Log Analytics

As mentioned earlier, Log Analytics is an OMS service that enables you to monitor your environments' availability and performance. Log Analytics does this by collecting data from sources that you connect to the service. The following are some examples of such sources:

• Windows and Linux agents
• Azure VMs and resources
• System Center

For Windows and Linux operating systems, Log Analytics collects data through agents that must be installed on the host computers. These agents then collect data from the server and relay the data directly to OMS endpoints. If, however, the computer(s) are part of a System Center Operations Manager (SCOM) management group, then no additional agent is required because through SCOM-to-OMS integration, and depending on the management solution enabled in OMS, the SCOM agents will collect data from the servers they are deployed to and send it either to OMS via the SCOM management group, or they will simply send the data directly to OMS.

In addition to collecting data from Windows and Linux computers and System Center, Log Analytics can also collect data from Azure resources such as Azure Diagnostics and Azure Monitor. Azure Diagnostics data can be written directly into Log Analytics, or sent to Azure storage, where Log Analytics is then able to read the storage logs. Log Analytics can also collect data from other Azure resources using connectors, which enable data to be sent from services such as Application Insights to Log Analytics. In addition, Log Analytics provides a REST API that enables data collection from other Azure services, third-party applications, and custom management solutions that can't send data through any of the aforementioned means.

Once sources are connected to Log Analytics, data sources are then collected from the various connected sources, based on data source configurations that are delivered to agents either directly, for directly connected computers, or through SCOM management packs, for agents that report to a SCOM management group that is integrated with OMS. Some examples of data sources include Windows Event logs, custom logs, Windows and Linux performance counters, and Syslog, among others.

Once the agent receives the data source configurations, it collects the specified data, and, depending on the collected data source - directly or via SCOM - it sends the data to Log Analytics. Once the collected data gets to OMS, it is then stored as records in the OMS repository. You will then be able to make use of the log search feature in Log Analytics to query and analyze the indexed data to glean insights about your cloud and on-premises environment and consume the data in various ways (visualize, alert, automate, integrate into workflows, and so on), which we will take a look at later in this book.

The following diagram depicts the flow of data from various connected sources to OMS and to the OMS repository for storage: