Something I learned in my daily routine, working, reading articles, and being present at Microsoft trainings, was that controlling Log Analytics workspace is brutal and can give you hell in a blink of an eye. First of all, you can easily lose yourself through the multiple links in Azure and your brain loses itself on the comes and goes. Second, if you have multiple workspaces and multiple settings attached to them you can be in a situation you don’t know ‘what data is being ingested where’, where being the lost workspace(s). Third, and for companies the most important, the amount to be paid because of data ingestion can spike in a matter of minutes.

So if you don’t want to pull your hair out (like I did, haha) I’ll show you ways of controlling your workspaces.

Azure Monitor

To find this nice dashboard you just need to search for Monitor

Then you click ‘Log Analytics Workspaces’ in the Insights section

The dashboard will give you the option of choosing subscription, resource groups, workspaces and the time range will want to analyze

Selecting a Workspace from the list you give you a dashboard with multiple options.

The first page is an overview showing the volume of data ingested in the selected time range, how many hosts are alive or not responding, the retention of logs in days and if your Daily usage / Cap

The second page, Usage, shows you the metrics of data ingestion per solution (Insights, Service Maps, Security, etc). Clicking every solution will change the graphic and the list of machines so you can have an overview of what type of solution is ingesting more data

You have then the options of checking the health of your workspace, the health of your agents by machine (very important to know if the Azure Monitor Agent is up and running), Query Audit and Change Log.

There are other ways of managing the data ingestion (like running Kusto queries in Azure Logs) but that is a subject for another time. 🙂

Hope you enjoy this little tutorial. See you next time.