From 47f05fb9a8bcd75d019b04101fa3525639b5a21d Mon Sep 17 00:00:00 2001
From: Poornima Venkataramanan <poven@microsoft.com>
Date: Tue, 10 Oct 2023 15:58:42 +0530
Subject: [PATCH 1/2] UserStory30177-Monitoring-LogAnalytics

---
 .../monitoring/log-analytics/_index.md        | 30 +++++++++++++++++++
 .../log-analytics/code/log-5/log-5.kql        |  6 ++++
 2 files changed, 36 insertions(+)
 create mode 100644 docs/content/services/monitoring/log-analytics/code/log-5/log-5.kql

diff --git a/docs/content/services/monitoring/log-analytics/_index.md b/docs/content/services/monitoring/log-analytics/_index.md
index 1e6cb994f..a3f66f160 100644
--- a/docs/content/services/monitoring/log-analytics/_index.md
+++ b/docs/content/services/monitoring/log-analytics/_index.md
@@ -20,6 +20,7 @@ The below table shows the list of resiliency recommendations for Log Analytics a
 | [LOG-2 - Link Log Analytics Workspace to an Availability Zone enabled dedicated cluster](#log-2---link-log-analytics-workspace-to-an-availability-zone-enabled-dedicated-cluster) | Medium  | Preview |         Yes          |
 | [LOG-3 - Configure data collection to send critical data to multiple workspaces in different regions](#log-3---configure-data-collection-to-send-critical-data-to-multiple-workspaces-in-different-regions) | Medium  | Preview  |         No         |
 | [LOG-4 - Create a health status alert rule for your Log Analytics workspace](#log-4---create-a-health-status-alert-rule-for-your-log-analytics-workspace) | Low  | Preview  |         No         |
+| [LOG-5 - Configure minimal logging and retention of logs](#log-5---configure-minimal-logging-and-retention-of-logs) | Low  | Preview  |         Yes         |
 {{< /table >}}
 
 {{< alert style="info" >}}
@@ -129,3 +130,32 @@ A health status alert will proactively notify you if a workspace becomes unavail
 {{< /collapse >}}
 
 <br><br>
+
+### LOG-5 - Configure minimal logging and retention of logs
+
+**Category: Monitoring**
+
+**Impact: Low**
+
+**Guidance**
+
+ Azure Monitor Logs automatically retains log data for a specific period of time depending on the data type (for example, 31 days for platform logs and metrics). However, you may need to retain your data for longer periods for compliance or business reasons. You can configure the data retention settings based on your requirements.
+
+ For long-term storage, it might be necessary to move logs from Azure Monitor to a more cost-effective storage solution, such as Azure Blob Storage. This allows you to keep logs for an extended period of time without incurring high costs.
+
+
+**Resources**
+
+- [Data retention and archive in Azure Monitor Logs](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2)
+- [Run search jobs in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2)
+- [Restore logs in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1)
+
+**Resource Graph Query/Scripts**
+
+{{< collapse title="Show/Hide Query/Script" >}}
+
+{{< code lang="sql" file="code/log-5/log-5.kql" >}} {{< /code >}}
+
+{{< /collapse >}}
+
+<br><br>
\ No newline at end of file
diff --git a/docs/content/services/monitoring/log-analytics/code/log-5/log-5.kql b/docs/content/services/monitoring/log-analytics/code/log-5/log-5.kql
new file mode 100644
index 000000000..20dc3d867
--- /dev/null
+++ b/docs/content/services/monitoring/log-analytics/code/log-5/log-5.kql
@@ -0,0 +1,6 @@
+//Configure minimal logging and retention of logs.
+//Query to get the list of Log analytics workspaces and their current configured retention period
+resources
+| where type == "microsoft.operationalinsights/workspaces"
+| extend RetentionPeriod = tostring(properties.retentionInDays), SkuName=tostring(properties.sku.name)
+| project recommendationId="log-5", name,location,resourceGroup,RetentionPeriod,SkuName,subscriptionId

From 0f0f0e02f5aa0e24d62d958c849aa72676605283 Mon Sep 17 00:00:00 2001
From: Poornima Venkataramanan <poven@microsoft.com>
Date: Wed, 11 Oct 2023 10:34:05 +0530
Subject: [PATCH 2/2] UserStory30177-Monitoring-WithChanges

---
 docs/content/services/monitoring/log-analytics/_index.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/content/services/monitoring/log-analytics/_index.md b/docs/content/services/monitoring/log-analytics/_index.md
index a3f66f160..4f9ef01f1 100644
--- a/docs/content/services/monitoring/log-analytics/_index.md
+++ b/docs/content/services/monitoring/log-analytics/_index.md
@@ -143,7 +143,6 @@ A health status alert will proactively notify you if a workspace becomes unavail
 
  For long-term storage, it might be necessary to move logs from Azure Monitor to a more cost-effective storage solution, such as Azure Blob Storage. This allows you to keep logs for an extended period of time without incurring high costs.
 
-
 **Resources**
 
 - [Data retention and archive in Azure Monitor Logs](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2)