Azure Log Analytics: A little more about Usage

 

In post and post we’ve spoken about Usage but its a topic that comes up a lot.

I have a two step process, to identify the culprits if high usage is experienced.  I’ll also talk about planning later…and especially the recommendation to Alert on Usage!

Log Analytics shows Usage in two main places

1. Azure Monitor

For a overview with meter selection.  You can also swap to the newer pricing and get an estimate for that.

Open the Azure Portal – select Azure Monitor – select Usage & Estimated Costs fortheir subscriptions.  This will break down the costs to each meter:

clip_image002

2.   Log Analytics

Open the Azure Portal – select Azure Log Analytics – – select Usage & Estimated Costs (a different one to the one above).

This first page is useful.

clip_image004

  1. On the left we can see the break down between Ingestion (data sent to Azure) and retention (if above the 31days default).
  2. The top right chart shows the daily ingestion, useful to spot if we have a dramatic rise on a specific day.
  3. The last report breaks the costs down by solution, what are the highest ones?
  4. Then in the top left corner – you can get more details, press “Usage Details” – from the next screen I immediately toggle to 30days to show a month.
    1. We’d then look at the Data volume over time and Data by Solution details.
    2. The Volume over time is good to spot a few servers that are sending lots of data – like my vCenter one (16GB) in the below example. The entry “-“ is also of interest as that is PaaS or SaaS data.

clip_image005

Main docs page for Usage: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-usage

Planning

In this post the retention cap was mentioned.  This is a great feature for a workspace that you are using to test things in.  However if you place a cap on your production workspace you may miss some important data.  You need to decide on criticality vs cost.  If you have a legacy free workspace that is a good playground, if not create a new workspace and remember to cap it at 5GB.  However in both cases you should ALERT before you reach a threshold.  This is one mistake that I see most often.  Without a consumption alert its hard to tell when you are approaching your thresholds, it also could mean a bill you were not expecting!

Articles to help you are: https://blogs.technet.microsoft.com/msoms/2016/11/21/get-notified-if-oms-log-analytics-usage-is-higher-than-expected/

and

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-usage#create-an-alert-when-data-collection-is-higher-than-expected

Comments