Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: DefaultResourceGroup-EUS

Overview

The resource group named DefaultResourceGroup-EUS is designed for operational insights and analytics, primarily focusing on data collection and monitoring using Azure's Microsoft Operational Insights services. This resource group hosts a Log Analytics workspace and associated data collection rules that allow for the collection, analysis, and retention of telemetry and log data from various sources across Azure and on-premises environments. This setup enables effective monitoring, diagnostics, and performance tuning of applications and systems.

Resources

1. Log Analytics Workspace

  • Type: Microsoft.OperationalInsights/workspaces
  • Name: DefaultWorkspace-de62d23b-2ad9-4262-9fbe-d735cb07e9df-EUS
  • Location: East US
  • Settings:
    • Retention Period: 30 days for telemetry data.
    • SKU: perGB2018 - billing is based on the amount of data ingested.
    • Public Network Access for Ingestion and Query: Enabled.
    • Features: Log access can be enabled only through resource permissions.

2. Data Collection Rule

  • Type: Microsoft.Insights/dataCollectionRules
  • Name: MSVMI-DefaultWorkspace-de62d23b-2ad9-4262-9fbe-d735cb07e9df-EUS
  • Relationship: Depends on the Log Analytics workspace (DefaultWorkspace-de62d23b-2ad9-4262-9fbe-d735cb07e9df-EUS).
  • Settings:
    • Data Sources: Configuration for performance counters from virtual machines (VM) monitored through VM Insights.
    • Destinations: Logs are directed to Log Analytics under the workspace mentioned above.
    • Sampling Frequency: Performance metrics are collected every 60 seconds.

3. Saved Searches in Log Analytics

The workspace is populated with multiple saved search queries for various log types such as Event logs, Syslogs, and IIS logs. Each saved search is categorized and is predefined to gather specific data insights. Here are a few notable saved search names:

  • Event Management Searches: Various saved searches pertaining to general event logs, stale computers, and log management.
  • Syslog Management Searches: These saved searches direct attention to syslog data, providing insights into logs filtered by facilities or error occurrences.

Data Storage

Data in the DefaultResourceGroup-EUS resource group is primarily stored within the Log Analytics workspace. This workspace acts as a central repository for log and telemetry data. The retention settings for the data are configured to store logs for a period of 30 days, which can be adjusted based on operational needs. Metrics and logs are obtained from various Azure resources and possibly custom sources, making the data environment rich for analysis.

Networking

The resources in this resource group do not appear to be provisioned in a specific virtual network initially. All public network accesses are enabled for the workspace to receive data from external sources. However, when considering production scenarios, it is recommended to implement:

  • Private Endpoints: To ensure secure connectivity to data sources without exposing them over the public internet.
  • Network Security Groups (NSGs): To safeguard communication by controlling incoming and outgoing traffic for Azure resources.

Security Overview

  • Data Storage Security: With public network access enabled, there is a risk of exposure unless secured via firewall rules and proper authentication mechanisms. It's advisable to enforce role-based access policies and use private endpoints for critical services.
  • Log Data Security: Ensure that all logs collected are adequately protected and monitored for unusual access patterns. Retention periods should be configured in accordance with compliance requirements while ensuring sensitive information is not retained longer than necessary.

Other Information

  • Cost Management: Monitor usage and retention policies to manage costs effectively since the operation of Log Analytics workspaces can incur significant expenditures based on the volume of data ingested.
  • Scalability: The architecture is scalable; more data collection rules can be added as necessary to expand monitoring capabilities across different Azure resources.
  • Recommendations for Operations: Regularly review saved queries and performance counters to optimize data collection. Scheduled evaluations can ensure that only necessary data is retained, thereby managing storage costs and performance.

This documentation provides a comprehensive overview of the ARM template setup and can be a useful reference for managing the resources under this resource group effectively.

Note: This document was generated using the Azure Assistants script and an LLM

Table of Contents

Updated on October 29, 2024