Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How many Log Analytics workspaces to use for multiple Application Insights instances?

We have multiple different apps, each deployed in multiple environments, each monitored by a separate Application Insight instance. For example 2 web applications, each deployed in dev, test, prod environments, that means 6 different Application Insight instances.

Microsoft wants to migrate Application Insights to workspace based Application Insights, so I need to create Log Analytic workspace(s). What is the best approach and why:

  • Create single workspace and put all Application Insights into this one workspace?
  • Create separate workspace for each Application Insight instance?
  • Something other? (Workspace per application, workspace per environment...)
like image 312
jimmyj Avatar asked Oct 08 '21 18:10

jimmyj


People also ask

Should I use single or multiple application insights resources?

As per the FAQ: use one instance: Should I use single or multiple Application Insights resources? Use a single resource for all the components or roles in a single business system. Use separate resources for development, test, and release versions, and for independent applications.

What is the minimum number of Azure Sentinel workspaces that you should create?

If you have multiple tenants, such as if you're a managed security service provider (MSSP), we recommend that you create at least one workspace for each Azure AD tenant to support built-in, service to service data connectors that work only within their own Azure AD tenant.

Does application insights use Log Analytics?

Azure Application Insights is a perfect tool to save the log data generated by these applications and also offers multiple features to apply Log Analytics on the saved data. Azure Application Insights is a feature of Azure Monitor and an application performance management service for web applications.

Does Log Analytics need workspace?

You need a Log Analytics workspace if you collect data from: Azure resources in your subscription. On-premises computers monitored by System Center Operations Manager. Device collections from Configuration Manager.


2 Answers

[I'm a part of Application Insights team]

Overall the recommendation is to keep the number of workspaces to a minimum unless you need clear separation:

  1. Different auth for various workspaces [note, Application Insights scenarios leverage so called resource-based auth, i.e. you still will be controlling auth through Application Insights resources]
  2. Different billing quotas
  3. Different retention period
  4. Different regions
  5. Different environments

This allows you to manage less number of resources (workspaces).

So, you should make a decision based on #2 - #5 (as mentioned above - auth is not relevant because it will still be controlled by Application Insights).

If you're not using advanced features (different retention), then most likely the main driver is different environment. I.e. in your case it is probably 3 workspaces (dev, test, prod).

like image 80
ZakiMa Avatar answered Oct 17 '22 10:10

ZakiMa


As far as I understood from the Application Insights documentation here (and here), I think it would be also a good practice for the Log Workspace to separate them (at least) by environment, but you could use any other split or group criteria such as business meaning, correlated data, RBAC policies, managing team...

IMHO, in your case I would create 3 workspaces (dev, test, prod) and link each Application Insights in its corresponding workspace.

like image 40
semoru Avatar answered Oct 17 '22 11:10

semoru