click new, type OMS and click on Log Analytics (OMS)
Click on create
1. define your OMS workspace name, select subscription id, resource group, region and location, click create.
Once you have provisioned OMS, go ahead and launch OMS.
To launch OMS from the Portal:
Browse: OMS, Log Analytics (OMS)
The blade will launch, you should see something similar to the following, click on Get started (Quick Start)
You will need to configure your data sources as well as where you will store your data
Starting with Azure Virtual Machines, you will be provided with a list of your existing VMs, to enable OMS, simply click on each VM and click connect.
After you have enabled your azure datasources, select an existing storage account or create new storage account, also select the data types you will want to collect (you can modify this list later) for now, I suggest you enable Events only.
For on-premises systems or systems that are hosted with other cloud providers you can download the OMS Direct Agent. Instructions here
MMASetup-AMD64.exe /Q:A /R:N /C:"setup.exe /qn ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=<your workspace id> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1"
When you are done with your initial settings, login to the OMS Portal
Enable solutions for your log data, think of these as intelligence packs.
For this example, enable Security and Audit, feel free to enable more solutions.
It will take a bit of time for log data to be initialized, the following screen shows what happens when I try to pass a bad login via RDP.