Skip to content

Azure Docs: Azure Log Analytics #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
paolosalvatori wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Azure Docs: Azure Log Analytics #582

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
195 changes: 195 additions & 0 deletions src/content/docs/azure/services/log-analytics.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
---
title: "Log Analytics"
description: Get started with Azure Log Analytics on LocalStack
template: doc
---

import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage";

## Introduction

Azure Log Analytics Workspaces are the primary data store for Azure Monitor log data.
They collect, index, and query log and metric data from Azure resources, virtual machines, and custom sources.
Log Analytics Workspaces are commonly used as the central destination for diagnostic settings, Azure Monitor agents, and security audit logs in enterprise monitoring architectures. For more information, see [Log Analytics workspace overview](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview).

LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Log Analytics Workspaces.
The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Log Analytics' integration with LocalStack.

## Getting started

This guide walks you through creating a Log Analytics Workspace, retrieving its shared keys, and deleting the workspace.

Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running:

```bash
azlocal start-interception
```

This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API.
To revert this configuration, run:

```bash
azlocal stop-interception
```

This reconfigures the `az` CLI to send commands to the official Azure management REST API.

### Create a resource group

Create a resource group to hold all resources created in this guide:

```bash
az group create --name rg-laws-demo --location westeurope
```

```bash title="Output"
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo",
"location": "eastus",
"name": "rg-laws-demo",
"properties": { "provisioningState": "Succeeded" },
"type": "Microsoft.Resources/resourceGroups"
}
```

### Create a Log Analytics Workspace

Create a Log Analytics workspace with a 30-day data retention period:

```bash
az monitor log-analytics workspace create \
--name my-workspace \
--resource-group rg-laws-demo \
--location westeurope
```

```bash title="Output"
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace",
"location": "eastus",
"name": "my-workspace",
"provisioningState": "Succeeded",
"resourceGroup": "rg-laws-demo",
"retentionInDays": 30,
"sku": { "name": "PerGB2018" },
"type": "Microsoft.OperationalInsights/workspaces",
...
}
```

### Retrieve workspace shared keys

Retrieve the primary and secondary shared keys used to send logs directly to the workspace:

```bash
az monitor log-analytics workspace get-shared-keys \
--workspace-name my-workspace \
--resource-group rg-laws-demo
```

```bash title="Output"
{
"primarySharedKey": "466ea8d8-cdb5-4cca-a1fc-52589bc6656f",
"secondarySharedKey": "92b87aac-a029-4c98-b992-4d36a52eb2a5"
}
```

### List workspaces

List all Log Analytics workspaces in the resource group:


Then list all workspaces to confirm the resource group is now empty:

```bash
az monitor log-analytics workspace list \
--resource-group rg-laws-demo
```

```bash title="Output"
[
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace",
"location": "eastus",
"name": "my-workspace",
"provisioningState": "Succeeded",
"resourceGroup": "rg-laws-demo",
"type": "Microsoft.OperationalInsights/workspaces"
}
]
```

### Show a workspace

Retrieve the full details of the workspace, including its unique customer ID:

```bash
az monitor log-analytics workspace show \
--workspace-name my-workspace \
--resource-group rg-laws-demo
```

```bash title="Output"
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace",
"location": "eastus",
"name": "my-workspace",
"provisioningState": "Succeeded",
"resourceGroup": "rg-laws-demo",
"retentionInDays": 30,
"sku": { "name": "PerGB2018" },
"type": "Microsoft.OperationalInsights/workspaces"
...
}
```

### Delete and verify

Delete the resource and confirm it no longer appears in the list:

```bash
az monitor log-analytics workspace delete \
--workspace-name my-workspace \
--resource-group rg-laws-demo \
--yes
```


Then list all workspaces to confirm the resource group is now empty:

```bash
az monitor log-analytics workspace list \
--resource-group rg-laws-demo
```

```bash title="Output"
[]
```

## Features

- **Workspace lifecycle:** Create, read, list, update, and delete Log Analytics Workspaces.
- **Shared key retrieval:** Retrieve primary and secondary shared keys via `get-shared-keys`.
- **SKU configuration:** Accept `PerGB2018`, `Free`, `Standard`, `Premium`, `PerNode`, and `Standalone` SKUs.
- **Retention configuration:** Configure log retention period in days.
- **Activity Logs:** Activity log events generated by LocalStack operations are fully emulated and queryable via the Activity Log API.

## Limitations

- **No log ingestion:** Data sent to the Log Analytics HTTP Data Collector API is not stored.
- **No KQL query execution:** Running `az monitor log-analytics query` is not supported.
- **No table or schema management:** Custom tables, table schemas, and retention policies per table are not managed.
- **No saved searches:** Saved queries and search functions are not supported.
- **No linked services:** Linking Automation accounts or Security Center to a workspace is not emulated.
- **No Azure Sentinel / Microsoft Defender:** Security information and event management (SIEM) features are not emulated.

## Samples

The following sample demonstrates how to use Azure Log Analytics with LocalStack for Azure:

- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md)
- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md)

## API Coverage

<AzureFeatureCoverage service="Microsoft.OperationalInsights" client:load />