Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to Create an Azure Log Analytics Workspace

·513 words·3 mins· 100 views · 5 likes ·
Azure PowerShell Connect-AzAccount Get-AzLocation Get-AzOperationalInsightsIntelligencePacks

Recently I attended a very interesting webinar about the new features and capabilities of Azure Monitor Logs also known earlier as Log Analytics, check out this link. Today I want to show you how to create a Log Analytics workspace using Azure Powershell. Prerequisites

  • The Az.OperationalInsights module version 1.0.0 or later
  • This tutorial assumes that you already have a Microsoft Azure account set up.
Azure PowerShell Workaround>

Azure PowerShell Workaround #

If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.


This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment.

$resourceGroupName = "RG-DEMO"
$subscriptionID = (Get-AzSubscription).Id
$workspaceName = "DefaultWorkspace-" + (Get-Random -Maximum 99999) + "-" + $ResourceGroupName
$Location = "westeurope"
Resource Group>

Resource Group #

With the following command in PowerShell, we obtain the list of existing resource groups in your subscription.

Get-AzResourceGroup `
    | Select-Object ResourceGroupName, Location

If you need to create a new resource group, check out this link.


Location #

With the following cmdlet in PowerShell, we obtain the list of existing locations in Azure.

Get-AzLocation `
    | Select-Object DisplayName, Location


Create a workspace>

Create a workspace #

To create a new workspace, use the New-AzOperationalInsightsWorkspace cmdlet with the following syntax:

New-AzOperationalInsightsWorkspace `
    -Location $location `
    -Name $workspaceName `
    -Sku Standard `
    -ResourceGroupName $resourceGroupName


-Sku parameter: Specifies the service tier of the workspace.

  • free
  • standard
  • standalone
  • premium
List the available solutions>

List the available solutions #

Once the workspace is created, you can add solution packs to expand the capabilities of your Workspace in Azure. To obtain a list of the available Intelligence Packs for your Workspace, use the Get-AzOperationalInsightsIntelligencePacks with the following syntax:

Get-AzOperationalInsightsIntelligencePacks `
    -ResourceGroupName $resourceGroupName `
    -WorkspaceName $workspaceName


Add a solution to the workspace>

Add a solution to the workspace #

As an example, using the following command I will add the “Security Center Free” solution.

$solution = "SecurityCenterFree"
Set-AzOperationalInsightsIntelligencePack `
    -ResourceGroupName $resourceGroupName `
    -WorkspaceName $workspaceName `
    -IntelligencePackName $solution `
    -Enabled $true

To verify the enabled solutions you can use the following command:

(Get-AzOperationalInsightsIntelligencePacks -ResourceGroupName $resourceGroupName -WorkspaceName $workspaceName).Where({($_.enabled -eq $true)})

Azure Log Analytics

Removes a workspace>

Removes a workspace #

If you want to delete the workspace, use the Remove-AzOperationalInsightsWorkspace cmdlet with the following syntax.

Remove-AzOperationalInsightsWorkspace `
    -ResourceGroupName $resourceGroupName `
    -Name $workspaceName


Thanks for reading my post. I hope you find it useful.

In the next post, I will show you how to connect your virtual machines to the Log Analytics Workspace to collect and analyze data.

If you want to know more about Log Analytics, check out this link.