Azure Log Analytics storage cost can be complex, but understanding the basics is key to making informed decisions about your budget.
The cost of Azure Log Analytics storage is based on the amount of data stored, with a minimum storage capacity of 1 GB.
You can store up to 30 days of data for free, but after that, you'll be charged for the excess.
To avoid unexpected costs, it's essential to regularly review and delete unnecessary data.
A different take: What Is the Data Storage in Azure Called
Cost Structure
Azure Log Analytics storage cost is primarily broken down into two main categories: Data Ingestion and Data Retention period. Data Ingestion is the cost of storing and processing log data, which can be further split into Resource Group, Resource Name, and Log Type.
Data Ingestion costs are calculated by multiplying the ingested data value by the cost per gigabyte, which is set at £2.28. You can adjust this value to match your own pricing. Data Ingestion costs can be optimized by capturing only the logs that are important for your monitoring purpose, and turning off unnecessary logs.
Data Retention period is the cost of storing log data for a specified period of time. The cost of Data Retention period depends on the type of data and the retention period. You can configure data retention policies to keep data only as long as necessary and use archived logs for long-term retention to reduce costs.
Here is a breakdown of the costs associated with Data Ingestion:
- Data Ingestion: £2.28 per GB
- Commitment Tiers: offer lower rates compared to pay-as-you-go pricing
- Data Retention Policies: configure data retention policies to keep data only as long as necessary
Introduction
In order to understand the cost structure of Azure Log Analytics, we need to consider the three main ways you're billed for it: Data Ingestion, Data Retention period, and Data export.
Data Ingestion is a significant factor in your Azure Log Analytics cost, and it's essential to capture only the logs that are important for your monitoring purposes.
The cheapest region to create and store your log analytics workspace can also make a substantial difference in your costs.
Purging old logs that are no longer needed is another crucial step in reducing your Azure billing cost.
Here are the three main areas to focus on when optimizing your Azure Log Analytics cost:
- Data Ingestion
- Data Retention period
- Data export
Optimizing these areas can help you save money in using Azure Monitor effectively.
Commitment Tiers
Commitment Tiers offer a predictable total cost for Microsoft Sentinel, enabling a discount on the cost compared to Pay-As-You-Go pricing.
You can choose from various commitment tiers, each with a different daily data volume and corresponding price. For example, the 100 GB per day tier costs $- per day, while the 200 GB per day tier costs $- per day. The prices for each tier are listed in the table below:
You can opt out of the commitment tier at any time after the first 31 days, but keep in mind that data ingested into Microsoft Sentinel exceeding the selected daily commitment tier is charged at the effective tier prices listed above.
Pay-As-You-Go Model
The pay-as-you-go model is a pricing structure used by Azure Monitor for log analytics storage cost. You are billed per GB of log data ingested inside the Azure log analytics workspace.
In the pay-as-you-go model, you get 5 GB of free data ingestion per billing month. After that, you are charged $4.03 per GB.
This pricing applies to the EAST ASIA region only, so be sure to check the pricing for your specific region.
Data Management
Data retention is a crucial aspect of Azure Log Analytics storage cost. Data retained beyond the first 31 days will be charged at $0.18 per GB per month.
If you have enabled Azure Sentinel, your workspace can retain data free of cost for up to 90 days. This is a significant cost-saving opportunity, especially for organizations with large data volumes.
To optimize data retention, consider configuring data retention policies to keep data only as long as necessary. This will help reduce costs and ensure that only relevant data is stored.
Here are some key considerations for data retention:
Ingestion Costs
In Azure Monitor Log Analytics, data ingestion costs are a significant factor in overall expenses. You can summarize data ingestion by Resource ID over the last 30 days, but you can adjust the time period as required.
The cost of data ingestion is calculated by multiplying the ingested data value by the cost per gigabyte, which is set at £2.28. However, this value can be adjusted to match your own pricing.
To optimize Azure Log Analytics Workspace Cost, you need to optimize three main activities: data ingestion, data retention period, and data export. Here are some key takeaways to lower down log analytics cost:
- Capture only the logs which are important for your monitoring purpose.
