Log Analytics frequently asked questions

  • Azure Log Analytics is offered in two tiers: free and paid. The free tier has a limit on the amount of data collected daily. The paid tier doesn’t have a limit on the amount of data collected daily.

    Learn more at Log Analytics pricing.

  • Your data volume is directly proportional to the number of agents and the solutions that you’ve added to your Azure Log Analytics account. Use the Log Analytics Usage dashboard under the workspace to see how much data is being sent. The dashboard also shows you how much data is being sent by solutions and how often your servers are sending data.

    Learn more at Analyze data usage in Log Analytics.

  • Yes. You can configure individual computers to send data to Azure Log Analytics by only using an agent, without the need of an Operations Manager management server.

    Learn more at Connect Windows computers to the Log Analytics service in Azure.

  • No. You can use Azure Log Analytics by only using the Log Analytics agent on the servers or virtual machines that you’d like to onboard.

    If you’re using Log Analytics through a System Center Operations Manager environment, then you need to install the latest update roll-up for System Center 2012 R2. Check your version of Operations Manager by going to the Console Administration page.

  • Azure Log Analytics doesn’t affect the operational database or data warehouse. Log Analytics doesn’t use any on-premises data store – data is sent directly to the Log Analytics service in the cloud from the Operations Manager management server.

  • Learn more about Log Analytics data security.

  • Management solution name Data types
    Configuration assessment Configuration data
    Capacity planning Performance data
    Security assurance Windows security events, firewall logs
    Anti-malware Configuration data
    System update assessment System update data
    Log management Windows event logs and/or IIS logs
    Change tracking Software inventory and Windows Service metadata
    SQL assessment Configuration data
  • Azure Log Analytics management solutions are a collection of logic, visualisation and data acquisition rules that provide metrics pivoted around a particular problem area.

    Learn more at Log Analytics management solutions.

  • An organisational account, previously known as a Microsoft Online Services ID, is an account created by an organisation’s administrator to enable access to Microsoft organisational services or Microsoft Azure subscriptions, such as Office 365 or Intune. Organisational accounts are managed by an organisation’s administrator through Azure Active Directory and are usually in the form of username@orgname.onmicrosoft.com.

    Learn more at Microsoft Account for Organisations FAQ.

  • An Azure Log Analytics workspace is the level where data is collected. Each Log Analytics workspace is unique and can have multiple Microsoft and organisational accounts associated with it, and each user account can have multiple Log Analytics workspaces.

    Learn more at Get started with a Log Analytics workspace.

  • The data is stored in the Microsoft Azure North America data centre.

  • Yes. If you’re using the Azure Log Analytics agent, then you can stop it from communicating to the service by going to the Control Panel, and under Microsoft Monitoring Agent clearing Connect to Azure Log Analytics.

    If you’re using Log Analytics through Operations Manager, then you can specify which agents are on agents where data is collected from and sent to Log Analytics, which is controlled in your Operations Manager console.

  • Data collected using intelligence packs is collected by Operations Manager agents or Direct Agents, and is sent as frequently as it’s generated, such as shortly after an event is written or when performance counter data is collected.

    Configuration assessment data is sent by default every few hours, but this frequency can be increased or delayed by following the instructions at Use Registry Keys to Configure System Center Advisor.

  • System Center Advisor is now part of Azure Log Analytics.