Share via


Microsoft.OperationalInsights workspaces 2020-03-01-preview

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Bicep resource definition

The workspaces resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.OperationalInsights/workspaces resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.OperationalInsights/workspaces@2020-03-01-preview' = {
  scope: resourceSymbolicName or scope
  eTag: 'string'
  location: 'string'
  name: 'string'
  properties: {
    provisioningState: 'string'
    publicNetworkAccessForIngestion: 'string'
    publicNetworkAccessForQuery: 'string'
    retentionInDays: int
    sku: {
      capacityReservationLevel: int
      name: 'string'
    }
    workspaceCapping: {
      dailyQuotaGb: int
    }
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.OperationalInsights/workspaces

Name Description Value
eTag The ETag of the workspace. string
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 4
Max length = 63
Pattern = ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$ (required)
properties Workspace properties. WorkspaceProperties
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.
tags Resource tags Dictionary of tag names and values. See Tags in templates

TrackedResourceTags

Name Description Value

WorkspaceCapping

Name Description Value
dailyQuotaGb The workspace daily quota for ingestion. -1 means unlimited. int

WorkspaceProperties

Name Description Value
provisioningState The provisioning state of the workspace. 'Canceled'
'Creating'
'Deleting'
'Failed'
'ProvisioningAccount'
'Succeeded'
'Updating'
publicNetworkAccessForIngestion The network access type for accessing Log Analytics ingestion. 'Disabled'
'Enabled'
publicNetworkAccessForQuery The network access type for accessing Log Analytics query. 'Disabled'
'Enabled'
retentionInDays The workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus. int

Constraints:
Min value = -1
Max value = 730
sku The SKU of the workspace. WorkspaceSku
workspaceCapping The daily volume cap for ingestion. WorkspaceCapping

WorkspaceSku

Name Description Value
capacityReservationLevel The capacity reservation level for this workspace, when CapacityReservation sku is selected. int
name The name of the SKU. 'CapacityReservation'
'Free'
'PerGB2018'
'PerNode'
'Premium'
'Standalone'
'Standard' (required)

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Log Analytics Workspace AVM Resource Module for Log Analytics Workspace

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
AKS Cluster with a NAT Gateway and an Application Gateway This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with internal API Management and Web App Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Azure AI Foundry Network Restricted This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure Function app and an HTTP-triggered function This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key.
Azure Function App with Event Hub and Managed Identity his template provisions an Azure Function app on a Linux Consumption plan, along with an Event Hub, Azure Storage, and Application Insights. The function app is able to use managed identity to connect to the Event Hub and Storage account
Azure Machine Learning end-to-end secure setup This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure SQL Server with Auditing written to Log Analytics This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Log Analytics (OMS workspace)
Create a function app in the Flex Consumption plan Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration.
Create a Private AKS Cluster This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create Recovery Services Vault and Enable Diagnostics This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Creates a Container App and Environment with Registry Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET Creates an internal Container App environment with a VNET.
Deploy a simple Azure Spring Apps microservice application This template deploys a simple Azure Spring Apps microservice application to run on Azure.
Deploy an AZ enabled Azure Function Premium plan This template allows you to deploy an Azure Function Premium plan with availability zones support, including an availability zones enabled storage account.
Deploy an Azure Function Premium plan with vnet integration This template allows you to deploy an Azure Function Premium plan with regional virtual network integration enabled to a newly created virtual network.
Deploy Application Insight and create alert in it This template allows you to deploy Application Insight and create alert in it
Deploy Secure AI Foundry with a managed virtual network This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
Enable Microsoft Sentinel Enable Microsoft Sentinel, a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Front Door Premium with WAF and Microsoft-managed rule sets This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium with WAF and custom rule This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Log Analytics workspace with solutions and data sources Deploys a Log Analytics workspace with specified solutions and data sources
Log Analytics workspace with VM Insights, Container Insights Deploys a Log Analytics workspace with VM Insights, Container Insights solutions and diagnostics.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Web App w/ Application Insights sending to Log Analytics This template will is to help support the new API versions of microsoft.insights/components. Starting with 2020-02-02-preview WorkspaceID will be required when creating Application Inisghts.This template will deploy the App Service Plan, App Service, Application Insights, Log Analytics Workspace and hook it all together.

ARM template resource definition

The workspaces resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.OperationalInsights/workspaces resource, add the following JSON to your template.

{
  "type": "Microsoft.OperationalInsights/workspaces",
  "apiVersion": "2020-03-01-preview",
  "name": "string",
  "eTag": "string",
  "location": "string",
  "properties": {
    "provisioningState": "string",
    "publicNetworkAccessForIngestion": "string",
    "publicNetworkAccessForQuery": "string",
    "retentionInDays": "int",
    "sku": {
      "capacityReservationLevel": "int",
      "name": "string"
    },
    "workspaceCapping": {
      "dailyQuotaGb": "int"
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.OperationalInsights/workspaces

Name Description Value
apiVersion The api version '2020-03-01-preview'
eTag The ETag of the workspace. string
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 4
Max length = 63
Pattern = ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$ (required)
properties Workspace properties. WorkspaceProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.OperationalInsights/workspaces'

TrackedResourceTags

Name Description Value

WorkspaceCapping

Name Description Value
dailyQuotaGb The workspace daily quota for ingestion. -1 means unlimited. int

WorkspaceProperties

Name Description Value
provisioningState The provisioning state of the workspace. 'Canceled'
'Creating'
'Deleting'
'Failed'
'ProvisioningAccount'
'Succeeded'
'Updating'
publicNetworkAccessForIngestion The network access type for accessing Log Analytics ingestion. 'Disabled'
'Enabled'
publicNetworkAccessForQuery The network access type for accessing Log Analytics query. 'Disabled'
'Enabled'
retentionInDays The workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus. int

Constraints:
Min value = -1
Max value = 730
sku The SKU of the workspace. WorkspaceSku
workspaceCapping The daily volume cap for ingestion. WorkspaceCapping

WorkspaceSku

Name Description Value
capacityReservationLevel The capacity reservation level for this workspace, when CapacityReservation sku is selected. int
name The name of the SKU. 'CapacityReservation'
'Free'
'PerGB2018'
'PerNode'
'Premium'
'Standalone'
'Standard' (required)

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Add an existing storage account to OMS

Deploy to Azure
This template adds a storage account into OMS Log Analytics and select multiple tables for ingestion.
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.
Azure AI Foundry Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Foundry with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted

Deploy to Azure
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure Function app and an HTTP-triggered function

Deploy to Azure
This example deploys an Azure Function app and an HTTP-triggered function inline in the template. It also deploys a Key Vault and populates a secret with the function app's host key.
Azure Function App with Event Hub and Managed Identity

Deploy to Azure
his template provisions an Azure Function app on a Linux Consumption plan, along with an Event Hub, Azure Storage, and Application Insights. The function app is able to use managed identity to connect to the Event Hub and Storage account
Azure Machine Learning end-to-end secure setup

Deploy to Azure
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Network Security Group Analytics

Deploy to Azure
Azure Network Security Group Analytics with Azure Log Analytics (OMS)
Azure SQL Server with Auditing written to Log Analytics

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Log Analytics (OMS workspace)
Azure Web App Monitoring

Deploy to Azure
Azure Web Apps Monitoring with Azure Log Analytics (OMS)
BrowserBox Azure Edition

Deploy to Azure
This template deploys BrowserBox on an Azure Ubuntu Server 22.04 LTS, Debian 11, or RHEL 8.7 LVM VM.
CI/CD using Jenkins on Azure Virtual Machine Scale Sets

Deploy to Azure
This is a CI/CD sample using Jenkins and Terraform on Azure Virtual Machine Scale Sets
Connect to a Event Hubs namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Event Hubs namespace via a private endpoint.
Connect to a Key Vault via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access Key Vault via private endpoint.
Connect to a Service Bus namespace via private endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access a Service Bus namespace via private endpoint.
Connect to a storage account from a VM via private endpoint

Deploy to Azure
This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.
Connect to an Azure File Share via a Private Endpoint

Deploy to Azure
This sample shows how to use configure a virtual network and private DNS zone to access an Azure File Share via a private endpoint.
Create a function app in the Flex Consumption plan

Deploy to Azure
Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration.
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create and monitor API Management instance

Deploy to Azure
This template creates an instance of Azure API Management service and Log Analytics workspace and sets up monitoring for your API Management service with Log Analytics
Create Azure Automation account

Deploy to Azure
This template provides an example of how create an Azure Automation account and links it to a new or existing Azure Monitor Log Analytics workspace.
Create Azure Front Door in front of Azure API Management

Deploy to Azure
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management.
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create SQL MI with configured sending of logs and metrics

Deploy to Azure
This template allows you to deploy SQL MI and additional resources used for storing logs and metrics (diagnostic workspace, storage account, event hub).
Creates a Container App and Environment with Registry

Deploy to Azure
Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs.
Creates a Container App with a defined HTTP scaling rule

Deploy to Azure
Create a Container App Environment with a basic Container App that scales based on HTTP traffic.
Creates a Container App within a Container App Environment

Deploy to Azure
Create a Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Creates a two Container App with a Container App Environment

Deploy to Azure
Create a two Container App Environment with a basic Container App. It also deploys a Log Analytics Workspace to store logs.
Creates an external Container App environment with a VNET

Deploy to Azure
Creates an external Container App environment with a VNET.
Creates an internal Container App environment with a VNET

Deploy to Azure
Creates an internal Container App environment with a VNET.
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
Deploy an AZ enabled Azure Function Premium plan

Deploy to Azure
This template allows you to deploy an Azure Function Premium plan with availability zones support, including an availability zones enabled storage account.
Deploy an Azure Function Premium plan with vnet integration

Deploy to Azure
This template allows you to deploy an Azure Function Premium plan with regional virtual network integration enabled to a newly created virtual network.
Deploy Application Insight and create alert in it

Deploy to Azure
This template allows you to deploy Application Insight and create alert in it
Deploy Darktrace Autoscaling vSensors

Deploy to Azure
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy Secure AI Foundry with a managed virtual network

Deploy to Azure
This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.
Deploy Solace PubSub+ message broker onto Azure Linux VM(s)

Deploy to Azure
This template allows you to deploy either a standalone Solace PubSub+ message broker or a three node High Availability cluster of Solace PubSub+ message brokers onto Azure Linux VM(s).
Enable Microsoft Sentinel

Deploy to Azure
Enable Microsoft Sentinel, a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
Front Door Premium with WAF and Microsoft-managed rule sets

Deploy to Azure
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium with WAF and custom rule

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Log Analytics based Monitoring solution for Azure Backup

Deploy to Azure
Azure backup solution using Log Analytics
Log Analytics workspace with solutions and data sources

Deploy to Azure
Deploys a Log Analytics workspace with specified solutions and data sources
Log Analytics workspace with VM Insights, Container Insights

Deploy to Azure
Deploys a Log Analytics workspace with VM Insights, Container Insights solutions and diagnostics.
OMS - Azure Resource Usage Solution

Deploy to Azure
Solution brings billing infortmation about Azure Resources into OMS. Cost of resources can be displayed in different currency and locale.
OMS - Azure VM Inventory Solution

Deploy to Azure
Enables Azure VM Inventory Solution in OMS. Solution collects Azure VM inventory along with disks, networking components, NSG rules and extensions into OMS workspace.
OMS Active Directory Security Audit Solution

