Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Henault Siberians. Welcome to this demonstration on agile Log analytics.
00:05
This demonstration is part of the seventh month do off the Desert 500. Microsoft Azure Security Technologies costs
00:13
some quick information on the activities that will be completing in this demo.
00:18
We'll start by creating a Log Analytics workspace that will be collecting data into
00:25
wouldn't connect data sources to our workspace
00:28
and finally were explored data in a workspace using the Log Analytics service. Let's get into this.
00:36
So in the first test, I'll be creating a new log analytics workspace,
00:42
hand heavyset visual representation of what? I'll be dean
00:46
from the age Apatow. Are we creating a new workspace in the UK South region?
00:52
So here I am in the Azure Pato
00:54
and the such option at the top. If I click on that and if I search for loved, ANALITICO is. And if I select log analytics workspaces now, I currently have two existing workspaces are quiet and click on hard to create a new one.
01:07
Now for the results Group off the workspace out. Put it in the logs. Risa, screw up.
01:14
And for the name of the workspace, I'll be Colin. Eight Super Clouds workspace in UK Self
01:19
on my go ahead and click next surprising Tear.
01:23
Now I have on the one pricing tier option, which is the pay as you go. Options are grayed and leave it at that and I'll go ahead and click on review. Plus creates
01:32
a wide and click on creates,
01:34
so that only took a few seconds. And the Log Analytics workspace is not fully created. If I Guidant, we can go to the resource on here is my workspace
01:45
in the next task. How be connecting data sources to the new workspace
01:51
hand heavyset visual representation of what I'll Be Dean.
01:53
How installed the monitoring agent on a Java virtual machine to collect his results, log into the new workspace.
02:02
How also configure diagnostic settings off my subscription activity logs to collect that later into the workspace.
02:12
So here I am, back in the Azure Potter.
02:15
Now, there two ways for me to do what I'm about to do.
02:19
I can griet and completes. The process is directly from Log analytics here,
02:23
So if I scroll down and I go to work space data sources, you see that I have an option to connect veteran machines and also to connect on azure subscription activity. Log into this workspace.
02:36
I can also do these from the context off the resources themselves. So if I go ahead, too, as your monitor
02:45
on vitally on activity, log on, I have diagnostic settings here. If I go, I'd and click on diagnostic settings.
02:52
I have the option to create a new diagnostic setting to collect the activity. Log into a service.
02:59
Now for the diagnostic settle name. I'll give that send activity locks to log analytics.
03:05
I'll go ahead and select all the logs
03:08
in activity logs
03:12
and are wired and select the option to sense to log analytics
03:15
on our Selects. The new workspace that I created now, which is the Super clouds workspace
03:21
Once I have that configured our great and click on Safe.
03:25
So that's updated. And now the activity Luxury. Now we sent toe the Log analytics workspace
03:32
for the veg, a machine out, click in the top option here and go to virtual machines.
03:38
If I go ahead and select my windows virtual machine
03:40
knife, I scrolled down. There's an option called logs on the monitoring sections. If I guide and selected locks option
03:51
on if I scroll down, there's an enable option here if I go ahead and click on. And never
03:55
you can say that I have the option to install the Microsoft Monitoring Agent extension on this virtual machine.
04:02
And I can specify the workspace that I want to collect the resource locks into. In this case, now be the super clouds workspace. If I go ahead and select that
04:14
on by Griet and click on the enable option.
04:16
The other thing to mention while this is going on
04:19
is that we can also use as your policy toe enable these at skill so we can have a policy configuration that when Frosties across a subscription or even from a management group perspective,
04:33
so that completed. Successful in. Now,
04:36
if I griet and I click on the notification option, you can see that the deployments accident and that took a few minutes to complete.
04:45
So in the final task, how be exploring the data in the Log Analytics workspace?
04:50
Hand Harris a visual representation of what RB Dean are explored. The tables that collected data, a start in large analytics.
04:59
I also use a simple query to retrieve data from the workspace using cake. You help.
05:04
So here I am, back in the azure Pato.
05:08
If I go ride on select Log Analytics workspaces And if I select my workspace here
05:15
now to be able to explode data in the workspace, I can scroll down and click on lugs.
05:23
If I click on that, in fact, we can get started
05:27
now one of the things that log Analytics as is it as example, queries that we can use on its list of them by services on the left on site. So, for example, the Aquarius relating to veteran machines for sick or database or service boss
05:43
our way and just close this.
05:46
So I'm currently in log analytics and you can see that is a top open called nuclear E one.
05:53
On the left hand side, we have table, so tables are where data actually start in the workspace.
05:59
So if I expand this,
06:01
I can see the different tables that exists. So, for example, this is the table that stars as your activity logs. And here's the table that stars as your metrics on a table that starts windows events.
06:14
So what are we doing is out. Just show you a brief, simple query on how we can actually just used Log analytics itself to construct that query.
06:21
So, for example, Air is a table for VM computer for great and expands that I can see the schema. You know, the washed, the different data that are collected within this table. If I go and double click on the table, you can see that it's listed that in the query, If I go ahead and click, Ron
06:39
is going to get all the information in this stable on display that on the screen.
06:44
Now I have the future option. If I go, I ardently confuse it.
06:47
It's going to give me a way to be ableto begin to use the information that's displayed to feel time, my data.
06:55
So that's where I can school down.
06:57
I can select. For example, show me and virtual machines that's running Windows seven. In fact, we can apply and run. It's going to automatically had the right operator on the future for me in the query tap on my go ahead and click around to that. It kissed me the same result, but you see what I mean, right?
07:14
So obviously Costa query language goes much more dependent. But this is just to give you an introduction
07:19
off how you can begin to explode data within the workspace,
07:24
the other good Phineas. If wanted to starts generating the lats based on Aquarius, we can guide and click on new collateral. So if I click on that option,
07:33
it's gonna take me to where can use as your monitor leads to create in a locked room. So, for example, if my query returns results, that's greater than in number. Divide define. I can automatic calories and a lot pissed in that and you can see that is a monthly cost. Associate it with that.
07:51
So here's a somebody off the activities that we completed in this demonstration.
07:57
We started by creating in log Analytics workspace
08:00
with all connected data sources to the workspace. And finally we explored data in our workspace.
08:07
Thanks very much for watching, and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor