Blog Post

ITOps Talk Blog
1 MIN READ

OPS115: Log Analytics workspace design deep dive

Pierre_Roman's avatar
Pierre_Roman
Icon for Microsoft rankMicrosoft
Feb 02, 2021

Designing the proper structure for your Log Analytics workspace requires you to understand your requirements, your needs and the capabilities you're trying to light up.  Meir Mendelovich, Principal Program Manager, working on Log Analytics discusses the options you have.

 

Speaker:

Meir Mendelovich - Principal Program Manager, Observability

 

 

This session includes:

0:00 Introduction
1:33 What is today's session
3:43 Design choices for diverse types of enterprises
5:46 What is Azure Monitor?
7:00 Agents and Azure Arc deployment
10:05 Logs vs Metrics
11:00 Tools (Insights, Visualize, Analyze, Respond, Integrate)
16:00 Workspace topology
19:00 Hub and spoke vs. monolithic design
24:50 RBAC
35:00 Consuming Logs in Resource-Context
40:40 Enterprise Deployments
41:00 dedicated clusters
48:15 Enhanced Security & Control
53:17 Availability Zones
58:00 Log Export Usages
1:03:00 Wrap Up

 

Community Chat

Want to chat about this session? Come join us on Discord! https://aka.ms/ops115-chat 

 

Learn More

What did you think? Please take a moment to submit your feedback at https://aka.ms/ops115-feedback

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

 

 
 
 
Updated May 14, 2021
Version 2.0
  • JonatanV's avatar
    JonatanV
    Copper Contributor

    Hi!

    Nice walkthrough. You advocate one common log analytics workspace for everything with resource permissions. Thats great in theory but it lacks one essential feature which in my opinion makes it much better to use separate workspaces per application/project.
    As part of a team i work on and have access to some but not all projects in our org. We then ingest data from multiple applications/projects including multiple sources, in other words different resources, resource types and applications. How am i supposed to access all logs related to one application/project (spanning multiple resources, resource types and apps) to be able to make complete traces across the entire application/project stack, without interference and clutter from other applications/projects? Ie trace a request all the way from a frontend, via api layer to the database. This could have been solved by scoping to all the related resources, however it is only possible to scope to one resource type so that doesnt work.

    Any feedback on this would be appreciated.

     

    Regards Jonatan