This post is part of a series where we will be using the Log Analytics workspace to store Office 365 information which will then be used to create a dashboard. We will first create the Log Analytics workspace in Azure, then create an app registration in Azure Active Directory, then a Runbook using Automation Accounts to upload data to the Log Analytics workspace and lastly we will be building a dashboard in the Log Analytics workspace.
The following posts are part of these series:
- Creating a Log Analytics workspace in Azure
- Registering an app in Azure Active Directory
- Creating a PowerShell Runbook using Automation Accounts
- Building an Azure dashboard
- Building a Log Analytics workspace dashboard
Log Analytics workspaces
A Log Analytics workspace is a unique environment for Azure Monitor log data. Each workspace has its own data repository and configuration, and data sources and solutions are configured to store their data in a particular workspace. You require a Log Analytics workspace if you intend on collecting data from the following sources:
- Azure resources in your subscription
- On-premises computers monitored by System Center Operations Manager
- Device collections from System Center Configuration Manager
- Diagnostics or log data from Azure storage
It is advisable to create a new Log Analytics workspace for this scenario as data can then be separated from other logs. There are a couple of ways to create a Log Analytics workspace. For example using the browser, Azure CLI and PowerShell.
Creating a Log Analytics workspace using the browser
Browse to the Log Analytics workspace in Azure or use the direct link https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces
Click on ‘Add’
Fill in the required information and click on OK
Click on the newly created Log Analytics workspace.
Creating a Log Analytics workspace using PowerShell
The Azure PowerShell module is used to create and manage Azure resources from the PowerShell command line or in scripts. You can use the Cloud shell but we will be running PowerShell locally. Go to https://docs.microsoft.com/nl-nl/powershell/azure/install-az-ps to install the latest Azure PowerShell Module.
First you need to create a JSON template file which will be used to deploy the Log Analytics workspace. The below example creates the workspace in west Europe.
{
“$schema”: “https://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#”,
“contentVersion”: “1.0.0.0”,
“parameters”: {
“workspaceName”: {
“type”: “String”,
“metadata”: {
“description”: “Specifies the name of the workspace.”
}
},
“location”: {
“type”: “String”,
“allowedValues”: [
“West Europe”
],
“defaultValue”: “West Europe”,
“metadata”: {
“description”: “Specifies the location in which to create the workspace.”
}
},
“sku”: {
“type”: “String”,
“allowedValues”: [
“Standalone”,
“PerNode”,
“PerGB2018”
],
“defaultValue”: “PerGB2018”,
“metadata”: {
“description”: “Specifies the service tier of the workspace: Standalone, PerNode, Per-GB”
}
}
},
“resources”: [
{
“type”: “Microsoft.OperationalInsights/workspaces”,
“name”: “[parameters(‘workspaceName’)]”,
“apiVersion”: “2015-11-01-preview”,
“location”: “[parameters(‘location’)]”,
“properties”: {
“sku”: {
“Name”: “[parameters(‘sku’)]”
},
“features”: {
“searchVersion”: 1
}
}
}
]
}
Create a .json file with the above contents on the local disk and start PowerShell as administrator.
First create a connection to Azure with: Connect-AzAccount
Then start the deployment with: New-AzResourceGroupDeployment -Name LogAnalyticsWorkspaceBlog2 -ResourceGroupName rg-blog -TemplateFile “C:\Temp\LAWBlog2.json”
Get Log Analytics workspace ID and primary key
We will be using the workspace ID and primary key with PowerShell. Go to the newly created Log Analytics workspace.
Go to Advanced Settings
Note the workspace ID and Primary Key
The post Creating a Log Analytics workspace in Azure appeared first on Cloud Security | Office 365 | Azure | SharePoint.