I'm curious about the best approach for setting up Log Analytics workspaces. Is it advisable to have one centralized workspace for all logs, or should I create separate workspaces for different types of logs, like device logs and user logs? What are the pros and cons of each setup?
1 Answer
Microsoft's documentation suggests starting with a single workspace but gives examples for considering more as needs grow. For instance, if you're dealing with data retention or ownership issues, you might want to explore separating them. Personally, I manage all my Azure diagnostic logs in one workspace and find it pretty manageable at the table level.
For more detailed guidance, check out Microsoft's design documentation on Log Analytics workspaces!