Public Preview: Summary rules in Azure Monitor Log Analytics, for optimal consumption experiences and cost

Summary rules allow you to aggregate ingested data to a workspace per given query and cadence, and ingest the result back to a custom log table in workspace for optimal consumption experiences and cost.

Summary rules operate as batch processing directly in your Log Analytics workspace. It aims to summarize incoming data to your workspace in small chunks, defined by bin size, and ingest the results to Analytics custom log table in your workspace. While running complex queries on large data sets may time-out, and is limited on Basic tier, it's much easier to analyze and report on summarized data that has been “cleaned” and aggregated to a reduced set of data that you need. Example scenarios:

• Perform analysis and reports on large data sets and time ranges for security and incident analysis, month-over-month and annual business reports.
• Optimize cost ingesting low fidelity or verbose logs to tables in lower tier (e.g. Basic), and summarize to Analytics table that can be used for reports, dashboards, or analysis, and retained for long time in lower cost.
• Segregate table level access for privacy and security, by obfuscation of privacy details in summarized data that can be shared.