Skip to content

Workbook Usage

Jump to bottom
Clive Watson edited this page Nov 10, 2020 · 2 revisions

Summary

Use this report to analyse the all the different tables and Latency in your workspace and agents, show costs and areas for optimisation. This report checks the overall workspace Usage.

Workbook Tabs, explained:

Workspace Info

Placeholder

Latency

Placeholder

Cost Analysis

Workspace

Do you know which Computers or Tables are sending the most data, maybe you have some EventIDs to look at, what would happen if you resolved some of these issues?

On the left in the screenshot you see the Top resources sending data into the Workspace, the Table its going to and the trend over the selected Time Period (60days in the example). Is the resource setup correctly, do you have a tuning opportunity? This is a good check to see if perhaps one Server is sending more data that another similar one, or maybe you have too much traffic from one country compared to another?

On the right of the screenshot there are the Top EventIDs. This I am often told is a very helpful insight. Maybe if you resolved the "4624" you could save 20GiB of ingestion? In fact, in this case, I'm looking at the past 60days, at 30days, the number drops to 3.3GiB - so something good has happened in the past 30days to reduce this!

I show two more views here (see screenshot); in the first you see a Table and Computer view + the EventID (if applicable).

The "GiB used by Computers" view, lets you see details 'per computer' showing how much data a computer is sending, both Billable or Free data.

Azure Security Center

I look at two parts of Azure Security Center, which can also use a Log Analytics Workspace. https://lnkd.in/diwruYx

The licence includes "Included data - 500 MB/day" so its important to work out what you have used or are using. I show this in two places on the Cost Analysis tab.

Average GiB per day

The first report, lists the average GiB per today for your workspace, then how much has been sent by the attached Computers monitored by Azure Defender. In my example 7 computers have sent 0.2GiB, but could have sent 3.6GB before overage.

ASC, Usage Reports

These next two reports break the summary above down in two useful ways, the first bar chart showing the Top 10 consuming Computers. Then an extra bar chart that shows how much every Server has sent per day vs. what they are allowed to send as part of the allocation (500MB * ).

Azure Sentinel

Placeholder

Regular Checks

Placeholder

Clone this wiki locally