diff --git a/src/content/docs/azure/services/log-analytics.mdx b/src/content/docs/azure/services/log-analytics.mdx new file mode 100644 index 00000000..3f939ab7 --- /dev/null +++ b/src/content/docs/azure/services/log-analytics.mdx @@ -0,0 +1,195 @@ +--- +title: "Log Analytics" +description: Get started with Azure Log Analytics on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Log Analytics Workspaces are the primary data store for Azure Monitor log data. +They collect, index, and query log and metric data from Azure resources, virtual machines, and custom sources. +Log Analytics Workspaces are commonly used as the central destination for diagnostic settings, Azure Monitor agents, and security audit logs in enterprise monitoring architectures. For more information, see [Log Analytics workspace overview](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Log Analytics Workspaces. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Log Analytics' integration with LocalStack. + +## Getting started + +This guide walks you through creating a Log Analytics Workspace, retrieving its shared keys, and deleting the workspace. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-laws-demo --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo", + "location": "eastus", + "name": "rg-laws-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a Log Analytics Workspace + +Create a Log Analytics workspace with a 30-day data retention period: + +```bash +az monitor log-analytics workspace create \ + --name my-workspace \ + --resource-group rg-laws-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "retentionInDays": 30, + "sku": { "name": "PerGB2018" }, + "type": "Microsoft.OperationalInsights/workspaces", + ... +} +``` + +### Retrieve workspace shared keys + +Retrieve the primary and secondary shared keys used to send logs directly to the workspace: + +```bash +az monitor log-analytics workspace get-shared-keys \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +{ + "primarySharedKey": "466ea8d8-cdb5-4cca-a1fc-52589bc6656f", + "secondarySharedKey": "92b87aac-a029-4c98-b992-4d36a52eb2a5" +} +``` + +### List workspaces + +List all Log Analytics workspaces in the resource group: + + +Then list all workspaces to confirm the resource group is now empty: + +```bash +az monitor log-analytics workspace list \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "type": "Microsoft.OperationalInsights/workspaces" + } +] +``` + +### Show a workspace + +Retrieve the full details of the workspace, including its unique customer ID: + +```bash +az monitor log-analytics workspace show \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "retentionInDays": 30, + "sku": { "name": "PerGB2018" }, + "type": "Microsoft.OperationalInsights/workspaces" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor log-analytics workspace delete \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo \ + --yes +``` + + +Then list all workspaces to confirm the resource group is now empty: + +```bash +az monitor log-analytics workspace list \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Workspace lifecycle:** Create, read, list, update, and delete Log Analytics Workspaces. +- **Shared key retrieval:** Retrieve primary and secondary shared keys via `get-shared-keys`. +- **SKU configuration:** Accept `PerGB2018`, `Free`, `Standard`, `Premium`, `PerNode`, and `Standalone` SKUs. +- **Retention configuration:** Configure log retention period in days. +- **Activity Logs:** Activity log events generated by LocalStack operations are fully emulated and queryable via the Activity Log API. + +## Limitations + +- **No log ingestion:** Data sent to the Log Analytics HTTP Data Collector API is not stored. +- **No KQL query execution:** Running `az monitor log-analytics query` is not supported. +- **No table or schema management:** Custom tables, table schemas, and retention policies per table are not managed. +- **No saved searches:** Saved queries and search functions are not supported. +- **No linked services:** Linking Automation accounts or Security Center to a workspace is not emulated. +- **No Azure Sentinel / Microsoft Defender:** Security information and event management (SIEM) features are not emulated. + +## Samples + +The following sample demonstrates how to use Azure Log Analytics with LocalStack for Azure: + +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) + +## API Coverage + +