Log Analytics frequently asked questions
- What is the pricing model?
Azure Log Analytics is offered in two tiers: free and paid. The free tier has a limit on the amount of data collected daily. The paid tier doesn’t have a limit on the amount of data collected daily.
Learn more at Log Analytics pricing.
- What determines the amount of data sent to Log Analytics?
Your data volume is directly proportional to the number of agents and the solutions that you’ve added to your Azure Log Analytics account. Use the Log Analytics Usage dashboard under the workspace to see how much data is being sent. The dashboard also shows you how much data is being sent by solutions and how often your servers are sending data.
Learn more at Analyze data usage in Log Analytics.
- Can I use Log Analytics if I don’t have Operations Manager?
Yes. You can configure individual computers to send data to Azure Log Analytics using only an agent, without the need of an Operations Manager management server.
- Are there changes I need to make to my on-premises environment?
No. You can use Azure Log Analytics by only using the Log Analytics agent on the servers or virtual machines that you’d like to onboard.
If you’re using Log Analytics through a System Center Operations Manager environment, then you need to install the latest update rollup for System Center 2012 R2. Check your version of Operations Manager by going to the Console Administration page.
- Does onboarding to Log Analytics service affect the performance of my on-premises Operations Manager environment?
Azure Log Analytics doesn’t affect the operational database or data warehouse. Log Analytics doesn’t use any on-premises data store—data is sent directly to the Log Analytics service in the cloud from the Operations Manager management server.
- Where can I find information about security and Log Analytics?
Learn more about Log Analytics data security.
- What data types do you collect?
Management Solution Name Data Types Configuration Assessment Configuration Data Capacity Planning Performance Data Security Assurance Windows Security Events, Firewall logs Antimalware Configuration Data System Update Assessment System Update Data Log Management Windows Event Logs and/or IIS Logs Change Tracking Software Inventory and Windows Service metadata SQL Assessment Configuration Data
- What is an Azure Log Analytics management solution?
Azure Log Analytics management solutions are a collection of logic, visualization, and data acquisition rules that provide metrics pivoted around a particular problem area.
Learn more at Log Analytics management solutions.
- What is an organizational account?
An organizational account, previously known as a Microsoft Online Services ID, is an account created by an organization’s administrator to enable access to Microsoft organizational services or Microsoft Azure subscriptions, such as Office 365 or Intune. Organizational accounts are managed by an organization’s administrator through Azure Active Directory and are usually in the form of firstname.lastname@example.org.
Learn more at Microsoft Account for Organizations FAQ.
- What is a Log Analytics workspace?
An Azure Log Analytics workspace is the level where data is collected. Each Log Analytics workspace is unique and can have multiple Microsoft and organizational accounts associated with it, and each user account can have multiple Log Analytics workspaces.
Learn more at Get started with a Log Analytics workspace.
- Where is my data stored?
The data is stored in the Microsoft Azure North America datacenter.
- Can I exclude computers from sending data to Log Analytics?
Yes. If you’re using the Azure Log Analytics agent, then you can stop it from communicating to the service by going to the Control Panel, and under Microsoft Monitoring Agent clearing Connect to Azure Log Analytics.
If you’re using Log Analytics through Operations Manager, then you can specify which agents are on agents where data is collected from and sent to Log Analytics, which is controlled in your Operations Manager console.
- Can data sent to the cloud be throttled for off peak hours? How often is data uploaded?
Data collected using intelligence packs is collected by Operations Manager agents or Direct Agents, and is sent as frequently as it’s generated, such as shortly after an event is written or when performance counter data is collected.
Configuration assessment data is sent by default every few hours, but this frequency can be increased or delayed by following the instructions at Use Registry Keys to Configure System Center Advisor.
- What happened to System Center Advisor?
System Center Advisor is now part of Azure Log Analytics.