The next evolution of Azure Monitor Logs

Published Feb 23 2022 05:02 AM 6,046 Views

We commonly see customers using Azure Monitor in a wide range of scenarios across applications and infrastructure, using data collection, store, out-of-the-box insights and analytics query in their core operation core. We heard from our customers ask for a clear message to bring this immense scale and high-end services also for other logging use cases – making Azure Monitor the one stop shop for all logging needs. :

 

  1. Get more value from all your logs – Azure Monitor already provides . This will allow you to unlock insights from troves of logs. You can now apply your own parsing to all logs, search very high volumes, export them to other tools and keep them in the system for up to 7 years.

 

  1. Allow customers to be more cost effective with their logs – organizations are forced to make wrong decision due to cost. Logs are disregarded while they should be retained. We introduce new logs plans and ability to filter data to enable customers to send all the data they need.

 

We are happy to launch these capabilities to public preview together with Microsoft Sentinel. With the new announcements, Microsoft Sentinel is reinventing the economics of SIEM and delivering new ways to access and work with security data, making it the most comprehensive and innovative threat hunting solution in the market. To learn more about what’s new in Microsoft Sentinel, read here.

 

Here are details on the new capabilities:

 

Full power to your own logs

Azure Monitor logs is integrated with many infrastructure and application services and includes hundreds of pre-defines data types and their ingestion mechanisms. Though this is a very comprehensive offering, organizations have their own dedicated data types and specific needs. Today we introduce the a powerful tool to unleash Azure Monitor logs power for your own logs. You can define a schema and with all the control, flexibility and richness that is serving Azure logs.

Read more

 

Process your logs in the cloud

In many scenarios, logs are not ingested as-is. There is a need to process them in the cloud to filter unnecessary logs, to improve the data schema, remove data or to enrich the records. Some of the organizations have deployed dedicated system just to handle the logs before they are ingested. Today we introduce a new option for you to write your transformations that would run in our cloud in large scale. The transformations would be written using a subset of the familiar KQL query language.

Read more

 

Cost effective solution for high volume verbose logs

Not all logs are equal. Organizations have many verbose log sources that are not well curated and are not used for analytics. In some cases they are not handled properly, in other cases, they are ingested to a costly log solution without a real need. Today, Azure Monitor Logs introduces Basic Logs, a new plan for log ingestion that is tailored to high-volume verbose logs. With Basic Logs you can use most of the existing Azure Monitor Logs experiences at a lower cost. With Basic Logs you can keep all your logs under the same roof with minimal overhead.

Read more

 

Long-term archiving of logs for security and compliance

When logs are fresh, there is a strong need for all the analytics power to extract insights out of them. As they age out, there is a need to keep logs, but they are rarely used. Organizations retain logs for months and years because they want them to be available in case of an incident, a court order or for compliance. Today we announce archive logs that enables storing logs for up to seven years at a significant price reduction. Customers can access these logs using or by restoring a chunk of the logs for a limited time. With archive logs you can keep all your logs for long-term under the same roof with minimal overhead.

Read more

 

Find the relevant data out of Petabytes of data

At the same time the volume of logs grows up, new security incidents require organization to scan all their data – regular tools are not sufficient in these scales. Today we announce Search Job, a new tool in Azure Monitor Logs to query Petabytes of data. Search Job could run for more than few minutes and fetch all relevant records into a new persistent table.

Read more

 

Use your logs with additional tools

Today we announce general availability of Azure Monitor Logs export. Data export in Azure Monitor lets you export data continuously for selected tables in your Log Analytics workspace and send it to Azure storage account or Azure Event Hubs, as it's collected. While Log Analytics data is used in various experiences, export helps meet additional capabilities such as tamper protected store and integration with other tools. For example, you can export to Azure Data Lake storage, where data from other sources is stored for further analysis and insights.

Read more

 