Deploy to Azure
Active Directory Security Audit Solution
OMS ASR Solution

Deploy to Azure
Enables the ASR (v2) Solution in OMS
OMS Automation solution

Deploy to Azure
Azure Automation solution for OMS
OMS Kemp Application Delivery

Deploy to Azure
Kemp Application Delivery solution for OMS
OMS SCOM ACS Solution

Deploy to Azure
Adds the SCOM ACS custom Solution into an OMS Workspace
OMS Service Bus Solution

Deploy to Azure
Monitors Azure Service Bus instances
OMS Solution - Hyper-V Replica

Deploy to Azure
A template for creating an OMS solution to monitor Hyper-V replica.
OMS VMM Analytics

Deploy to Azure
Provides a single view of the jobs' status across multiple VMM instances that helps you gain insight about the health & performance of these jobs.
S2D Management Solution

Deploy to Azure
Enables monitoring of S2D clusters with OMS.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Web App w/ Application Insights sending to Log Analytics

Deploy to Azure
This template will is to help support the new API versions of microsoft.insights/components. Starting with 2020-02-02-preview WorkspaceID will be required when creating Application Inisghts.This template will deploy the App Service Plan, App Service, Application Insights, Log Analytics Workspace and hook it all together.

Terraform (AzAPI provider) resource definition

The workspaces resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.OperationalInsights/workspaces resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.OperationalInsights/workspaces@2020-03-01-preview"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    eTag = "string"
    properties = {
      provisioningState = "string"
      publicNetworkAccessForIngestion = "string"
      publicNetworkAccessForQuery = "string"
      retentionInDays = int
      sku = {
        capacityReservationLevel = int
        name = "string"
      }
      workspaceCapping = {
        dailyQuotaGb = int
      }
    }
  }
}

Property Values

Microsoft.OperationalInsights/workspaces

Name Description Value
eTag The ETag of the workspace. string
location The geo-location where the resource lives string (required)
name The resource name string

Constraints:
Min length = 4
Max length = 63
Pattern = ^[A-Za-z0-9][A-Za-z0-9-]+[A-Za-z0-9]$ (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Workspace properties. WorkspaceProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.OperationalInsights/workspaces@2020-03-01-preview"

TrackedResourceTags

Name Description Value

WorkspaceCapping

Name Description Value
dailyQuotaGb The workspace daily quota for ingestion. -1 means unlimited. int

WorkspaceProperties

Name Description Value
provisioningState The provisioning state of the workspace. 'Canceled'
'Creating'
'Deleting'
'Failed'
'ProvisioningAccount'
'Succeeded'
'Updating'
publicNetworkAccessForIngestion The network access type for accessing Log Analytics ingestion. 'Disabled'
'Enabled'
publicNetworkAccessForQuery The network access type for accessing Log Analytics query. 'Disabled'
'Enabled'
retentionInDays The workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus. int

Constraints:
Min value = -1
Max value = 730
sku The SKU of the workspace. WorkspaceSku
workspaceCapping The daily volume cap for ingestion. WorkspaceCapping

WorkspaceSku

Name Description Value
capacityReservationLevel The capacity reservation level for this workspace, when CapacityReservation sku is selected. int
name The name of the SKU. 'CapacityReservation'
'Free'
'PerGB2018'
'PerNode'
'Premium'
'Standalone'
'Standard' (required)

Usage Examples

Terraform Samples

A basic example of deploying Log Analytics (formally Operational Insights) Workspace.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "workspace" {
  type      = "Microsoft.OperationalInsights/workspaces@2022-10-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      features = {
        disableLocalAuth                            = false
        enableLogAccessUsingOnlyResourcePermissions = true
      }
      publicNetworkAccessForIngestion = "Enabled"
      publicNetworkAccessForQuery     = "Enabled"
      retentionInDays                 = 30
      sku = {
        name = "PerGB2018"
      }
      workspaceCapping = {
        dailyQuotaGb = -1
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Log Analytics workspace AVM Resource Module for Log Analytics workspace