| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Add Azure Log Analytics management solutions | Microsoft Docs |
Operations Management Suite (OMS) / Log Analytics management solutions are a collection of logic, visualization, and data acquisition rules that provide metrics pivoted around a particular problem area. |
log-analytics |
bandersmsft |
carmonm |
f029dd6d-58ae-42c5-ad27-e6cc92352b3b |
log-analytics |
na |
na |
na |
article |
08/15/2017 |
banders |
H1Hack27Feb2017 |
Log Analytics management solutions are a collection of logic, visualization, and data acquisition rules that provide metrics pivoted around a particular problem area. This article lists management solutions supported by Log Analytics and shows you how to add and remove for a workspace by using the Azure portal. You can also add solutions in the OMS portal using the Solutions Gallery.
Management solutions allow deeper insights to:
- Help investigate and resolve operational issues faster
- Collect and correlate various types of machine data
- Help you be proactive with activities that the solution exposes.
Note
Log Analytics includes Log Search functionality, so you don't need to install a management solution to enable it. However, you get data visualizations, suggested searches, and insights by adding management solutions to your workspace.
Using this article, you add management solutions to a workspace using the Azure portal Marketplace. After you've added a solution, data is collected from the servers in your infrastructure and sent to the OMS service. Processing by the OMS service typically takes a few minutes to an hour. After the service processes the data, you can view it in OMS.
You can easily remove a management solution when it is no longer needed. When you remove a management solution, its data is not sent to OMS. If you are on the Free pricing tier, removing a solution can reduce the amount of data used, helping you stay under daily quota of data.
The Azure marketplace contains the list of management solutions for Log Analytics.
You can install management solutions from Azure marketplace by clicking the Get it now link at the bottom of each solution.
- If you haven't already done so, sign in to the Azure portal using your Azure subscription.
- In the New blade under Marketplace, select Monitoring + management.
- In the Monitoring + management blade, click See all.
- To the right of Management Solutions, click More.
- In the Management Solutions blade, select a management solution that you want to add to a workspace.
- In the management solution blade, review information about the management solution, and then click Create.
- In the management solution name blade, select a workspace that you want to associate with the management solution.
- Optionally, change workspace settings for the Azure subscription, resource group, and location. You can also choose Automation options. Click Create.
- To start using the management solution that you've added to your workspace, navigate to Log Analytics > Subscriptions > workspace name > Overview. A new tile for your management solution is displayed. Click the tile to open it and start using the solution after data for the solution is gathered.
- In the Azure portal, navigate to Log Analytics > Subscriptions > workspace name and then in the workspace name blade, click Solutions.
- In the list of management solutions, select the solution that you want to remove.
- In the solution blade for your workspace, click Delete.
- In the confirmation dialog, click Yes.
The following table identifies which management solutions belong to each Operations Management Suite offer. The table also identifies the pricing tiers that are available for each management solution. All solutions in the following table are available from within the Azure portal and the solutions gallery in the Log Analytics portal.
| Management solution | Offer | Pricing tiers1 | Notes |
|---|---|---|---|
| Activity Log Analytics |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
90 days of data are available free of charge Data not subject to the Free tier cap |
| AD Assessment |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| AD Replication Status |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Not available to add from Azure portal/marketplace. |
| Agent Health |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Data not subject to the Free tier cap Not available to add from Azure portal/marketplace. |
| Alert Management |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Not available to add from Azure portal/marketplace. |
| Application Insights Connector (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Automation Hybrid Worker |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
| Azure Application Gateway Analytics |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Azure Network Security Group Analytics |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Azure SQL Analytics (Preview) |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
| Azure Web Apps Analytics |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Backup |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Requires a classic Backup vault. Not available to add from Azure portal/marketplace. |
| Capacity and Performance (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Change Tracking |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
| Containers |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| IT Service Management Connector (Preview) |
|
Free Per Node (OMS) |
|
| HDInsight HBase Monitoring (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Key Vault Analytics |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Logic Apps B2B |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Not available to add from Azure portal/marketplace. |
| Malware Assessment |
|
Free Standalone Per Node (OMS) |
If you add the Security and Compliance solutions after June 19, 2017 billing is per node, regardless of the workspace pricing tier. The first 60 days are free. |
| Network Performance Monitor |
|
Free Per Node (OMS) |
|
| Office 365 Analytics (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Security and Audit |
|
Free Standalone Per Node (OMS) |
Collecting security event logs requires this solution If you add the Security and Compliance solutions after June 19, 2017 billing is per node, regardless of the workspace pricing tier. The first 60 days are free. |
| Service Fabric Analytics (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Service Map (Preview) |
|
Free Per Node (OMS) |
Available in East US, West Europe, and West Central US |
| Site Recovery |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Requires a classic Site Recovery vault. Not available to add from Azure portal/marketplace. |
| SQL Assessment |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Start/Stop VMs during off-hours (Preview) |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
| SurfaceHub |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
Not available to add from Azure portal/marketplace. |
| System Center Operations Manager Assessment (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Update Management |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
| Update Compliance (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
No charge for data or nodes Data not subject to the Free tier cap. Not available to add from Azure portal/marketplace. |
| Upgrade Readiness |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
No charge for data or nodes Data not subject to the Free tier cap. Not available to add from Azure portal/marketplace. |
| VMware Monitoring (Preview) |
|
Free Standard Premium (OMS) Per GB (Standalone) Per Node (OMS) |
|
| Wire Data 2.0 (Preview) |
|
Free Per Node (OMS) |
Available in East US, West Europe, and West Central US |
1 The Standard and Premium (OMS) pricing tiers are only available for customers who created their Log Analytics workspace prior to September 21, 2016.
