Azure Log Analytics- Data Retention

6 MIN READ

Log analytics retention plays a critical role in enabling businesses to make data-driven decisions regarding application health. By storing and analyzing historical logs, organizations can gain valuable insights into application performance, identify potential issues, and proactively address them.

Microsoft Azure offers a comprehensive log management solution called Azure Log Analytics. This service centralizes log data from diverse sources within Azure environment, empowering to analyze and interpret this data using a powerful query language.

Steps for Changing Azure Log Analytics Retention Period

What is Azure Log Analytics?

The Azure Log Analytics tool is used to edit and run the log queries. This tool analyzes the result of the data which is gathered by Azure Monitor logs. Log Analytics queries let you find trends, identify patterns, and extract a variety of operational insights from your data by retrieving records that meet specific criteria.

What is Azure Log Analytics Workspace?

Log Analytics Workspace is a dedicated container of the Azure environment. It is primarily designed for storing log data from Azure Monitor and other Azure services. Microsoft Sentinel and Defender for Cloud are examples of Azure services. As each workspace has its own configuration and data repository from several services can be combined.
In essence, Azure Log Analytics is the service that powers log management, while the Azure Log Analytics Workspace functions as the dedicated storage and analysis environment for your log data.

Log Analytics Retention Period: Optimizing Storage for Your Needs

The concept of Log Analytics retention period refers to the duration for which data is stored within your Log Analytics Workspace. This timeframe plays a crucial role in balancing cost-efficiency and data availability for effective application monitoring. Typically Azure Log Analytics
Retention Period is up to 90 days. However, it can be extended and customized. The cost of Log Analytics depends on the pricing tier, data retention, and solution requirements.
When you adjust or decrease the log analytics retention setting in Azure Monitor, the data will be stored for 30 days before it is completely deleted. It allows users to undo the changes and prevent data loss due to configuration errors. However, if it is necessary, the data can be deleted immediately. Likewise, if the user increases the log analytics retention setting, it will apply to all existing data in the table that has not been deleted yet.
When archive settings are modified the data and pertinent data stored in the table will be affected immediately. Through the Azure portal, you can configure a Log Analytics workspace’s default retention duration to anywhere between 30 and 730 days.
It’s important to distinguish between retention and archive settings. While retention determines how long data is stored within the workspace, archive settings define how long data is accessible for querying after it’s purged from the primary storage. Any modifications to archive settings take effect immediately for the affected data tables. To change the data retention term, you must upgrade to the premium tier.

Here are the steps for the Log Analytics Retention Period:

Step 1: Log into the Azure Portal.

Step 2: Navigate to Log Analytics Workspace (select your workspace).

Step 3: Under General>> Click Usage and Estimated Costs.
Click Usage and estimated costs
Step 4: Under usage and estimated cost select data retention.
Under usage and estimated cost select data retention
Data retention by default is set as 30 days you can change it according to your need.
Set Data retention
Note: Insight data types are retained for 90 days by default, using workspace retention if they are over 90 days old.
Step 5: Click OK to save your changes.
If you want to set the different retention period table, then follow the below steps.
A list of important factors to consider when retaining data.
Changing the retention at the workspace level will change the table retention any longer on the one previously modified for this, you will need to use some simple ARM commands.
  1. To continue we need to know the resource id first to retrieve the Log Analytics workspace resource id.
  2. To get that id navigate to resource explorer.
  3. Under resource explorer.
  4. Select your subscription and then select the resource group.
Select your subscription and then select the resource group
Step 6: Once you get the resource explorer click on subscription and then navigate all the resources till the one you want to operate on.
Once you get the resource explorer click on subscription and then navigate all the resources
Step 7: Now that we have the workspace resource-id, you just need to add the table name and API information to run the necessary command.
By running the GET command throughARMClient, passing the resource id

ARMClient.exe get “/subscriptions/9df78e42-893b-4152-b04ff80674a99c67/resourceGroups/SmartAppsCOM-rg/ providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/Tables/AzureDiagnostics?api-version=2017-04-26-preview”

Now that we have the workspace resource-id, you just need to add the table name and API information to run the necessary command.
add the table name and API information
Step 8: Now when we get the retention period we can set the retention according to our need by below the ARM command.
ARMClient.exe put “/subscriptions/9df78e42-893b-4152-b04f-f80674a99c67/ resourceGroups/SmartAppsCOM-rg/providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/tables/InsightsMetrics?api-version=2017-04-26-preview” “{‘properties’:{‘retentionInDays’:7}}”
get the retention period

Step 9: But if you want to set it back. You can use a null value. Use below command

ARMClient.exeput”/subscriptions/9df78e42-893b-4152-b04f-f80674a99c67/resourceGroups/SmartAppsCOM-rg/providers/Microsoft.OperationalInsights/workspaces/sa-production-loganalytics/Tables/InsightsMetrics?api-version=2017-04-26-preview” “{‘properties’:{‘retentionInDays’:null}}”

We are done with the retention period.

Optimizing Log Analytics Retention for Cost-Effective Monitoring

Optimizing Log Analytics retention in Azure is crucial for effective data management and cost control. The balance between cost-efficiency and data availability empowers businesses to make informed decisions regarding application health. Organizations can even customize their data retention strategies to meet specific requirements by changing retention settings at both the workspace and table levels. This ensures that valuable insights are retained while minimizing unnecessary storage costs.
If your business struggling with Log Analytics retention and seeking a log management solution. Then you’ve come to the right place. For all you need, seasoned engineers at MoreYeahs provide Microsoft Azure Consulting Services and help you meet the highest standards of performance.
Let’s Connect.

FAQ

If you want to change the default retention policy in Log Analytics Workspace here are the steps:
  • • Select your workspace in the Azure Portal
  • • Go to General Settings
  • • Modify the data retention duration to suit your needs
The default retention policy for log analytics workspace is usually 30 days. However, it can be altered and expanded as per the unique requirements.
The default retention policy for log analytics workspace is usually 30 days. However, it can be altered and expanded as per the unique requirements.
Log retention is essential for compliance, auditing, troubleshooting, and historical analysis purposes. It makes sure that log data are kept for the specified time which helps businesses meet regulatory requirements and gather insights about system behavior over time.
Depending on the log source and configuration the default log retention hours can be changed. Logs are typically stored for 720 hours however; this can be changed as per the requirement to meet Azure Log Analytics Retention Time.
Must Read the Other Articles on Azure:

Contact Us




    «
    »