Log Analytics Frequently Asked Questions
- What is the pricing model?
Log Analytics is currently in preview and the prices below reflect a 50% preview discount. The service is offered in three tiers: Free, Standard and Premium. The free tier has a limit on the amount of data ingested daily. The Standard and Premium tiers do not have a limit on the amount of data ingested daily.
See pricing details for more information.
- What determines the amount of data sent to the Log Analytics Service?
Your data volume is directly proportional to the number of agents and intelligence packs you have added to your Log Analytics Account. You can view your data usage at any time using the Usage tile in the Log Analytics Preview portal.
- Can I use Log Analytics if I don’t have Operations Manager?
Yes. You can configure individual computers to send data to Log Analytics using only an agent, without the need of an Operations Manager management server. Learn how to connect Windows computers to Log Analytics.
- Are there changes I need to make to my on-premises environment?
No. You can use Log Analytics using only the Log Analytics Agent on the servers or VMs you’d like to onboard.
If you are using Log Analytics through a System Center Operations Manager environment you will need to install the latest update rollup – System Center 2012 R2, which you can download here. You can check your version of Operations Manager by navigating to the ‘Console Administration’ page.
- Does onboarding to the Log Analytics service impact the performance of my on-premises Operations Manager environment?
The Log Analytics service does not impact the operational database or data warehouse. Log Analytics doesn’t use any on-premises data store—data is sent directly to the Log Analytics service in the cloud from the Operations Manager management server.
- I have a question about the Log Analytics service’s security. Where can I find more information?
To read more about how Log Analytics protects your data, see Log Analytics data security.
- Can I retrieve my data using an API?
The Log Analytics Preview does not use a public API. However, the Log Analytics team is considering this option based on detailed feedback requirements from customers. You can contact the Log Analytics team using the Feedback button at the bottom of the Log Analytics Portal.
- What data types do you collect?
Intelligence Pack Name Data Types Configuration Assessment Configuration Data Capacity Planning Performance Data Security Assurance Windows Security Events, Firewall logs Antimalware Configuration Data System Update Assessment System Update Data Log Management Windows Event Logs and/or IIS Logs Change Tracking Software Inventory and Windows Service metadata SQL Assessment Configuration Data
- What is an Intelligence Pack?
Intelligence Packs are a collection of logic, visualization and data acquisition rules that address key customer challenges today. They allow deeper insights to help investigate and resolve operational issues faster, collect and correlate various types of machine data and helps you be proactive with activities such as Capacity Planning, Patch status reporting and security auditing.
- What are the prerequisites for the various Intelligence Pack?
Intelligence Pack Name Prerequisites Configuration Assessment None Capacity Planning The Operations Manager-VMM connector needs to be configured. You can view details at How to Connect VMM with Operations Manager. Antimalware Windows Defender or the System Center Endpoint Protection real-time client is required. If Log Analytics cannot find either, it uses data from the Malicious Software Removal Tool and marks the server as not having real-time protection. System Update Assessment None Log Management None Change Tracking None SQL Assessment None
- What is an Organizational Account?
An organizational account, previously known as Microsoft Online Services ID, is an account created by an organization’s administrator to enable access to Microsoft organizational services or Microsoft cloud service subscriptions, such as Office 365 or Intune. These organizational accounts are managed by an organization’s administrator through Azure Active Directory and are usually in the form of firstname.lastname@example.org. For more about the Microsoft Organization ID account, see the Microsoft Account for Organizations FAQ.
- What is a Log Analytics Workspace?
The Azure Log Analytics workspace is the level at which data is collected. Each Log Analytics workspace is unique and can have multiple Microsoft and Organizational accounts associated with it, and each user account can have multiple Log Analytics workspaces. To learn more about the Log Analytics Workspace, see Create a Log Analytics Workspace and Prepare Your Environment.
- Where will my data be stored? Which datacenter?
The data is stored in the Microsoft Azure North America datacenter.
- Can I exclude computers from sending data to Log Analytics?
If you are using only the Log Analytics agent you can stop it from communicating to the service by going to the Control Panel and under Microsoft Monitoring Agent uncheck “Connect to Azure Log Analytics”
If you are using Log Analytics through Operations Manager, you can specify which agents are on agents where data is collected from and sent to Log Analytics. This is controlled within your Operations Manager console.
- Can data sent to the cloud be throttled for off peak hours? How often is data uploaded?
Data collected using intelligence packs is collected by Operations Manager agents or Direct Agents, and is sent as frequently as it is generated. For example, shortly after an event is written or when performance counter data is collected.
Configuration Assessment data is sent by default every few hours, but this frequency can be increased or delayed by following the instructions on this help document: http://onlinehelp.microsoft.com/en-us/advisor/hh442889.aspx
- How can I unsubscribe from the new Log Analytics Preview?
You can close your Preview account from the Account page in the Log Analytics Preview portal at any time. For more information about closing an Log Analytics account, see Close Your Account.
- What happened to System Center Advisor?
System Center Advisor is now part of Azure Log Analytics.