This post is part of a series where we will be using the Log Analytics workspace to store Office 365 information which will then be used to create a dashboard. We will first create the Log Analytics workspace in Azure, then create an app registration in Azure Active Directory, then a Runbook using Automation Accounts to upload data to the Log Analytics workspace and lastly we will be building a dashboard in the Log Analytics workspace.

The following posts are part of these series:

Log Analytics workspaces

A Log Analytics workspace is a unique environment for Azure Monitor log data. Each workspace has its own data repository and configuration, and data sources and solutions are configured to store their data in a particular workspace. You require a Log Analytics workspace if you intend on collecting data from the following sources:

  • Azure resources in your subscription
  • On-premises computers monitored by System Center Operations Manager
  • Device collections from System Center Configuration Manager
  • Diagnostics or log data from Azure storage

It is advisable to create a new Log Analytics workspace for this scenario as data can then be separated from other logs. There are a couple of ways to create a Log Analytics workspace. For example using the browser, Azure CLI and PowerShell.

Creating a Log Analytics workspace using the browser

Browse to the Log Analytics workspace in Azure or use the direct link https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces

image

Click on ‘Add’

image

Fill in the required information and click on OK

image

Click on the newly created Log Analytics workspace.

Creating a Log Analytics workspace using PowerShell

The Azure PowerShell module is used to create and manage Azure resources from the PowerShell command line or in scripts. You can use the Cloud shell but we will be running PowerShell locally. Go to https://docs.microsoft.com/nl-nl/powershell/azure/install-az-ps to install the latest Azure PowerShell Module.

First you need to create a JSON template file which will be used to deploy the Log Analytics workspace. The below example creates the workspace in west Europe.

{
“$schema”: “https://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#”,
“contentVersion”: “1.0.0.0”,
“parameters”: {
“workspaceName”: {
“type”: “String”,
“metadata”: {
“description”: “Specifies the name of the workspace.”
}
},
“location”: {
“type”: “String”,
“allowedValues”: [
“West Europe”
],
“defaultValue”: “West Europe”,
“metadata”: {
“description”: “Specifies the location in which to create the workspace.”
}
},
“sku”: {
“type”: “String”,
“allowedValues”: [
“Standalone”,
“PerNode”,
“PerGB2018”
],
“defaultValue”: “PerGB2018”,
“metadata”: {
“description”: “Specifies the service tier of the workspace: Standalone, PerNode, Per-GB”
}
}
},
“resources”: [
{
“type”: “Microsoft.OperationalInsights/workspaces”,
“name”: “[parameters(‘workspaceName’)]”,
“apiVersion”: “2015-11-01-preview”,
“location”: “[parameters(‘location’)]”,
“properties”: {
“sku”: {
“Name”: “[parameters(‘sku’)]”
},
“features”: {
“searchVersion”: 1
}
}
}
]
}

Create a .json file with the above contents on the local disk and start PowerShell as administrator.

image

First create a connection to Azure with: Connect-AzAccount

image

Then start the deployment with: New-AzResourceGroupDeployment -Name LogAnalyticsWorkspaceBlog2 -ResourceGroupName rg-blog -TemplateFile “C:\Temp\LAWBlog2.json”

image

Get Log Analytics workspace ID and primary key

We will be using the workspace ID and primary key with PowerShell. Go to the newly created Log Analytics workspace.

image

Go to Advanced Settings

image

Note the workspace ID and Primary Key

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.