To capture and present log records as analytics data, you must configure one or more log sources for the Analytics Agent. The Analytics Agent uses the log source configuration to:

• Capture records from the log file
• Structure the log data according to your configuration
• Send the data to the Analytics Processor.

The Controller presents the Log Analytics data in the Analytics UI.

Before attempting to configure Log Analytics, confirm you have installed and configured the components described in Install Agent-Side Components and, for on-premises, Custom Install and Events Service Deployment.

Versions < 4.3 use job files to configure the log sources. You may continue to use job files that were created in previous versions. If you want to collect new log events into our platform, we recommend that you use the Centralized Log Management UI to define source rules. You may also find it useful to replace existing job file configurations with the new source rules so you can take advantage of new features introduced in 4.3. See Migrate Log Analytics Job Files to Source Rules.

To configure data collection for your log sources, see Configure Log Analytics Using Source Rules.