A tour of Operations Management Suite: What is Log Analytics?

One of the great things about cloud-based management is the speed with which we’re able to add features and enhance capabilities. At the same time, that can make it challenging to keep up with what’s possible. Starting this month, we’re kicking off a series that will give you a guided tour of Microsoft Operations Management Suite, providing you with more information on what’s already been built along with what’s coming.

We’re starting today with Log Analytics, which is the ability to take the diverse log data sets coming from your systems and turn them into a consumable resource. All that log data is invaluable, but the problem historically has been that it’s extraordinarily difficult to sift and filter through volumes of information to troubleshoot real problems.

To address this issue Operations Management Suite provides an interactive layer that enables you to work with the data without any coding or knowledge of complex schema. Working with existing Solution Packs from the integrated gallery, you can take advantage of pre-built rules and algorithms that perform initial analysis for critical scenarios like capacity planning, configuration intelligence and change tracking. But that’s just the starting point. Once you identify areas of interest, you can use flexible search capabilities to customize queries and do ad hoc analysis.

So what’s the advantage to doing all of this in the cloud? First of all, you aren’t creating a burden on your own systems to run the analysis. More importantly, you can get up and running with the solution quickly – our goal is that you should see concrete value in under 15 minutes. Since there’s nothing to deploy, you just need to connect to existing systems to pull in the data.

Operations Management Suite is designed to collect analyze machine data from a huge array of sources, regardless of volume, format, or location. That’s important, because the reality is that issues are not going to be limited to a single platform or a single area within a hybrid environment. You have to be able to look across on-premises infrastructure and public clouds, physical or virtual infrastructure. And Log Analytics gives you a single interface for consuming and correlating the data, covering both Linux and Windows Server.

One of the challenges with any broad data analytics solution is figuring out where you’re going to see value for your organization. Out of all the things that are possible, what does your business need? What we hear from customers is that the following areas all have the potential to deliver significant business value:

Assessing updates: An important part of the daily routine for any IT administrator is assessing systems update requirements and planning patches. Accurate scheduling is critical, as it directly relates to SLAs to the business and can seriously impact business functions. In the past, you had to schedule with only limited knowledge of how long the patching would take. Operations Management Suite collects data from all customers performing patches and uses that data to provide an average patching time for specific missing updates. This use of “crowd-sourced” data is unique to cloud systems, and is a great example of how Log Analytics can help meet strict SLAs.

Change tracking: Troubleshooting an operational incident is a complex process, requiring access to multiple data streams. With Operations Management Suite, you can easily perform analysis from multiple angles, using data from a wide variety of sources through a single interface for correlation of information. By tracking changes throughout the environment, Log Analytics helps to easily identify things like abnormal behavior from a specific account, users installing unapproved software, unexpected system reboots or shutdowns, evidence of security breaches, or specific problems in loosely coupled applications.

Detecting security breaches: Operations Management Suite gives you an efficient, scalable and secure way to collect and store security records. The robust search capabilities provide the ability to easily answer the question of who did what, when and on which devices. We’re also able to give you insights derived from our own hyper-scale datacenter operations. As we run customer-facing services like Azure, or XBOX Live, we collect information on attack patterns and malicious IP. This information can be mapped to customer logs, enabling more sophisticated analysis of potential security breaches.

Those are just a few of the things you can do with Log Analytics, but it should give you a sense of how access to flexible search and interactive queries can open up options for delivering real value. To learn more, you can read more here.

And come back next week to find out more about the latest features added to Log Analytics in the last three months.