Log Analytics Frequently Asked Questions
- What is the pricing model?
Log Analytics is currently in preview and the prices below reflect a 50% preview discount. The service is offered in three tiers: Free, Standard and Premium. The free tier has a limit on the amount of data ingested daily. The Standard and Premium tiers do not have a limit on the amount of data ingested daily.
See pricing details for more information.
- What determines the amount of data sent to the Log Analytics Service?
Your data volume is directly proportional to the number of agents and intelligence packs you have added to your Log Analytics Account. You can view your data usage at any time using the Usage tile in the Log Analytics Preview portal.
- Can I use Log Analytics if I don’t have Operations Manager?
Yes. You can configure individual computers to send data to Log Analytics using only an agent, without the need of an Operations Manager management server. Learn how to connect Windows computers to Log Analytics.
- Are there changes that I need to make to my on-premises environment?
No. You can use Log Analytics using only the Log Analytics Agent on the servers or VMs you’d like to onboard.
If you are using Log Analytics through a System Center Operations Manager environment you will need to install the latest update rollup, System Center 2012 R2, which you can download here. You can check your version of Operations Manager by navigating to the ‘Console Administration’ page.
- Does onboarding to the Log Analytics service impact the performance of my on-premises Operations Manager environment?
The Log Analytics service does not impact on the operational database or data warehouse. Log Analytics doesn’t use any on-premises data store – data is sent directly to the Log Analytics service in the cloud from the Operations Manager management server.
- I have a question about the Log Analytics service’s security. Where can I find more information?
To read more about how Log Analytics protects your data, see Log Analytics data security.
- Can I retrieve my data using an API?
The Log Analytics Preview does not use a public API. However, the Log Analytics team is considering this option based on detailed feedback requirements from customers. You can contact the Log Analytics team using the Feedback button at the bottom of the Log Analytics Portal.
- What data types do you collect?
Intelligence Pack Name Data Types Configuration Assessment Configuration Data Capacity Planning Performance Data Security Assurance Windows Security Events, Firewall logs Anti-malware Configuration Data System Update Assessment System Update Data Log Management Windows Event Logs and/or IIS Logs Change Tracking Software Inventory and Windows Service metadata SQL Assessment Configuration Data
- What is an Intelligence Pack?
Intelligence Packs are a collection of logic, visualisation and data acquisition rules that address key customer challenges today. They allow deeper insights to help investigate and resolve operational issues faster, collect and correlate various types of machine data and help you be proactive in activities such as Capacity Planning, Patch status reporting and security auditing.
- What are the prerequisites for the various Intelligence Packs?
Intelligence Pack Name Prerequisites Configuration Assessment None Capacity Planning The Operations Manager-VMM connector needs to be configured. You can view details at How to Connect VMM with Operations Manager. Anti-malware Windows Defender or the System Center Endpoint Protection real-time client is required. If Log Analytics cannot find either, it uses data from the Malicious Software Removal Tool and marks the server as not having real-time protection. System Update Assessment None Log Management None Change Tracking None SQL Assessment None
- What is an Organisational Account?
An organisational account, previously known as Microsoft Online Services ID, is an account created by an organisation’s administrator to enable access to Microsoft organisational services or Microsoft cloud service subscriptions, such as Office 365 or Intune. These organisational accounts are managed by an organisation’s administrator through Azure Active Directory and are usually in the form of email@example.com. For more about the Microsoft Organisation ID account, see the Microsoft Account for Organisations FAQ.
- What is a Log Analytics Workspace?
The Azure Log Analytics workspace is the level at which data is collected. Each Log Analytics workspace is unique and can have multiple Microsoft and Organisational accounts associated with it, and each user account can have multiple Log Analytics workspaces. To learn more about the Log Analytics Workspace, see Create a Log Analytics workspace and prepare your environment.
- Where will my data be stored? Which data centre?
The data is stored in the Microsoft Azure North America data centre.
- Can I exclude computers from sending data to Log Analytics?
If you are only using the Log Analytics agent, you can stop it from communicating with the service by going to the Control Panel and, under Microsoft Monitoring Agent, unticking “Connect to Azure Log Analytics”
If you are using Log Analytics through Operations Manager, you can specify which agents are on agents where data is collected from and sent to Log Analytics. This is controlled within your Operations Manager console.
- Can data sent to the cloud be throttled for off-peak hours? How often is data uploaded?
Data collected using intelligence packs is collected by Operations Manager agents or Direct Agents and is sent as frequently as it is generated. For example, shortly after an event is written or when performance counter data is collected.
Configuration Assessment data is sent by default every few hours, but this frequency can be increased or delayed by following the instructions in this help document: http://onlinehelp.microsoft.com/en-us/advisor/hh442889.aspx
- How do I unsubscribe from the new Log Analytics Preview?
You can close your Preview account from the Account page in the Log Analytics Preview portal at any time. For more information about closing a Log Analytics account, see Close Your Account.
- What happened to System Center Advisor?
System Center Advisor is now part of Azure Log Analytics.