Having application and system level metrics is a minimum requirement for a proper monitoring system. However log aggregation is a similarly important but often overlooked part of an overall monitoring strategy. Many companies do not even think about proper log management until some disaster comes along and they find they cannot properly identify the root of the problem. Being able to collect and quickly analyze large numbers of logs is extremely helpful for any forensic investigation.

Companies spend large amounts of money and development on solutions like Splunk or ELK. With Azure, you get a baked in solution with Azure Log Analytics. It gives you an easy way to search a variety of types of event logs and has simple quickstart guides for Linux, Windows, and Azure VM server types.

The setup for Azure VM’s is easiest. All you will have to do is enable to log analytics extension from the console. With just a few clicks you can immediately start collecting event data for analysis. For Linux and Windows servers you will need to obtain a set of credentials - specifically a workspace ID and key. These will be used to set up the log analytics agent that will run on your server. The actual agent installation is pretty straightforward. You can do it with a few terminal commands in Linux. For Windows, you can download the agent from Azure directly and set it up with a few clicks on the relevant server. In both cases, you will need to configure the agent with the workspace ID and key so that the log data is sent to your Azure portal.

From the Log Analytics portal you will do most of your setup using the ‘Advanced Settings’ tab. There you can type in the name of the relevant logs to set as event logs. You can enable OS performance data for Linux or Windows with a separate option and configure severity levels WARN and ERROR for isolating potentially serious events. Once you are done with configuration, you can freely search and view log data by clicking on ‘Log Search.’ There you can type in any arbitrary pattern and find matches among all of your events.

One final cool feature to note about Azure Log Analytics is the ecosystem of additional plugins, known as ‘management solutions’ that you can add to your workspace. Management solutions are additional data acquisition rules and visualizations that let you really customize your log analysis needs to your specific use case. There are dozens of them available. Just to name a few examples, there is a management solution specifically for container monitoring, a solution for tracking specific events in your activity log, and a solution for automated real-time server mapping and graphing. If you want to really get the most out of your log data then it is definitely worth your time to browse these additional features for Azure Log Analytics.

In the alerting section we will discuss how to use Log Analytics for automatically catching dangerous conditions in your system. For now, you should have a basic understanding of how to set up Log Analytics and use it for investigating your systems. Next, we move on to application monitoring with Application Insights. See you there.