Azure

Log Analytics

Overview

Log Analytics is Azure's unified data platform that collects, correlates, and analyzes telemetry from your cloud and on‑premises environments. Use Kusto Query Language (KQL) to gain insights, troubleshoot issues, and build powerful dashboards.

Getting Started

1️⃣ Create a Workspace

Navigate to the Azure portal, create a Log Analytics workspace, and configure data sources.

Create Workspace

2️⃣ Connect Data Sources

Enable Azure Monitor, Azure Security Center, or custom agents to send logs.

Connect Sources

3️⃣ Run Your First Query

Explore the built‑in queries or write your own KQL.

Quickstart Query

Sample KQL Queries

// Top 10 error events in the last 24h
Event
| where TimeGenerated > ago(24h)
| where Level == "Error"
| summarize Count=count() by EventID, RenderedDescription
| top 10 by Count desc
// CPU usage across VMs
Perf
| where ObjectName == "Processor" and CounterName == "% Processor Time"
| summarize AvgCPU=avg(CounterValue) by Computer, bin(TimeGenerated, 5m)
| render timechart

Integrations

Best Practices

  1. Use separate workspaces per environment (dev, test, prod).
  2. Tag resources consistently for better query filtering.
  3. Set retention policies that balance cost and compliance.
  4. Leverage saved queries and workbooks for repeatable analyses.
  5. Monitor query performance and use materialized views when needed.