How to deploy the Log Analytics Agent
In my last post, I explained to create a Workspace of log analytics, check out this link. Today I want to show you how to deploy the Log Analytics agent virtual machine extension to an existing virtual machine using Azure PowerShell. Prerequisites
- The Az.OperationalInsights module version 1.0.0 or later
- This tutorial assumes that you already have a Microsoft Azure account set up.
Azure PowerShell Workaround #
If you want to know how to install the PowerShell Azure module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.
Connect-AzAccount
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:
Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"
Once you set your default subscription, you’re ready to start.
Set the variables #
Here, we define the characteristics of our environment.
$resourceGroupName = "RG-DEMO"
$Location = "westeurope"
$workspace = Get-AzOperationalInsightsWorkspace `
-ResourceGroupName $resourceGroupName
A Log Analytics workspace has a workspace ID and a couple of workspace keys that we will need to install the extensions in the virtual machines and register them in this workspace. We can obtain this data, using the following commands:
$workspaceId = $workspace.CustomerId
$workspaceKey = Get-AzOperationalInsightsWorkspaceSharedKeys `
-ResourceGroupName $resourceGroupName `
-Name $Workspace.Name
Deploy the Log Analytics agent #
Using the Set-AzVMExtension cmdlet you can implement the extension of the virtual machine of the Log Analytics agent in the existing virtual machines. Before executing the command, public and private configurations must be stored in a PowerShell hash table. Important: This operation requires that the virtual machines are running.
$Publicsettings=@{"workspaceId" = $workspaceId}
$Protectedsettings=@{"workspaceKey" = $workspaceKey.primarysharedkey}
$vms=Get-AzVM `
-ResourceGroupName $resourceGroupName `
| Where-Object {$_.name -match "DEMO"}
foreach($vm in $vms){
$vmName=$vm.name
Set-AzVMExtension `
-ExtensionName "Microsoft.EnterpriseCloud.Monitoring" `
-ResourceGroupName $resourceGroupName `
-VMName $vmName `
-Publisher "Microsoft.EnterpriseCloud.Monitoring" `
-ExtensionType "MicrosoftMonitoringAgent" `
-TypeHandlerVersion 1.0 `
-Settings $PublicSettings `
-ProtectedSettings $ProtectedSettings `
-Location $Location
}
Verify the deployment state #
Using the Get-AzVMExtension cmdlet with the following syntax. You can see the implementation status of the extensions for the designated virtual machines.
$vms=Get-AzVM `
-ResourceGroupName $resourceGroupName `
| Where-Object {$_.name -match "DEMO"}
foreach($vm in $vms){
$vmName=$vm.name
Get-AzVMExtension `
-ResourceGroupName $resourceGroupName `
-VMName $vmName `
-Name "Microsoft.EnterpriseCloud.Monitoring" `
|Select-Object VMName,Publisher,ExtensionType,ProvisioningState
}
In the next post, I will show you how to collect system events and performance counters from the virtual machines connected to the workspace.
Thanks for reading my post. I hope you find it useful.
If you want to know more about Log Analytics, check out this link.