8 hours 33 minutes
Hello, Siberians. Welcome to this lesson on Azure Log Analytics. This lesson is part of the seventh model Off the is at 500 Microsoft as your security technologies class quick information on what will be covering in this lesson.
We'll start out with an overview off. Agile Log Analytics will then discussed it a collection and data analyses as it relates to love analytics or discuss the query, language, syntax,
monitoring solutions on Finally, the retention and Security in Log ANALITICO. Let's get into this. Let's start by clarifying the name.
The service log banalities came from a previous service in hasher called O. M s Operations Management Street. Um, esses gone now, and it's evolved to be the service that's now called Log Analytics,
and it's currently going to every Brandon to be called as your monitor looks. But L to clarify the time as your monitor logs is mainly used to describe the Back and Data store, which is called the Log Analytics workspace. While the front and service is still largely referred to US log and knowledge ICS.
So what is Log Analytics?
It is an azure service that is used for performing complex analyses because data from a variety of sources on its beauty on top of another at your service, called Azure that I explored
data in Log Analytics can be retrieved using evasion off the coast. Aquarian language is the language that is typically used for big data queries. Or if you're familiar with same solutions like Splunk,
there's a similar out of the language that is used to begin to use log banalities with first of all, needs to collect data from different sources on bring them into a Log Analytics workspace. What sources can we collect data from? We can collect data from multiple sources, including metrics,
activity logs on results, locks that we talked about in the previous lesson.
We can also collect data from veteran machines instead. Anywhere isn't an agent or even other azure services like Security Center. So where is the Deter Start? Data collected its start in a log Analytics workspace on when the data arrives in log analytics,
the assorted into tables that stars data from different sources.
So, for example, there is an azure activity table that it's used to start as your activity log data. Once we started collecting them, there's also an azure metrics taboo that it's used to start as your metrics data once we start collecting them.
So what's data is in a log? Analytics workspace. What can we do with the data? Data can be queried using the Cousteau query language, and we can use that to retrieve toe consolidates, to cover late and to analyze data in our workspace. We can save as such queries
for use with visualizations. We can even pin those visualizations
to dash spots. We can configure a latte based on the results that I've returned. We could use our searches to trigger automated responses to event. We can also export data from a Log Analytics workspace in tow. Other external services
now to retrieve, consolidate and analyze data In a Log Analytics workspace, we use a query language called the Costa Query Language. On a quiver. Syntax usually start with the name off the table
in the workspace that were pulling data from on that followed by a pipe symbol on a set off commands and operators to future and process. That data
like the example that we can see on the screen. More complex analyses might use the joint or the union command to retrieve data from multiple tables in the workspace toe, analyze the results together. Like the examples, I light it on the screen. Now,
when it comes to analyzing data in our workspace,
we can do the analysis ourselves using the Costa query language, as we mentioned earlier.
But we can also use monitoring solutions to make things easier for ourselves.
Monitoring solutions include pre defined ANALITICO logic to get insight,
and what it does is the process data in a workspace without exposing our study on the line queries
on as you can see in the diagram on the right. Inside their different monitoring traditions that exist for different services,
there was a monitoring solution for activity. Logs for key vote for stream analitico on for many other services in Azure.
Let's talk about the debt of attention and security. First of all, detention did us in just that. Intra Log analytics workspace is retained for free for Taito. One days. If we happen, toe an a boo as your sentinel for that workspace.
That data can be retained for free for night two dates. We can extend the retention period off a log analytics workspace up to a maximum of two years, but that adds on associated costs for that extended retention if want to. We can also configure retention by data. Type
on this kind of help to address the use case where we want seven types of data to be kept for longer and some for short, a period in terms of security. All data in a Log Analytics workspace is encrypted at rest by Microsoft. And if we're collecting data from Windows retro missions and way
the transit off, the data from the end point to the workspace is encrypted.
So he has a somebody off what we covered in this lesson.
We started with an overview off Log Analytics.
Within this cost data collection on deter analyses as it relates to North. Analytics would discuss the query language. Syntax, which is the Costa Query language,
would discussed monitoring solutions. And finally, we've discussed it. Our attention and security
Thanks very much for watching on. I'll see you in the next lesson