There is an easy way to send all logs from Recovery Services to our Log Analytics workspace.
Go to Recovery Services vaults and under
Monitoring and Reports find
When you click, a two-step configuration will be introduced, but we'll only take the first step. Click in step one
Diagnostic Settings. (You can also navigate to
Diagnostics Settings >
Send to Log Analytics option and desired logs to be sent to the workspace. Of course, I chose everything.
Now just wait around 10 minutes and check your Log Analytics workspace using the query:
AzureDiagnostics | where EventName_s == "AzureBackupCentralReport"
You can see that ther is Azure Backup data directly in AzureDiagnostics. To understand better data model please visit https://docs.microsoft.com/en-us/azure/backup/backup-azure-log-analytics-data-model
What else we can do with this data?
AzureDiagnostics | where EventName_s == "AzureBackupCentralReport" | where isnotempty(AlertType_s) | project TimeGenerated ,AlertType_s , AlertStatus_s, AlertSeverity_s, AlertCode_s, Category, BackupItemUniqueId_s, ResourceGroup
Or use the same query to create an alert in the Azure Monitor: