Collect Log Analytics/OMS Data Across Subscriptions
Microsoft’s Log Analytics platform, part of the OMS Suite, allows you to pull in and analyse data from a wide variety of source for your operational needs. One of these sources of data is from Azure Monitor, the monitoring solution built into the Azure platform.
Azure Monitor is great on it’s own when you want to look at performance or log data for a specific resource, but when you want to look at this data across your whole estate and be able to dashboard and alert on this, you need to aggregate and analyse this in Log Analytics.
To enable this you can either do it through the portal, in the diagnostic settings of your required resource, or you can set it up through PowerShell using one of these approaches:
- Collect Azure service logs and metrics for use in Log Analytics
- Enable Azure resource metrics logging using PowerShell
The setup I wanted to use involved having a single OMS Workspace, and having resources from multiple different subscriptions report into that Workspace. The documentation stated this was feasible, however, I found that when I tried to enable this using any of the methods above, I hit an error along the lines of:
Failed to update diagnostics for 'resource'.
{"code":"Forbidden","message":"Please register the subscription 'subscription id' with Microsoft.Insights."}
The subscription ID in the error was the one where my resources were located, so I checked this and Microsoft.Insights was enabled. Importing resources into an OMS workspace in the same subscription as my resource worked, so I was beginning to think it wasn’t possible to have this data report across subscription, which would have been a real issue. However Richard Rundle, one of the Authors of this article was kind enough to point out that for this cross subscription setup, the Microsoft.Insights resource needed to be enabled in both the resource and the workspace subscription. Once I did this it all started working.
Enabling the Microsoft.Insights Resource
To enable the resource, follow these steps:
- Log in to the Azure Portal
- On the left hand menu go to “More Services” then “Subscriptions”
- Locate the subscription where your resources sit and click on that
- In the menu that opens click on “Resource Providers”
- Search for “Microsoft.Insights”
- It should show 1 resource provider, if it shows as “NotRegistered” click the Register link
This should change state to “Registering” and then eventually “Registered”
Finally, repeat the steps above in the subscription where your OMS workspace sits