Previously on Microsoft Azure Operational Insights Preview Series:
- Microsoft Azure Operational Insights Preview Series – System Update Assessment (Part 1)
- Microsoft Azure Operational Insights Preview Series – Malware Assessment (Part 2)
- Microsoft Azure Operational Insights Preview Series – Log Management (Part 3)
- Microsoft Azure Operational Insights Preview Series – Capacity Planning (Part 4)
- Microsoft Azure Operational Insights Preview Series – Change Tracking (Part 5)
- Microsoft Azure Operational Insights Preview Series – Time Matters in Dashboard (Part 6)
- Microsoft Azure Operational Insights Preview Series – SQL Assessment (Part 7)
- Microsoft Azure Operational Insights Preview Series – Connecting Directly with Microsoft Monitoring Agent (Part 8)
- Microsoft Azure Operational Insights Preview Series – Alert Management (Part 9)
- Microsoft Azure Operational Insights Preview Series – The Azure Portal Experience (Part 10)
- Microsoft Azure Operational Insights Preview Series – Usability Improvements (Part 11)
- Microsoft Azure Operational Insights Preview Series – AD Assessment (Part 12)
- Microsoft Azure Operational Insights Preview Series – Removing Legacy Configuration Assessment (Part 13)
- Microsoft Azure Operational Insights Preview Series – New Onboarding User Experience (Part 14)
- Microsoft Azure Operational Insights Preview Series – Plans and Retention (Part 15)
This blog post is about a feature you may know or may not know about OpInsights. Besides ingesting data trough agents or SCOM OpInsights can ingest data trough Azure Storage as well. And you can place data in Azure Storage trough a Azure feature like Azure Diagnostics. So lets see how all this works.
First you will need to link your OpInsights workspace to your Azure Subscription and Add Azure Storage Account to it. You can check Part 10 of my series for this but your Azure you should have the following configured for the storage:
Now that we have this in place let’s see what we actually can ingest. Azure Diagnostics can collect different types of data but currently OpInsights can ingest some of it. Currently the matrix of what logs can be ingested and from what source is the following:
Now let’s see how to configure Windows Event logs for a VM.
To do this you will need to go to the Azure Preview portal:
Click Browse –> Virtual Machines
Select one of the Virtual Machines for which you want to activate Azure Diagnostics:
Click on the monitoring tile:
Select Diagnostics Settings and change status from Off to On:
Basically for Virtual Machine if you enable every Windows event log you can gather them. In my case I’ve also selected to collected everything from Verbose to Critical you can of course can decide to collect anything above warning.
You will also need to place these logs to the same storage account that is used by Operational Insights. When you are ready click save.
After around one hour if you execute the following query:
* | Measure count() by SourceSystem
You should see Events from source Azure Storage showing up:
Of course you can enable Azure Diagnostics even with Azure PowerShell. You can find example for this along on how to enable Azure Diagnostics on Web roles and Work roles on the Azure Operational Insights documentation site.
Cloud Administrator in Azure World 
4 thoughts on “Microsoft Azure Operational Insights Preview Series – Collecting Logs from Azure Diagnostics (Part 16)”