Log Analytics is a service in Microsoft Operations Management Suite (OMS) that is a software-as-a-service (SaaS) solution that gives the possibility of data collection and analysis in any on-premises or cloud environments.

It provides real-time and historical machine data insight with a simple and powerful search function and custom dashboards that will analyse workloads, logs and servers in your estate.

The insight it provides will allow IT operations teams to make proactive decisions around configuration, capacity planning, alerting, change management and auditing.

Components of Log Analytics

Log Analytics uses the Azure-hosted OMS repository.

After the configuration of data sources and solutions, record types will be created.

These will have different data types and properties, but they can still be analysed together in the search queries. This will permit the delivery of a holistic view of the environment.

This is a high-level view of the OMS infrastructure:

oms-log-analytics-blog-connected-sources

(Source: Microsoft)

The connected sources are computers and resources that will generate data that can be analysed by Log Analytics.

One of those resources can be System Center Operations Manager (SCOM), and we will cover this integration on another post.

Analyzing data

Log analytics is packed with built-in search queries that will help to focus on the important performance and event data in your systems.
Windows and Linux servers can be the source of this data and there is also the possibility of analysing and monitoring data from any system that produces Syslog.

Log Analytics will be accessed through the OMS portal, that can be accessed via any browser.

Portal
The portal provides access to a visual Dashboard that can be accessed by any user, Log searches, Settings, Data Usage status and also a very useful “My Dashboard” menu that will permit the different users of the platform to adapt the dashboard to their operational needs.

Portal

portal

Log Search

Log Analytics data that is stored in the repository can be searched for using a simple query syntax to retrieve the data.

From here, the log search can be saved for on-demand searches or can run automatically to create alerts for specific conditions.

In this particular scenario, this is an analysis of the CPU usage across the estate (Top 5 servers by CPU utilisation):

oms-log-analytics-blog-graph

Solutions

In the Solutions Gallery you will find solutions packs that will add functionality, and in some cases further record types, that will improve the OMS functionality:

solutions1

solutions2