also makes its data available outside of Azure. 可以将 Power BI 配置为按计划的时间间隔导入查询结果,以便利用其各项功能,例如合并不同来源的数据以及在 Web 和移动设备上共享报表。You can configure Power BI to import the results of a query at scheduled intervals allowing you to take advantage of its features such as combing data from different sources and sharing reports on the web and mobile devices. 还可以使用日志搜索 API 生成利用 Log Analytics 数据的自定义解决方案或与其他系统集成。You can also leverage the Log Search API to build custom solutions that leverage Log Analytics data or to integrate with other systems.

可以在 Azure 中使用逻辑应用,根据 Log Analytics 数据来创建自定义工作流。You can use Logic Apps in Azure to create custom workflows based on Log Analytics data. 如需更复杂的基于 PowerShell 的逻辑,可以使用 Azure 自动化中的 RunbookFor more complex logic based on PowerShell, you can use runbooks in Azure Automation.

Power BI

后续步骤Next steps