DEV Community

Cover image for Creating and Managing Log Analytics Workspaces in Azure
Oladosu Ibrahim
Oladosu Ibrahim

Posted on

Creating and Managing Log Analytics Workspaces in Azure

Introduction

Monitoring and analyzing data across your cloud resources is a core part of effective cloud management. Azure Log Analytics, part of Azure Monitor, provides a powerful workspace where logs from different services can be centralized, queried, and visualized.

In this hands-on guide, we’ll walk through:

  • Creating a security group in Entra ID
  • Creating a Log Analytics workspace.
  • Configuring data retention and archive policies.
  • Enabling access for teams or security groups.

By the end, you’ll know how to set up and manage a Log Analytics workspace to support observability, compliance, and collaboration in your cloud environment.

Skilling Objectives

  • Create an Entra ID security group for log readers.
  • Create a Log Analytics workspace in Azure.
  • Configure data retention and daily cap limits.
  • Assign role-based access for secure collaboration.

Step 1: Create App Log Examiners Security Group

💡 Why create a security group?
Before granting access to Log Analytics, it’s a good practice to create an Azure Active Directory (Entra ID) security group. This way, you can manage access for a group of users rather than assigning permissions individually.

Steps:

  1. In the Azure Portal, search for Azure Active Directory (or Entra ID)
    description 1

  2. From the Default Directory page, select Groups

  3. On the Groups page, click + New Group.
    description 2

  4. On the New Group page, enter the following values:

Property Value
Group type Security
Group name App Log Examiners 1
Group description App Log Examiners
  1. Click Create. description 3

Your security group is now ready to be assigned access to the Log Analytics workspace later in this exercise.

Step 2: Create a Log Analytics Workspace

💡 What is a Log Analytics Workspace?
A Log Analytics workspace is an environment where Azure Monitor stores log data. Think of it as a container for your logs, enabling you to run queries, set alerts, and analyze patterns across your resources.

Steps:

  1. In the Azure Portal, search for Log Analytics.
  2. Select Log Analytics workspaces from the results.
    Image 1

  3. Click + Create.
    Image 2

  4. On the Basics tab of the wizard, provide the following details:

Property Value
Subscription Your subscription
Resource Group rg-alpha
Name LogAnalytics
Region East US
  1. Click Review + Create, then Create.
    Image 3
    Image 4

  2. Once deployment is complete, go to Resource.
    Image 5

Step 3: Configure Log Analytics Data Retention and Archive Policies

💡 Why configure retention?
Log data can grow quickly. Configuring retention and caps ensures that you store logs for as long as you need them without overspending on unnecessary storage.

Steps:

  1. Go to your workspace: LogAnalytics.
  2. In the workspace menu, select Usage and estimated costs.
  3. Under Data Retention, set the slider to 60 days → Click OK.
    Image 6

  4. Again, under Usage and estimated costs, select Daily cap.

  5. Toggle Daily cap = On → Set limit to 10 GB → Click OK.
    Image 7

Step 4: Enable Access to the Log Analytics Workspace

💡 Why role-based access?
Not everyone should have full access to logs. Using Azure Role-Based Access Control (RBAC), you can assign the right roles (e.g., Reader, Contributor) to specific groups or users.

Steps:

  1. From the workspace LogAnalytics, select Access control (IAM).
  2. Click Add → Add role assignment.
    Image 8

  3. From the list of roles, select Log Analytics Reader → Click Next.
    Image 9

  4. On the Members page:

    • Click Select members.
    • Choose the App Log Examiners security group.
    • Click Select. Image 10
  5. Click Review + Assign.
    Image 11

Conclusion

In this project, you’ve learned how to:

  • Create a Log Analytics workspace.
  • Configure log retention and daily usage caps.
  • Assign access with role-based controls.

With these skills, you can centralize monitoring data, keep costs under control, and ensure secure collaboration across your team. Log Analytics is a cornerstone of Azure monitoring, enabling you to build a strong foundation for observability, compliance, and proactive issue resolution.

Top comments (0)