Community provided solutions are available from the Azure template gallery and direct from the authors.
| Management solution | Offer | Pricing tiers | Notes |
|---|---|---|---|
| All community provided solutions |
|
Free Per Node (OMS) |
Requires your Log Analytics workspace to be linked to an Automation account |
The following tables show data collection methods and other details about how data is collected for Log Analytics management solutions and data sources. The tables are categorized by solution offers, which equate to subscription pricing tiers. The Activity Log Analytics solution is available to all pricing tiers free of charge.
The Log Analytics Windows agent and System Center Operations Manager agent are essentially the same. The Windows agent includes additional functionality to allow it to connect to the OMS workspace and route through a proxy. If you use an Operations Manager agent, it must be targeted as an OMS agent to communicate with OMS. Operations Manager agents in this table are OMS agents that are connected to Operations Manager. See Connect Operations Manager to Log Analytics for information about connecting your existing Operations Manager environment to OMS.
Note
The type of agent that you use determines how data is sent to OMS, with the following conditions:
- You either use the Windows agent or an Operations Manager-attached OMS agent.
- When Operations Manager is required, Operations Manager agent data for the solution is always sent to OMS using the Operations Manager management group. Additionally, when Operations Manager is required, only the Operations Manager agent is used by the solution.
- When Operations Manager is not required and the table shows that Operations Manager agent data is sent to OMS using the management group, then Operations Manager agent data is always sent to OMS using management groups. Windows agents bypass the management group and send their data directly to OMS.
- When Operations Manager agent data is not sent using a management group, then the data is sent directly to OMS—bypassing the management group.
| Management solution | Platform | Microsoft monitoring agent | Operations Manager agent | Azure storage | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|---|
| Activity Log Analytics | Azure | on notification | |||||
| AD Assessment | Windows | • | • | • | 7 days | ||
| AD Replication Status | Windows | • | • | • | 5 days | ||
| Agent Health | Windows and Linux | • | • | • | 1 minute | ||
| Alert Management (Nagios) | Linux | • | on arrival | ||||
| Alert Management (Zabbix) | Linux | • | 1 minute | ||||
| Alert Management (Operations Manager) | Windows | • | • | • | 3 minutes | ||
| Application Insights Connector (Preview) | Azure | on notification | |||||
| Azure Application Gateway Analytics | Azure | on notification | |||||
| Azure Network Security Group Analytics | Azure | on notification | |||||
| Azure SQL Analytics (Preview) | Windows | 10 minutes | |||||
| Capacity Management | Windows | • | • | • | on arrival | ||
| Containers | Windows and Linux | • | • | 3 minutes | |||
| Key Vault Analytics | Windows | on notification | |||||
| Network Performance Monitor | Windows | • | • | TCP handshakes every 5 seconds, data sent every 3 minutes | |||
| Office 365 Analytics (Preview) | Windows | on notification | |||||
| Service Fabric Analytics | Windows | • | 5 minutes | ||||
| Service Map | Windows and Linux | • | • | 15 seconds | |||
| SQL Assessment | Windows | • | • | • | 7 days | ||
| SurfaceHub | Windows | • | on arrival | ||||
| System Center Operations Manager Assessment (Preview) | Windows | • | • | • | seven days | ||
| Upgrade Analytics (Preview) | Windows | • | 2 days | ||||
| VMware Monitoring (Preview) | Linux | • | 3 minutes | ||||
| Wire Data | Windows (2012 R2 / 8.1 or later) | • | • | 1 minute |
| Management solution | Platform | Microsoft monitoring agent | Operations Manager agent | Azure storage | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|---|
| Automation Hybrid Worker | Windows | • | • | n/a | |||
| Change Tracking | Windows | • | • | • | hourly | ||
| Change Tracking | Linux | • | hourly | ||||
| Update Management | Windows | • | • | • | at least 2 times per day and 15 minutes after installing an update |
| Management solution | Platform | Microsoft monitoring agent | Operations Manager agent | Azure storage | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|---|
| Antimalware Assessment | Windows | • | • | • | hourly | ||
| Security and Audit1 | Windows and Linux | partial | partial | partial | partial | various |
1 The Security and Audit solution can collect logs from Windows, Operations Manager, and Linux agents. See Data sources for data collection information about:
- Syslog
- Windows security event logs
- Windows firewall logs
- Windows event logs
| Management solution | Platform | Microsoft monitoring agent | Operations Manager agent | Azure storage | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|---|
| Backup | Azure | n/a | |||||
| Azure Site Recovery | Azure | n/a |
| Data source | Platform | Microsoft monitoring agent | Operations Manager agent | Azure storage | Operations Manager required? | Operations Manager agent data sent via management group | Collection frequency |
