How to Create an Azure Log Analytics Workspace

Recently I attended a very interesting webinar about the new features and capabilities of Azure Monitor Logs also known earlier as Log Analytics, check out this link. Today I want to show you how to create a Log Analytics workspace using Azure Powershell. Prerequisites

The Az.OperationalInsights module version 1.0.0 or later
This tutorial assumes that you already have a Microsoft Azure account set up.

Azure PowerShell Workaround>

Azure PowerShell Workaround #

If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you’re ready to start.

Set the variables>

Set the variables #

Here, we define the characteristics of our environment.

$resourceGroupName = "RG-DEMO"
$subscriptionID = (Get-AzSubscription).Id
$workspaceName = "DefaultWorkspace-" + (Get-Random -Maximum 99999) + "-" + $ResourceGroupName
$Location = "westeurope"

Resource Group>

Resource Group #

With the following command in PowerShell, we obtain the list of existing resource groups in your subscription.

Get-AzResourceGroup `
    | Select-Object ResourceGroupName, Location

If you need to create a new resource group, check out this link.

Location>

Location #

With the following cmdlet in PowerShell, we obtain the list of existing locations in Azure.

Get-AzLocation `
    | Select-Object DisplayName, Location

#

Create a workspace>

Create a workspace #

To create a new workspace, use the New-AzOperationalInsightsWorkspace cmdlet with the following syntax:

New-AzOperationalInsightsWorkspace `
    -Location $location `
    -Name $workspaceName `
    -Sku Standard `
    -ResourceGroupName $resourceGroupName

#

-Sku parameter: Specifies the service tier of the workspace.

free
standard
standalone
premium

List the available solutions>

List the available solutions #

Once the workspace is created, you can add solution packs to expand the capabilities of your Workspace in Azure. To obtain a list of the available Intelligence Packs for your Workspace, use the Get-AzOperationalInsightsIntelligencePacks with the following syntax:

Get-AzOperationalInsightsIntelligencePacks `
    -ResourceGroupName $resourceGroupName `
    -WorkspaceName $workspaceName

Get-AzOperationalInsightsIntelligencePacks

Add a solution to the workspace>

Add a solution to the workspace #

As an example, using the following command I will add the “Security Center Free” solution.

$solution = "SecurityCenterFree"
Set-AzOperationalInsightsIntelligencePack `
    -ResourceGroupName $resourceGroupName `
    -WorkspaceName $workspaceName `
    -IntelligencePackName $solution `
    -Enabled $true

Set-AzOperationalInsightsIntelligencePack

To verify the enabled solutions you can use the following command:

(Get-AzOperationalInsightsIntelligencePacks -ResourceGroupName $resourceGroupName -WorkspaceName $workspaceName).Where({($_.enabled -eq $true)})

Removes a workspace>

Removes a workspace #

If you want to delete the workspace, use the Remove-AzOperationalInsightsWorkspace cmdlet with the following syntax.

Remove-AzOperationalInsightsWorkspace `
    -ResourceGroupName $resourceGroupName `
    -Name $workspaceName

Thanks for reading my post. I hope you find it useful.

In the next post, I will show you how to connect your virtual machines to the Log Analytics Workspace to collect and analyze data.

If you want to know more about Log Analytics, check out this link.