- Choose the cheapest region to create and store your log analytics workspace.
- Purge the logs which are quite old and not needed in future.
- Opt for Azure Commitment Tier if you have very high volume of log ingestion.
- Filter log data before exporting it to reduce costs.
Azure Monitor Log Analytics pricing offers flexible and cost-saving options for log data ingestion and analysis. There are two primary plans: Basic Logs and Analytic Logs. Basic Logs offer low-cost search capabilities for troubleshooting, while Analytic Logs support advanced analytics.
Pricing for Basic Logs is $0.615 per GB ingested, compared to $2.76 per GB ingested for Analytics tables. Querying the data in a basic table costs $0.007 per GB of data scanned.
Cost Optimization
Cost Optimization is a crucial aspect of Azure Log Analytics storage cost management. You can significantly reduce your costs by optimizing data ingestion, retention, and export.
To start, consider capturing only the logs that are important for your monitoring purpose. This can save you money on data ingestion costs. You may not need to collect all logs, especially if you're using web app services and can turn off platform logs and Azure resource level logs.
Choosing the cheapest region to create and store your log analytics workspace is another cost-saving strategy. This can make a big difference, especially if you're collecting a large volume of logs.
Purging logs that are quite old and not needed in the future is also essential. This can help you avoid unnecessary data retention costs. In fact, Azure Log Analytics workspace data retained beyond the first 31 days will be charged at $0.18 per GB per month.
If you have a high volume of log ingestion, opting for Azure commitment tier can be a good idea. This can help you save money on data ingestion costs.
Here are some key takeaways to help you optimize your Azure Log Analytics storage cost:
- Capture only the logs that are important for your monitoring purpose.
- Choose the cheapest region to create and store your log analytics workspace.
- Purge logs that are quite old and not needed in the future.
- Opt for Azure commitment tier if you have a high volume of log ingestion.
- Filter and export only relevant log data.
Remember, cost optimization is an ongoing process that requires regular review and adjustment of your data collection and retention policies. By following these best practices, you can keep your Azure budget under control and ensure the optimal use of Azure Monitor Logs.
Purchasing and Benefits
You can purchase Azure Log Analytics Storage in a variety of ways, including as a standalone service or as part of an existing Azure subscription.
The cost of Azure Log Analytics Storage depends on the amount of data you store, with a free tier available for up to 30 days of data retention.
With Azure Log Analytics Storage, you can take advantage of features like automatic data compression and encryption, which can help reduce costs and improve data security.
Benefit for E5, A5, F5 and G5 Customers
If you're an E5, A5, F5, or G5 customer, you're in luck. Microsoft Sentinel offers a data grant of up to 5 MB per user/day to ingest Microsoft 365 data.
Azure Active Directory (Azure AD) sign-in and audit logs are included in this data grant. Microsoft Defender for Cloud Apps shadow IT discovery logs are also part of the offer.
Microsoft Information Protection logs are another valuable resource included in the data grant. Microsoft 365 advanced hunting data is also available.
The data sources included in this offer are quite comprehensive, making it easier to get started with Microsoft Sentinel.
Benefit for Defender Server Customers
Microsoft Sentinel offers a significant benefit to customers who have Defender for Server Plan 2 enabled. They get 500 MB per VM per day of free data ingestion specifically for security data types collected by Defender for Cloud.
This allowance applies to a range of security data types, including SecurityAlert, SecurityBaseline, SecurityEvent, and WindowsFirewall, among others.
Here are the specific security data types that are included in the allowance:
- SecurityAlert
- SecurityBaseline
- SecurityBaselineSummary
- SecurityDetection
- SecurityEvent
- WindowsFirewall
- SysmonEvent
- ProtectionStatus
- Update and UpdateSummary
Defender for Cloud billing is closely tied to the billing for Azure Monitor Log Analytics, so the benefit applies to the entire Microsoft Sentinel bill.
