Basic Logs tables reduce the cost of ingesting high-volume verbose logs and let you query the data they store using a limited set of log queries. This article explains how to query data from Basic Logs tables.
Other tools that use the Azure API for querying - for example, Grafana and Power BI - cannot access Basic Logs.
Permissions required
You must have Microsoft.OperationalInsights/workspaces/query/*/read permissions to the Log Analytics workspaces you query, as provided by the Log Analytics Reader built-in role, for example.
Limitations
Queries with Basic Logs are subject to the following limitations:
KQL language limits
Log queries against Basic Logs are optimized for simple data retrieval using a subset of KQL language, including the following operators:
You can use all functions and binary operators within these operators.
Time range
Specify the time range in the query header in Log Analytics or in the API call. You can't specify the time range in the query body using a where statement.
In the Azure portal, select Monitor > Logs > Tables.
In the list of tables, you can identify Basic Logs tables by their unique icon:
You can also hover over a table name for the table information view, which will specify that the table is configured as Basic Logs:
When you add a table to the query, Log Analytics will identify a Basic Logs table and align the authoring experience accordingly. The following example shows when you attempt to use an operator that isn't supported by Basic Logs.
Pricing model
The charge for a query on Basic Logs is based on the amount of data the query scans, which is influenced by the size of the table and the query's time range. For example, a query that scans three days of data in a table that ingests 100 GB each day, would be charged for 300 GB.
The Log Analytics user interface in the Azure portal helps you query the log data collected by Azure Monitor so that you can quickly retrieve, consolidate, and analyze collected data.
Analytic logs should be used for high value security data that requires scheduled monitoring and alerting. Since Basic logs have a 8 days log retention, Archive logs should be used to store the basic logs for a longer duration - to increase the scope of threat hunting when it is required.
In the Azure portal, select Monitor > Workbooks. In the Insights section, select Activity Logs Insights. At the top of the Activity Logs Insights page, select: One or more subscriptions from the Subscriptions dropdown.
For a Basic Logs table, the value is always 8. The table's total data retention including archive period. This value can be between 4 and 730; or 1095, 1460, 1826, 2191, 2556, 2922, 3288, 3653, 4018, or 4383.
Sign in to the Azure portal. Select Monitor from the left pane in the Azure portal. Under the Insights Hub section, select Log Analytics Workspace Insights.
In conclusion, Azure Monitor and Log Analytics collectively offer a robust solution for monitoring Azure resources. While Azure Monitor provides a lot of features including aggregation of logs, real-time insights and performance metrics, Log Analytics allows advanced query capabilities and extensive log data analysis.
Log analysis is the process of reviewing computer-generated event logs to proactively identify bugs, security threats or other risks. Log analysis can also be used more broadly to ensure compliance with regulations or review user behavior.
All logs in the Azure Monitor Logs platform are stored as analytics logs by default. The default retention period of these logs is 30 days (or 90 days for certain logs), but this can be extended up to two years. For analytics logs, you have the full capabilities of the KQL to perform comprehensive analytics operations.
Azure Monitor resource logs are logs emitted by Azure services that describe the operation of those services or resources. All resource logs available through Azure Monitor share a common top-level schema. Each service has the flexibility to emit unique properties for its own events.
The Azure Monitor activity log is a platform log that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started.
Observability data in Azure Monitor. Metrics, logs, and distributed traces are commonly referred to as the three pillars of observability. A monitoring tool must collect and analyze these three different kinds of data to provide sufficient observability of a monitored system.
By default Application Insights and Log Analytics has a data retention of 90 days. You can opt to extend the retention up to 730 days. However, the tyGraph Pages Site Analytics web part only support a maximum of 365 day filters.
A log retention period is the amount of time you keep logs. For example, you may keep audit logs and firewall logs for two months. However, if your organization must follow strict laws and regulations, you may keep the most critical logs anywhere between six months and seven years.
From the Log Analytics workspaces menu, select Tables. The Tables screen lists all the tables in the workspace. Select the context menu for the table you want to configure and select Manage table. From the Table plan dropdown on the table configuration screen, select Basic or Analytics.
Sign in to the Azure portal and in the left pane, select Virtual machines. From the list of virtual machines, select the virtual machine to open that virtual machine's dashboard. In the virtual machine's menu, select Backup to open the Backup dashboard. In the Backup dashboard menu, select File Recovery.
Specific advantages of the new data collection include the following: Common set of destinations for different data sources. Ability to apply a transformation to filter or modify incoming data before it's stored. Consistent method for configuration of different data sources.
For Azure Monitor: Metrics data is stored in the Azure Monitor metrics database. Log data is stored in the Azure Monitor logs store. Log Analytics is a tool in the Azure portal that can query this store.
Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.