Log Analytics

Definition

Azure Log Analytics is a service for collecting and analyzing log data from various sources, enabling better monitoring and troubleshooting capabilities.

Use Cases

• Microsoft: Security operations teams hunting and investigating suspicious sign-in and endpoint activity across a large enterprise environment. — Microsoft uses Azure Monitor Log Analytics workspaces as part of Microsoft Sentinel deployments to ingest logs (for example, Azure AD sign-in logs, Microsoft Defender telemetry, and infrastructure logs) and run KQL queries for detection, investigation, and threat hunting. (Centralized visibility and faster investigation by correlating events across identity, endpoints, and cloud resources in one queryable store.)
• GitHub: Monitoring and troubleshooting service reliability by analyzing application and infrastructure logs to detect incidents and reduce time to resolution. — GitHub has publicly discussed operating large-scale services on Azure and using Azure’s monitoring stack; Log Analytics workspaces can be used to aggregate platform and application logs and query them with KQL to identify error patterns and correlate with deployments. (Improved operational insight by quickly finding recurring failure signatures and correlating issues across distributed components.)

Provider Equivalents

• AWS: Amazon CloudWatch Logs Insights
• Azure: Azure Monitor Log Analytics (Log Analytics workspace)
• GCP: Cloud Logging Log Analytics
• OCI: OCI Logging Analytics

Frequently Asked Questions

What's the difference between Log Analytics and Application Insights?

Log Analytics is a general-purpose log store and query engine for many data types (VM logs, platform logs, custom logs, security logs) using KQL. Application Insights focuses on application performance monitoring (APM) such as request rates, dependencies, exceptions, and distributed tracing. In practice, Application Insights data can be queried in Log Analytics, but Application Insights is optimized for app telemetry and tracing.

When should I use Log Analytics?

Use it when you need centralized log collection and powerful querying across multiple resources or services—especially for incident investigation, security hunting, compliance reporting, and cross-system troubleshooting. It’s a good fit when you want to correlate signals (for example, VM performance + firewall logs + identity sign-ins) in one place using KQL.

How much does Log Analytics cost?

Pricing is mainly based on data ingestion (GB/day) into the Log Analytics workspace and data retention beyond the included retention period. Costs can also be affected by solutions/features that generate additional data, and by exporting data. To control spend, filter noisy logs, set appropriate retention, use sampling where possible, and monitor daily ingestion by table.

Category: monitoring

Difficulty: advanced

Related Terms

• Logging

See Also

• CloudWatch
• Prometheus
• Grafana
• CloudWatch Logs
• Azure Monitor