|---|---|---|---|---|---|---|---|
| Azure Activity Logs | Windows | on notification | |||||
| Azure Diagnostic Logs | Windows | on notification | |||||
| Azure Diagnostic Metrics | Windows | on notification | |||||
| ETW | Windows | • | 5 minutes | ||||
| IIS Logs | Windows | • | • | • | 5 minutes | ||
| Performance Counters | Windows | • | • | as scheduled, minimum of 10 seconds | |||
| Performance Counters | Linux | • | as scheduled, minimum of 10 seconds | ||||
| Syslog | Linux | • | from Azure storage: 10 minutes; from agent: on arrival | ||||
| Windows security event logs | Windows | • | • | • | for Azure storage: 10 min; for the agent: on arrival | ||
| Windows firewall logs | Windows | • | • | on arrival | |||
| Windows event logs | Windows | • | • | • | • | for Azure storage: 10 min; for the agent: on arrival |
By running a service and following devops practices, we are able to partner with customers to develop features and solutions.
During private preview, we give a small group of customers access to an early implementation of the feature or solution to gain feedback and make improvements. This early implementation has minimal features and operational capabilities.
Our goal is to try things quickly so we can find what works, and what doesn’t work. We iterate through this process until the feedback from the private preview customers informs us that we’re ready for a public preview.
During the public preview, we make the feature or solution available for all users to get more feedback and validate our scaling and efficiency. During this phase:
- Preview features appear in the Settings tab and can be enabled by any user.
- Preview solutions are added through the gallery or using a script.
We’re excited about new features and management solutions and we love working with you to develop them.
Preview features and solutions aren’t right for everyone. Before asking to join a private preview or enabling a public preview, make sure you’re OK working with something that is under development.
When enabling a preview feature through the portal, you see a warning reminding you that the feature is in preview.
The following information applies to both public and private previews:
- Things may not always work correctly.
- Issues range from being a minor annoyance through to something not working at all.
- There is potential for the preview to have a negative impact on your systems / environment.
- We try to avoid negative things happening to the systems you’re using with OMS but sometimes unexpected things occur.
- Data loss / corruption may occur.
- We may ask you to collect diagnostic logs or other data to help troubleshoot issues.
- The feature or solution may be removed (either temporarily or permanently).
- Based on our learnings during the preview we may decide to not release the feature or solution.
- Previews may not work or may not have been tested with all configurations, and we may limit:
- The operating systems that can be used (for example, a feature may only apply to Linux while in preview).
- The type of agent (MMA, Operations Manager) that can be used (for example, a feature may not work with Operations Manager while in preview).
- Preview solutions and features are not covered by the Service Level Agreement.
- Usage of preview features incurs usage charges.
- Features or capabilities that you need for the feature / solution to be useful may be missing or incomplete.
- Features / solutions may not be available in all regions.
- Features / solutions may not be localized.
- Features / solutions may have a limit on the number of customers or devices that can use it.
- You may need to use scripts to perform configuration and to enable the solution/feature.
- The user interface (UI) is incomplete and may change from day to day.
- Public previews may not be appropriate for your production / critical systems.
In addition to the items above, the following information is specific to private previews:
- We expect you to provide us with feedback on your experience so that we can make the feature/solution better.
- We may contact you for feedback using surveys, phone calls, or e-mail.
- Things don't always work correctly.
- We may require a Non-Disclosure Agreement (NDA) for participation or may include confidential content.
- Before blogging, tweeting, or otherwise communicating with third parties, please check with the Program Manager that is responsible for the preview to understand any restrictions on disclosure.
- Do not run on production / critical systems.
We invite customers to private previews through several different ways depending on the preview.
- Answering the monthly customer survey and giving us permission to follow up with you improves your chances of being invited to a private preview.
- Your Microsoft account team can nominate you.
- You can sign up based on details posted on twitter msopsmgmt.
- You can sign up based on details shared community events – look for us at meet ups, conferences and in online communities.
- Search logs to view detailed information gathered by management solutions.