Configuring the Activity Log to be Sent to a Log Analytics Workspace

To configure a Log Analytics Workspace as the destination for the Activity log of the target Azure subscription, do the following:

  1. Login to the Microsoft Azure Portal and select the Activity log option (see Figure 1).

Figure 1 : Selecting the Activity log option

  1. Figure 2 will then appear listing the log entries. Next, proceed to configure a diagnostic setting for sending the Activity log to a Log Analytics Workspace. For that, click on the Diagnostic settings button indicated by Figure 2.

    Figure 2 : Clicking on the Diagnostic settings button

  2. Figure 3 will then appear. From the Subscription drop-down in Figure 3, select the Azure subscription being monitored currently. The diagnostic settings that pre-exist for the chosen subscription will then appear. If any of the existing diagnostic settings have already been configured with Log Analytics Workspaces, then Figure 3 will display these workspace names and the diagnostic settings they map to. However, If the Log Analytics workspace column in Figure 3 is blank for all the existing diagnostic settings, it is a clear indication that the Activity log is yet to be configured to be sent to any Log Analytics Workspace. In this case therefore, you should create a new diagnostic setting for the target Subscription, where a Log Analytics Workspace is configured as the destination for the Activity log. To achieve this, click on the Add diagnostic setting button in Figure 3.

    Figure 3 : Clicking on the Add diagnostic setting button

  3. In Figure 4 that appears next, first specify the Diagnostic setting name. Then, select the Categories of events you want logged by clicking on the corresponding check boxes. To make sure that this test report valid values for all measures, select all the check boxes under Categories. Then, from the Destination details section, select Send to Log Analytics workspace.

    Figure 4 : Configuring a diagnostic setting for sending the Activity log to a Log Analytis Workspace

  4. Upon selecting this option, you will be required to select the Subscription for which this diagnostic setting applies and the Log Analytics workspace to which the Activity log has to be sent. Make sure that you select the Azure subscription being monitored from the Subscription drop-down.

  5. Finally, to save the configuration, click on the Save button in Figure 4.