SAP and Application Insights
As you integrate SAP with Azure Application Insights, it's essential to understand the pricing structure. Azure Application Insights Pricing dictates that data export via Diagnostic Settings will be billed per GB as per your plan.
If you're using a log analytics tier plan, you'll be billed accordingly for data ingestion, data retention, and data export. This pricing model varies by region, so keep that in mind when deploying your application insights.
The commitment tier offers a fixed pricing plan, but if you're on a pay-as-you-go model, your costs will be based on your actual usage.
Application Insights
Azure Application Insights is a powerful tool for monitoring and analyzing your SAP applications. It provides valuable insights into user behavior, performance, and errors, helping you identify and fix issues quickly.
Data export via Diagnostic Settings can be a costly affair, with prices varying as per your plan and the region in which your application insights exist. You'll be charged per GB as per your plan.
To optimize Azure Application Insights pricing, you need to focus on four key areas: data ingestion, data retention period, data export, and multi-step web tests. Here are some key takeaways to lower down application insight cost:
- Capture only important telemetry logs from applications, and optimize your application code to not send all logs to Application Insights.
- Choose the cheapest region to create and store your application insights.
- Purge old logs that are no longer needed.
- If you have high-volume log ingestion, consider opting for the Azure commitment tier.
- Filter and send only relevant log data when exporting.
- Remove unwanted multi-step web tests and focus on using ping tests, which are free.
By following these simple steps, you can significantly reduce your Azure Application Insights costs and get the most out of this valuable tool.
Ingestion and Archive
Azure Monitor Log Analytics offers flexible and cost-saving options for log data ingestion and analysis. There are two primary plans: Basic Logs and Analytic Logs.
Basic Logs offer low-cost search capabilities for troubleshooting, while Analytic Logs support advanced analytics. Pricing for Analytic Logs can be on a Pay-As-You-Go basis or through Commitment Tiers, which offer discounts for predictable daily volumes.
You can ingest log data into Log Analytics, and then archive it at a lower cost than normal retention. Archive logs allow you to move the data into an offline state where it cannot be accessed directly but is significantly cheaper.
The cost of archiving logs is $0.025 per GB per month, compared to $0.12 per GB per month for standard data retention. If you need to access the archive data, you pay an additional fee for either querying the archive or restoring it to active tables.
Data archiving is done by setting a retention policy at the workspace or table level. You can view the retention for all tables by running a query without a table name.
Additional reading: Azure Tables
Ingestion
Ingestion is a crucial part of log data management, and understanding its costs and options is essential for optimizing your Azure Monitor Log Analytics setup.
Azure Monitor Log Analytics pricing is designed to provide flexible and cost-saving options for log data ingestion and analysis, with two primary plans: Basic Logs and Analytic Logs.
The Basic Logs plan offers low-cost search capabilities for troubleshooting, while the Analytic Logs plan supports advanced analytics. Analytic Logs can be priced on a Pay-As-You-Go basis or through Commitment Tiers, which offer discounts for predictable daily volumes.
The Pay-As-You-Go option charges based on data volume, with the first 5 GB free each month. Commitment Tiers offer predictable daily fees starting from 100 GB/day.
In addition to these primary plans, there are also costs associated with data retention, archiving, exporting, and processing. These options ensure organizations can manage their log data effectively while optimizing costs.
To break down the costs of ingestion, let's look at the different types of dashboards available in Azure Monitor Log Analytics. Here are some key facts about each:
These dashboards can help you understand where your costs are coming from and make informed decisions about your log data management setup.
Archive
Archive is a crucial feature in Log Analytics, allowing you to store data at a lower cost than normal retention. You can archive data at a rate of $0.025 per GB per month, significantly cheaper than the $0.12 per GB per month for standard data retention.
To archive data, you need to set a retention policy at the workspace or table level. This policy automatically moves data to archive storage once it reaches a specified age.
Data archiving is a two-step process: first, data is moved to an offline state where it cannot be accessed directly, and then you can query or restore it. Querying the archive costs $0.007 per GB of data scanned, while restoring it to active tables costs $0.123 per GB per day of data restored.
