Azure Log Analytics Workspaces and Log Queries

Brief Overview

• A Log Analytics Workspace is a unique environment for log data from Azure Monitor and other Azure services
  • Azure Monitor is a solution for collecting, analyzing, and acting on telemetry from your cloud (and on-premises) resources
• Each workspace has its own data repository and configuration but may combine data from multiple service
• Log Analytics is the primary tool in the Azure portal for editing log queries and analyzing their results
  • You'll typically write and test your Queries in Log Analytics before copying to their final location
• Log Queries are written using the Kusto Query Language (KQL)

Official Links/Resources

• Log Analytics Workspace Overview
  https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview
• Monitor Overview
  https://docs.microsoft.com/en-us/azure/azure-monitor/overview
• Log Analytics Interface
  https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview#log-analytics-interface
• Log Query Overview
  https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-query-overview
• Kusto Query Language (KQL) Overview
  https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query
• KQL Quick Reference
  https://docs.microsoft.com/en-us/azure/data-explorer/kql-quick-reference
• SQL to Kusto cheat sheet
  https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet
• Log Analytics Workspaces Service Limits
  https://docs.microsoft.com/en-us/azure/azure-monitor/service-limits#log-analytics-workspaces
• Monitor Overview
  https://docs.microsoft.com/en-us/azure/azure-monitor/overview