This optimization involves customizing retention periods for different log types based on their criticality and ensuring that you adhere to any regulatory compliance requirements.
What is Azure Log Analytics?
The Azure Log Analytics tool is used to edit and run the log queries. This tool analyzes the result of the data which is gathered by Azure Monitor logs. Log Analytics queries let you find trends, identify patterns, and extract a variety of operational insights from your data by retrieving records that meet specific criteria.
What is Azure Log Analytics Workspace?
Log Analytics Workspace is a dedicated container of the Azure environment. It is primarily designed for storing log data from Azure Monitor and other Azure services. Microsoft Sentinel and Defender for Cloud are examples of Azure services. As each workspace has its own configuration and data repository from several services can be combined.
In essence, Azure Log Analytics is the service that powers log management, while the Azure Log Analytics Workspace functions as the dedicated storage and analysis environment for your log data.
Log Analytics Retention Period: Optimizing Storage for Your Needs
The concept of Log Analytics retention period refers to the duration for which data is stored within your Log Analytics Workspace. This timeframe plays a crucial role in balancing cost-efficiency and data availability for effective application monitoring. Typically Azure Log Analytics
Retention Period is up to 90 days. However, it can be extended and customized. The cost of Log Analytics depends on the pricing tier, data retention, and solution requirements.
When you adjust or decrease the log analytics retention setting in Azure Monitor, the data will be stored for 30 days before it is completely deleted. It allows users to undo the changes and prevent data loss due to configuration errors. However, if it is necessary, the data can be deleted immediately. Likewise, if the user increases the log analytics retention setting, it will apply to all existing data in the table that has not been deleted yet.
When archive settings are modified the data and pertinent data stored in the table will be affected immediately. Through the Azure portal, you can configure a Log Analytics workspace’s default retention duration to anywhere between 30 and 730 days.
It’s important to distinguish between retention and archive settings. While retention determines how long data is stored within the workspace, archive settings define how long data is accessible for querying after it’s purged from the primary storage. Any modifications to archive settings take effect immediately for the affected data tables. To change the data retention term, you must upgrade to the premium tier.
Here are the steps for the Log Analytics Retention Period:
Step 1: Log into the Azure Portal.
Step 2: Navigate to Log Analytics Workspace (select your workspace).
Step 3: Under General>> Click Usage and Estimated Costs.
Step 4: Under usage and estimated cost select data retention.
Data retention by default is set as 30 days you can change it according to your need.
Note: Insight data types are retained for 90 days by default, using workspace retention if they are over 90 days old.
Step 5: Click OK to save your changes.
If you want to set the different retention period table, then follow the below steps.
A list of important factors to consider when retaining data.
Changing the retention at the workspace level will change the table retention any longer on the one previously modified for this, you will need to use some simple ARM commands.
- To continue we need to know the resource id first to retrieve the Log Analytics workspace resource id.
- To get that id navigate to resource explorer.
- Under resource explorer.
- Select your subscription and then select the resource group.
Step 6: Once you get the resource explorer click on subscription and then navigate all the resources till the one you want to operate on.
Step 7: Now that we have the workspace resource-id, you just need to add the table name and API information to run the necessary command.
By running the GET command throughARMClient, passing the resource id
ARMClient.exe get “/subscriptions/9df78e42-893b-4152-b04ff80674a99c67/resourceGroups/SmartAppsCOM-rg/providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/Tables/AzureDiagnostics?api-version=2017-04-26-preview”
Now that we have the workspace resource-id, you just need to add the table name and API information to run the necessary command.
Step 8: Now when we get the retention period we can set the retention according to our need by below the ARM command.
ARMClient.exe put “/subscriptions/9df78e42-893b-4152-b04f-f80674a99c67/resourceGroups/SmartAppsCOM-rg/providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/tables/InsightsMetrics?api-version=2017-04-26-preview” “{‘properties’:{‘retentionInDays’:7}}”
Step 9: But if you want to set it back. You can use a null value. Use below command
ARMClient.exeput”/subscriptions/9df78e42-893b-4152-b04f-f80674a99c67/resourceGroups/SmartAppsCOM-rg/providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/Tables/InsightsMetrics?api-version=2017-04-26-preview” “{‘properties’:{‘retentionInDays’:null}}”
We are done with the retention period.
Optimizing Log Analytics Retention for Cost-Effective Monitoring
Optimizing Log Analytics retention in Azure is crucial for effective data management and cost control. The balance between cost-efficiency and data availability empowers businesses to make informed decisions regarding application health. Organizations can even customize their data retention strategies to meet specific requirements by changing retention settings at both the workspace and table levels. This ensures that valuable insights are retained while minimizing unnecessary storage costs.
If your business struggling with Log Analytics retention and seeking a log management solution. Then you’ve come to the right place. For all you need, seasoned engineers at MoreYeahs provide Microsoft Azure Consulting Services and help you meet the highest standards of performance.
Let’s Connect.
FAQ
If you want to change the default retention policy in Log Analytics Workspace here are the steps:
- •Select your workspace in the Azure Portal
- •Go to General Settings
- •Modify the data retention duration to suit your needs
The default retention policy for log analytics workspace is usually 30 days. However, it can be altered and expanded as per the unique requirements.
The default retention policy for log analytics workspace is usually 30 days. However, it can be altered and expanded as per the unique requirements.
Log retention is essential for compliance, auditing, troubleshooting, and historical analysis purposes. It makes sure that log data are kept for the specified time which helps businesses meet regulatory requirements and gather insights about system behavior over time.
Depending on the log source and configuration the default log retention hours can be changed. Logs are typically stored for 720 hours however; this can be changed as per the requirement to meet Azure Log Analytics Retention Time.
Must Read the Other Articles on Azure: