Search
  • Shannon

Log Analytics - Exploratory Work

Updated: Apr 23

So far, I've written 3 different posts in this series. I'll outline them here for you to reference as time moves forward.


Log Analytics Design and Access

Create Inventory of Existing Log Analytics Workspaces

Switch Log Analytics Permissions Model


Next, let's move on into the topic of the Log Analytics SKU. As I covered, back in 2018, the SKU switched to a per GB SKU, versus Per Node, Standard, or Free. If you created your Log Analytics workspace before April 2, 2018, you can continue to use the same SKU you previously configured, however you may want to switch all Log Analytics workspaces to the per GB SKU from a uniformity perspective. When I'd work more closely with customers, I stressed that may help you plot out your opex budgeting on a monthly and yearly basis.


When you create a new Log Analytics workspace, many people do not select Next: Pricing tier > at the bottom during Log Analytics workspace creation within the portal.






















On the Pricing tier page, if you select the drop down you'll see all SKUs (not just the default SKU). At one point in time, all these SKUs were valid, however as more enterprises and customers embraced digital transformation, Free, Per Node, and Standalone all became legacy SKUs (as noted by their description in parentheses). Eventually the legacy SKUs should also no longer be an option to select when building the workspace within the Azure Resource Manager portal.















The Per GB model seemed to make the most sense related to logging and log ingestion. As luck would have it, you might have some old legacy SKUs in your environment because you were already thinking about cloud and deploying resources before April 2018. By taking the inventory script I wrote about 2 posts back, you can probably spot the legacy SKUs (or if you've already configured this correctly within your environment, kudos to you).


Author's note: The next two paragraphs are inaccurate. With help from the Azure Monitor PG, I was able to write the following blog post, which highlights how to switch the Log Analytics legacy SKUs via the portal and PowerShell.

There are ways of seeing exactly what's been deployed in your Log Analytics workspaces. I think of the rest of this post as performing some more exploratory work so you know what's been deployed and how to mirror environments in the future if you ever have to build a brand new Log Analytics workspace.


With Log Analytics, there are a number of Solutions to help fulfill the entire Azure Monitor story with a Log Analytics workspace. There is even a Solutions reference that you can examine as time unfolds and you think about enabling more solutions in your environments. Before creating a new Log Analytics workspace, you may want to run some cmdlets against your environment so you ensure the same Azure Monitor Solutions are deployed within your new workspace. You can use the Get-AzMonitoringSolutions cmdlet and either focus the query on a resource group, a subscription, or all subscriptions. There's some flexibility baked into extracting the information you need.


When it comes to listing all monitoring solutions in 1 resource group, the following script will highlight what's been deployed:

If you're looking for the actual code, copy/paste what is shown below:

[CmdletBinding()]
    param(
    [Parameter(Mandatory=$true)]
    [string]$resourceGroup
    )
    
    Get-AzMonitorLogAnalyticsSolution -ResourceGroupName $resourceGroup | Select Name, Location, Id | Export-Csv c:\la-solution-1-rg.csv -NoTypeInformation

It's possible the Log Analytics workspaces deployed within your environment are in more than 1 resource group and you may need to look at what's been deployed for a single subscription. The following script can highlight what's been deployed inside 1 subscription:

If you're looking for the actual code, copy/paste what is shown below:

[CmdletBinding()]
    param(
    [Parameter(Mandatory=$true)]
    [string]$subscriptionId
    )
    
    Get-AzMonitorLogAnalyticsSolution -SubscriptionId $subscriptionId | Select Name, Location, Id | Export-Csv c:\la-solution-1subId.csv -NoTypeInformation

It's possible you may need to grab all monitoring solutions that have been deployed across all subscriptions. If that's the case, the following script can highlight what's been deployed across all subscriptions within your environment:

If you're looking for the actual code, copy/paste what is shown below:

$subscriptions = Get-AzSubscription
$results = ForEach($subscription in $subscriptions){
    Get-AzMonitorLogAnalyticsSolution -SubscriptionId $subscription.Id | Select Name, Location, Id
}
$results | Export-Csv c:\list-monitoring-solutions-all-subs.csv -NoTypeInformation

My least favorite thing about Wix (my blog hosting service) is that the code snippets leave a little to be desired. At the end of this series, I'll be putting everything I share code wise into a GitHub repo for you to use, fork, download, etc. Basically, whatever floats your boat. Afterall, sharing is caring!


...and with that...STAY TUNED! ;) I promise to write the next few posts a little faster!

Recent Posts

See All