How to Create an Azure Log Analytics Workspace

Recently I have attended a very interesting webinar about the new features and capabilities of Azure Monitor Logs also known earlier as Log Analytics, check out this link. Today I want to show you how to create a Log Analytics workspace using Azure Powershell.

Prerequisites

  • The Az.OperationalInsights module version 1.0.0 or later 
  • This tutorial assumes that you already have a Microsoft Azure account set up.

Azure PowerShell Workaround

If you want to know how to install the PowerShell Azure module on your machine, check out this link.

The simplest way to get started is to sign in interactively at the command line.

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

Once you set your default subscription, you’re ready to start.

Set the variables

Here, we define the characteristics of our environment.

Resource Group

With the following command in PowerShell, we obtain the list of existing resource groups in your subscription.

If you need to create a new resource group, check out this link.

Location

With the following cmdlet in PowerShell, we obtain the list of existing locations in Azure.

get-azlocation

Create a workspace

To create a new workspace, use the New-AzOperationalInsightsWorkspace cmdlet with the following syntax:

New-AzOperationalInsightsWorkspace

Sku parameter: Specifies the service tier of the workspace.

  • free
  • standard
  • standalone
  • premium

List the available solutions

Once the workspace is created, you can add solution packs to expand the capabilities of your Workspace in Azure. To obtain a list the available Intelligence Packs for your Workspace, use the Get-AzOperationalInsightsIntelligencePacks with the following syntax:

Get-AzOperationalInsightsIntelligencePacks

Add a solution to the workspace

As an example, using the following command I will add the “Security Center Free” solution.

Set-AzOperationalInsightsIntelligencePack

To verify the enabled solutions you can use the following command:

Azure Log Analytics

Removes a workspace

If you want to delete the workspace, use the Remove-AzOperationalInsightsWorkspace cmdlet with the following syntax.

Remove-AzOperationalInsightsWorkspace

In the next post, I will show you how to connect your virtual machines to the Log Analytics Workspace to collect and analyze data.

If you want to know more about Log Analytics, check out this link: https://docs.microsoft.com/en-us/azure/azure-monitor/overview