2 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-3204012%22%20slang%3D%22en-US%22%3ERe%3A%20The%20next%20evolution%20of%20Azure%20Monitor%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3204012%22%20slang%3D%22en-US%22%3E%3CP%3EThese%20new%20features%20are%20really%20awesome!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3208718%22%20slang%3D%22en-US%22%3ERe%3A%20The%20next%20evolution%20of%20Azure%20Monitor%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3208718%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20nice%20additions%20to%20already%20a%20really%20cool%20product%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20sharing!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHappy%20Azure%20Stacking!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3143195%22%20slang%3D%22en-US%22%3EThe%20next%20evolution%20of%20Azure%20Monitor%20Logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3143195%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20commonly%20see%20customers%20using%20Azure%20Monitor%20in%20a%20wide%20range%20of%20scenarios%20across%20applications%20and%20infrastructure%2C%20using%20data%20collection%2C%20store%2C%20out-of-the-box%20insights%20and%20analytics%20query%20in%20their%20core%20operation%20core.%20We%20heard%20from%20our%20customers%20ask%20for%20a%20clear%20message%20to%20bring%20this%20immense%20scale%20and%20high-end%20services%20also%20for%20other%20logging%20use%20cases%20%E2%80%93%20making%20Azure%20Monitor%20the%20one%20stop%20shop%20for%20all%20logging%20needs.%20%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3EGet%20more%20value%20from%20all%20your%20logs%3C%2FSTRONG%3E%20%E2%80%93%20Azure%20Monitor%20already%20provides%20.%20This%20will%20allow%20you%20to%20unlock%20insights%20from%20troves%20of%20logs.%20You%20can%20now%20apply%20your%20own%20parsing%20to%20all%20logs%2C%20search%20very%20high%20volumes%2C%20export%20them%20to%20other%20tools%20and%20keep%20them%20in%20the%20system%20for%20up%20to%207%20years.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%222%22%3E%0A%3CLI%3E%3CSTRONG%3EAllow%20customers%20to%20be%20more%20cost%20effective%20with%20their%20logs%3C%2FSTRONG%3E%20%E2%80%93%20organizations%20are%20forced%20to%20make%20wrong%20decision%20due%20to%20cost.%20Logs%20are%20disregarded%20while%20they%20should%20be%20retained.%20We%20introduce%20new%20logs%20plans%20and%20ability%20to%20filter%20data%20to%20enable%20customers%20to%20send%20all%20the%20data%20they%20need.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20happy%20to%20launch%20these%20capabilities%20to%20public%20preview%20together%20with%20Microsoft%20Sentinel.%20%3C!--StartFragment%20--%3E%3CSPAN%20class%3D%22cf0%22%3EWith%20the%20new%20announcements%2C%20Microsoft%20Sentinel%20is%20reinventing%20the%20economics%20of%20SIEM%20and%20delivering%20new%20ways%20to%20access%20and%20work%20with%20security%20data%2C%20making%20it%20the%20most%20comprehensive%20and%20innovative%20threat%20hunting%20solution%20in%20the%20market.%3C%2FSPAN%3E%3C!--EndFragment%20--%3E%20To%20learn%20more%20about%20what%E2%80%99s%20new%20in%20Microsoft%20Sentinel%2C%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fwhatsnewinmicrosoftsentinel%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eread%20here%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHere%20are%20details%20on%20the%20new%20capabilities%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--2135690257%22%20id%3D%22toc-hId--2110749548%22%3EFull%20power%20to%20your%20own%20logs%3C%2FH1%3E%0A%3CP%3EAzure%20Monitor%20logs%20is%20integrated%20with%20many%20infrastructure%20and%20application%20services%20and%20includes%20hundreds%20of%20pre-defines%20data%20types%20and%20their%20ingestion%20mechanisms.%20Though%20this%20is%20a%20very%20comprehensive%20offering%2C%20organizations%20have%20their%20own%20dedicated%20data%20types%20and%20specific%20needs.%20Today%20we%20introduce%20the%20a%20powerful%20tool%20to%20unleash%20Azure%20Monitor%20logs%20power%20for%20your%20own%20logs.%20You%20can%20define%20a%20schema%20and%20with%20all%20the%20control%2C%20flexibility%20and%20richness%20that%20is%20serving%20Azure%20logs.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcustomlogs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-351822576%22%20id%3D%22toc-hId-376763285%22%3EProcess%20your%20logs%20in%20the%20cloud%3C%2FH1%3E%0A%3CP%3EIn%20many%20scenarios%2C%20logs%20are%20not%20ingested%20as-is.%20There%20is%20a%20need%20to%20process%20them%20in%20the%20cloud%20to%20filter%20unnecessary%20logs%2C%20to%20improve%20the%20data%20schema%2C%20remove%20data%20or%20to%20enrich%20the%20records.%20Some%20of%20the%20organizations%20have%20deployed%20dedicated%20system%20just%20to%20handle%20the%20logs%20before%20they%20are%20ingested.%20Today%20we%20introduce%20a%20new%20option%20for%20you%20to%20write%20your%20transformations%20that%20would%20run%20in%20our%20cloud%20in%20large%20scale.%20The%20transformations%20would%20be%20written%20using%20a%20subset%20of%20the%20familiar%20KQL%20query%20language.