Here's a summary of the costs associated with archiving and restoring data:
Storage and Retention
Storage and Retention is a crucial aspect of Azure Log Analytics, and understanding how it works can help you optimize your costs.
Data is retained for free for up to 31 days, after which it incurs a charge of $0.18 per GB per month. If you have enabled Azure Sentinel, data can be retained for free for up to 90 days.
You can also choose to archive data at a lower cost than normal retention, which can be useful for long-term storage. However, searching archived logs can incur costs for the data scanned and ingested search results.
If you need to restore archived logs, you can do so to enable full interactive analytics, but be aware that costs will be allocated based on the amount and duration of restored data.
Here's a summary of the retention periods and costs:
By understanding these storage and retention options, you can make informed decisions about how to manage your Azure Log Analytics costs.
Platform and Features
Platform logs in Azure Monitor are diagnostic logs generated by Azure platform resources. To access these logs, you need to enable diagnostic logs by configuring them in the diagnostic setting option.
The pricing for platform logs varies based on the destination data source where these logs are sent. According to the pricing table, sending logs to Storage or Event Hub costs $0.388 per GB, while sending logs to Marketplace Partners also costs $0.388 per GB.
Azure Monitor Logs offers a range of features to help you manage and analyze your system data. Some of the key features include centralized log collection, powerful query language, data visualization and reporting, custom log formats, and machine learning and analytics.
Key Features
Azure Monitor Logs is a powerful tool for centralized log collection, pulling data from multiple sources such as Azure resources, on-premises environments, and other cloud platforms.
This capability is made possible by data agents installed on virtual machines and other resources, as well as custom applications that can send log data directly using APIs and SDKs.
The Kusto Query Language (KQL) is a standout feature of Azure Monitor Logs, offering an advanced query language that allows users to quickly and efficiently query large datasets.
With interactive querying capabilities, users can explore and analyze data in real-time, and a library of pre-built queries provides a quick way to gain insights without needing to start from scratch.
Azure Monitor Logs supports rich data visualization and reporting through customizable workbooks and centralized dashboards.
These tools allow users to create interactive reports featuring charts, graphs, and tables, providing a comprehensive overview of system health and performance.
The platform supports flexible data ingestion, accommodating custom log formats to meet unique data sources and logging needs.
Users can define custom fields to extract and structure specific data from logs, ensuring that all relevant information is captured and organized.
Azure Monitor Logs leverages advanced analytics and machine learning models to detect anomalies and predict future trends.
Integration with Azure AI services allows for even more sophisticated data analysis and insights, helping organizations stay ahead of potential issues and optimize their operations.
Here are the key features of Azure Monitor Logs:
- Centralized Log Collection: Collects data from multiple sources, including Azure resources, on-premises environments, and other cloud platforms.
- Powerful Query Language: Offers an advanced query language, the Kusto Query Language (KQL), for querying large datasets.
- Data Visualization and Reporting: Supports customizable workbooks and centralized dashboards for interactive reporting.
- Custom Log Formats: Accommodates custom log formats to meet unique data sources and logging needs.
- Machine Learning and Analytics: Leverages advanced analytics and machine learning models to detect anomalies and predict future trends.
A Step-by-Step Guide
Viewing and managing Azure Monitor logs is a straightforward process that can be accomplished through the Azure portal.
You can access Azure Monitor logs by navigating to the Azure portal and selecting your subscription.
The Azure portal provides a user-friendly interface for managing logs, making it easy to find and view the information you need.
To view logs, simply click on the "Logs" tab in the Azure portal.
Azure Monitor logs can be managed through the Azure portal, allowing you to easily view and analyze your log data.
Sources
- https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/
- https://medium.com/@mbnarayn/itemising-the-costs-for-your-azure-log-analytics-workspace-0522ff05df95
- https://azurelib.com/understand-azure-monitor-and-log-analytics-pricing-and-cost-optimization/
- https://blog.economize.cloud/azure-monitor-logs-pricing
- https://samcogan.com/finally-cheaper-options-for-azure-monitor-logs/
Featured Images: pexels.com