How to Deploy Log Analytics in Azure

Azure Log Analytics is a powerful tool within Microsoft Azure that enables centralized logging, monitoring, and analysis of your cloud and on-premises resources. As part of Azure Monitor, Log Analytics provides deep insights into system performance, security events, and operational data through advanced querying and visualization capabilities.

By deploying Log Analytics, you can:

• Collect and analyze logs from Azure VMs, containers, applications, and other resources.
• Detect and troubleshoot issues quickly using Kusto Query Language (KQL).
• Set up alerts for critical events to maintain system reliability.
• Integrate with other Azure services like Azure Security Center, Sentinel, and Automation for enhanced security and automation.

This guide will walk you through the steps to deploy Log Analytics in Azure, configure data sources, and start leveraging its full potential for observability and operational intelligence.

Let’s get started!

Step 1 Create a Log Analytics workspace

• In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.

• On the Log Analytics workspaces page, choose Create.

• On the Basics page of the Create Log Analytics workspace wizard, provide the following information and choose Review + Create.

• Property Value

• Subscription Your subscription

• Resource Group rg-alpha

• Name LogAnalytics1

• Region East US

• Review the information and choose Create.

• Log Analytics workspaces created succesful

Step 2 Configure Log Analytics data retention and archive policies

• In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.

• On the Log Analytics workspaces page, choose LogAnalytics1.

• On the Log Analytics workspace page for LogAnalytics1, choose Usage and estimated costs.

• Select Data Retention and set the slider to 60 days. Choose OK.

• On the Log Analytics workspace page for LogAnalytics1, choose Usage and estimated costs.
• Select Daily cap. Choose On. Set the daily cap to 10 GB and choose OK.

Step 3 Enable access to a Log Analytics workspace

• In the Azure Portal Search Bar, enter Log Analytics and select Log Analytics workspaces from the list of results.

• On the Log Analytics workspaces page, choose LogAnalytics1.

• Select Access control (IAM).
• Choose Add and then choose Add role assignment.

• On the list of roles, select Log Analytics Reader and choose Next.

• On the Members page, choose Select Members and choose the App Log Examiners security group. Choose Select.

• On the Members space, choose Review + Assign.

Conclusion

Deploying Azure Log Analytics is a critical step toward achieving centralized monitoring, enhanced security, and operational efficiency in your cloud environment. By setting up a Log Analytics workspace, configuring data collection, and leveraging powerful KQL queries, you gain real-time insights into your applications, infrastructure, and security events.

With seamless integration into Azure Monitor, Microsoft Sentinel, and Azure Automation, Log Analytics empowers you to proactively detect issues, automate responses, and maintain compliance across hybrid and multi-cloud environments.