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Flogstransform%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--1455631887%22%20id%3D%22toc-hId--1430691178%22%3ECost%20effective%20solution%20for%20high%20volume%20verbose%20logs%3C%2FH1%3E%0A%3CP%3ENot%20all%20logs%20are%20equal.%20Organizations%20have%20many%20verbose%20log%20sources%20that%20are%20not%20well%20curated%20and%20are%20not%20used%20for%20analytics.%20In%20some%20cases%20they%20are%20not%20handled%20properly%2C%20in%20other%20cases%2C%20they%20are%20ingested%20to%20a%20costly%20log%20solution%20without%20a%20real%20need.%20Today%2C%20Azure%20Monitor%20Logs%20introduces%20%3CSTRONG%3EBasic%20Logs%3C%2FSTRONG%3E%2C%20a%20new%20plan%20for%20log%20ingestion%20that%20is%20tailored%20to%20high-volume%20verbose%20logs.%20With%20Basic%20Logs%20you%20can%20use%20most%20of%20the%20existing%20Azure%20Monitor%20Logs%20experiences%20at%20a%20lower%20cost.%20With%20Basic%20Logs%20you%20can%20keep%20all%20your%20logs%20under%20the%20same%20roof%20with%20minimal%20overhead.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fbasiclogs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1031880946%22%20id%3D%22toc-hId-1056821655%22%3ELong-term%20archiving%20of%20logs%20for%20security%20and%20compliance%3C%2FH1%3E%0A%3CP%3EWhen%20logs%20are%20fresh%2C%20there%20is%20a%20strong%20need%20for%20all%20the%20analytics%20power%20to%20extract%20insights%20out%20of%20them.%20As%20they%20age%20out%2C%20there%20is%20a%20need%20to%20keep%20logs%2C%20but%20they%20are%20rarely%20used.%20Organizations%20retain%20logs%20for%20months%20and%20years%20because%20they%20want%20them%20to%20be%20available%20in%20case%20of%20an%20incident%2C%20a%20court%20order%20or%20for%20compliance.%20Today%20we%20announce%20%3CSTRONG%3Earchive%20logs%3C%2FSTRONG%3E%20that%20enables%20storing%20logs%20for%20up%20to%20seven%20years%20at%20a%20significant%20price%20reduction.%20Customers%20can%20access%20these%20logs%20using%20or%20by%20restoring%20a%20chunk%20of%20the%20logs%20for%20a%20limited%20time.%20With%20archive%20logs%20you%20can%20keep%20all%20your%20logs%20for%20long-term%20under%20the%20same%20roof%20with%20minimal%20overhead.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Flogsarchive%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--775573517%22%20id%3D%22toc-hId--750632808%22%3EFind%20the%20relevant%20data%20out%20of%20Petabytes%20of%20data%3C%2FH1%3E%0A%3CP%3EAt%20the%20same%20time%20the%20volume%20of%20logs%20grows%20up%2C%20new%20security%20incidents%20require%20organization%20to%20scan%20all%20their%20data%20%E2%80%93%20regular%20tools%20are%20not%20sufficient%20in%20these%20scales.%20Today%20we%20announce%20Search%20Job%2C%20a%20new%20tool%20in%20Azure%20Monitor%20Logs%20to%20query%20Petabytes%20of%20data.%20Search%20Job%20could%20run%20for%20more%20than%20few%20minutes%20and%20fetch%20all%20relevant%20records%20into%20a%20new%20persistent%20table.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Flogssearchjob%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1711939316%22%20id%3D%22toc-hId-1736880025%22%3EUse%20your%20logs%20with%20additional%20tools%3C%2FH1%3E%0A%3CP%3EToday%20we%20announce%20general%20availability%20of%20Azure%20Monitor%20Logs%20export.%20Data%20export%20in%20Azure%20Monitor%20lets%20you%20export%20data%20continuously%20for%20selected%20tables%20in%20your%20Log%20Analytics%20workspace%20and%20send%20it%20to%20Azure%20storage%20account%20or%20Azure%20Event%20Hubs%2C%20as%20it's%20collected.%20While%20Log%20Analytics%20data%20is%20used%20in%20various%20experiences%2C%20export%20helps%20meet%20additional%20capabilities%20such%20as%20tamper%20protected%20store%20and%20integration%20with%20other%20tools.%20For%20example%2C%20you%20can%20export%20to%20Azure%20Data%20Lake%20storage%2C%20where%20data%20from%20other%20sources%20is%20stored%20for%20further%20analysis%20and%20insights.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Flogsexport%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20more%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3143195%22%20slang%3D%22en-US%22%3E%3CP%3EAzure%20Monitor%20embarks%20on%20its%20next%20evolution%20%E2%80%93%20making%20Azure%20Monitor%20the%20one%20stop%20shop%20for%20all%20logging%20needs.%20We%20are%20happy%20to%20announce%20a%20series%20of%20new%20capabilities%20with%20the%20goals%20of%3A%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EMore%20value%20from%20all%20logs%3C%2FLI%3E%0A%3CLI%3EAllow%20customers%20to%20be%20more%20cost%20effective%20with%20their%20logs%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EThese%20new%20capabilities%20include%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ENew%20custom%20logs%3C%2FLI%3E%0A%3CLI%3ETransformation%20of%20logs%20during%20ingestion%3C%2FLI%3E%0A%3CLI%3ENew%20offering%20called%20Basic%20Logs%3C%2FLI%3E%0A%3CLI%3ELogs%20archive%3C%2FLI%3E%0A%3CLI%3ESearch%20Jobs%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3143195%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Monitoring%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Monitor%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Apr 08 2022 11:17 AM
Updated by: