Which three types of data can you collect from the computers by using Log Analytics?

You have 100 computers that run Windows 10 and connect to an Azure Log Analytics workspace.

Which three types of data can you collect from the computers by using Log Analytics? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A . failure events from the Security log
B . the list of processes and their execution times
C . the average processor utilization
D . error events from the System log
E . third-party application logs stored as text files

View Answer

Answer: CDE

Explanation:

E: The Custom Logs data source for the Log Analytics agent in Azure Monitor allows you to collect events from text files on both Windows and Linux computers. Many applications log information to text files instead of standard logging services, such as Windows Event log or Syslog. After the data is collected, you can either parse it into individual fields in your queries or extract it during collection to individual fields.

D: Collect Windows event log data sources with Log Analytics agent

Windows event logs are one of the most common data sources for Log Analytics agents on Windows virtual machines because many applications write to the Windows event log. You can collect events from standard logs, such as System and Application, and any custom logs created by applications you need to monitor.

C: Summary of data sources

The following table lists the agent data sources that are currently available with the Log Analytics agent. Each agent data source links to an article that provides information for that data source. It also provides information on their method and frequency of collection.

* Performance counters

Performance counters in Windows and Linux provide insight into the performance of hardware components, operating systems, and applications. Azure Monitor can collect performance counters from Log Analytics agents at frequent intervals for near real time analysis. Azure Monitor can also aggregate performance data for longer-term analysis and reporting.

* Etc.

Log queries with performance records

The following table provides different examples of log queries that retrieve performance records. Example, CPU utilization across all computers

Query: Perf | where ObjectName == "Processor" and CounterName == "% Processor Time" and InstanceName == "_Total" | summarize AVGCPU = avg(CounterValue) by Computer Average

B: The following table lists the objects and counters that you can specify in the configuration file. More counters are available for certain applications.

* Processor, % Processor Time

* Processor, % User Time

* Etc.

Incorrect:

Not A: Not from the Security log.

Important

You can’t configure collection of security events from the workspace by using the Log Analytics agent. You must use Microsoft Defender for Cloud or Microsoft Sentinel to collect security events. The Azure Monitor agent can also be used to collect security events.

Reference:

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-custom-logs

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-performance-counters