News

Azure Monitor Gets Log Analytics Data Export Capability

• By Kurt Mackie
• 02/24/2022

Microsoft this week announced that a data export capability for Log Analytics in Azure Monitor is now commercially released, having reached at the "general availability" (GA) stage.

Log Analytics is a tool in the Azure Portal for writing and testing log queries. Azure Monitor is the solution that actually collects the information from applications and services running either "on premises" or in the "cloud." The new Log Analytics data export capability of Azure Monitor, now at GA, lets organizations send this log data not just to the Log Analytics workspace, but also to a storage account or Event Hubs.

Moreover, the log data can be continuously streamed from Log Analytics tables to a storage account or to Event Hubs if Microsoft has enabled streaming support for those table types.

Here's Microsoft's illustration of the Log Analytics data export capability of Azure Monitor, now at GA:

Organizations may want to export data outside the Log Analytics workspace to use with "security information and event management" tools, where an export to Event Hubs might be used. The exported data also can be used with other data sources via Azure Synapse and "Azure Data Lake Gen2" services, the announcement indicated.

Billing for the Log Analytics data export feature "isn't enabled yet," the announcement indicated. However, pricing is already listed. It'll cost $0.123 per GB of exported data per the Azure Monitor Pricing page.

New Log Storage Plans
Microsoft is also enabling long-term storage of the log data, which can be used for compliance purposes or to investigate attacks.

This week, Microsoft previewed two new log storage plans for use with a security information and event management solution like Microsoft Sentinel. Microsoft now has a low-cost "Basic Log" storage option, plus an "Archived Log" option for data storage of up to seven years.

Microsoft is generally bolstering its various tools, including Microsoft Sentinel, to run queries across Microsoft's various log data storage options, according to Sarah Fender, U.S. product management lead for Microsoft Sentinel, in the announcement.

"Our vision is to unify search across all security data stores, bringing together existing query support for Azure Data Explorer and searching across Azure Data Lake, as well as a broad set of data stores, including multi-cloud," Fender indicated.

Azure Monitor as Log Source
Microsoft added the Log Analytics data export capability and the two new log storage plans to address customer needs, with the aim of "making Azure Monitor the one stop shop for all logging needs" in conjunction with Microsoft Sentinel, according to this Microsoft announcement by Meir Mendelovich.

Mendelovich noted that Microsoft now has a new Search Jobs tool in Azure Monitor, currently at the preview stage. It can "query Petabytes of data." Organizations might use Search Jobs when running multiple queries on a large volume of data. It uses parallel processing and "can run for hours across extremely large datasets," Microsoft indicated. Search Jobs delivers its results via a Log Analytics table.