Merge pull request #249740 from v-jbasden/v-jbasden-logs-content-inventory-line-69

prmerger-automator[bot] · web-flow · commit 963de1e793ea · 2023-12-18T11:42:25.000Z
Authoring guidance on prerequisites and permissions required to create and manage a dedicated cluster
diff --git a/articles/azure-monitor/logs/logs-dedicated-clusters.md b/articles/azure-monitor/logs/logs-dedicated-clusters.md
@@ -9,7 +9,7 @@ ms.custom: devx-track-azurepowershell, devx-track-azurecli
 
 # Create and manage a dedicated cluster in Azure Monitor Logs 
 
-Linking a Log Analytics workspace to a dedicated cluster in Azure Monitor provides advanced capabilities and higher query utilization. Clusters require a minimum ingestion commitment of 500 GB per day. You can link and unlink workspaces from a dedicated cluster without any data loss or service interruption. 
+Linking a Log Analytics workspace to a dedicated cluster in Azure Monitor provides advanced capabilities and higher query utilization. You can link and unlink workspaces from a dedicated cluster without any data loss or service interruption. 
 
 ## Advanced capabilities
 Capabilities that require dedicated clusters:
@@ -26,16 +26,27 @@ eligible for commitment tier discount.
 ## Cluster pricing model
 Log Analytics Dedicated Clusters use a commitment tier pricing model of at least 500 GB/day. Any usage above the tier level incurs charges based on the per-GB rate of that commitment tier. See [Azure Monitor Logs pricing details](cost-logs.md#dedicated-clusters) for pricing details for dedicated clusters. The commitment tiers have a 31-day commitment period from the time a commitment tier is selected.
 
+## Prerequisites
+
+- Dedicated clusters require a minimum ingestion commitment of 500 GB per day.
+- To link a workspace to a dedicated cluster, you need a workspace that isn't linked to any clusters.
+- When creating a dedicated cluster, you can't name it with the same name as a cluster that was deleted within the past two weeks.
+
 ## Required permissions
 
 To perform cluster-related actions, you need these permissions:
 
 | Action | Permissions or role needed |
 |-|-|
-| Create a dedicate cluster |`Microsoft.Resources/deployments/*`and `Microsoft.OperationalInsights/clusters/write`| 
-| Change cluster properties |`Microsoft.OperationalInsights/clusters/write`| 
-| Link workspaces to a cluster | `Microsoft.OperationalInsights/clusters/write` and `Microsoft.OperationalInsights/workspaces/write`| 
-| Grant the required permissions | Owner or Contributor role that has `*/write` permissions, or a Log Analytics Contributor role that has `Microsoft.OperationalInsights/*` permissions.| 
+| Create a dedicated cluster |`Microsoft.Resources/deployments/*`and `Microsoft.OperationalInsights/clusters/write` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example | 
+| Change cluster properties |`Microsoft.OperationalInsights/clusters/write` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example | 
+| Link workspaces to a cluster | `Microsoft.OperationalInsights/clusters/write` and `Microsoft.OperationalInsights/workspaces/write` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example | 
+| Check workspace link status | `Microsoft.OperationalInsights/workspaces/read` permissions to the workspace, as provided by the [Log Analytics Reader built-in role](./manage-access.md#log-analytics-reader), for example |
+| Get clusters or check a cluster's provisioning status | `Microsoft.OperationalInsights/clusters/read` permissions, as provided by the [Log Analytics Reader built-in role](./manage-access.md#log-analytics-reader), for example | 
+| Update commitment tier or billingType in a cluster | `Microsoft.OperationalInsights/clusters/write` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example |
+| Grant the required permissions | Owner or Contributor role that has `*/write` permissions, or the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), which has `Microsoft.OperationalInsights/*` permissions | 
+| Unlink a workspace from cluster | `Microsoft.OperationalInsights/workspaces/linkedServices/delete` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example |
+| Delete a dedicated cluster | `Microsoft.OperationalInsights/clusters/delete` permissions, as provided by the [Log Analytics Contributor built-in role](./manage-access.md#log-analytics-contributor), for example |
 
 For more information on Log Analytics permissions, see [Manage access to log data and workspaces in Azure Monitor](./manage-access.md). 
 
@@ -82,6 +93,10 @@ Deleted clusters take two weeks to be completely removed. You can have up to sev
 > - A list of initial workspace to be linked to cluster is identified
 > - You have permissions to subscription intended for the cluster and any workspace to be linked
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -139,6 +154,10 @@ Should be 202 (Accepted) and a header.
 
 The provisioning of the Log Analytics cluster takes a while to complete. Use one of the following methods to check the *ProvisioningState* property. The value is *ProvisioningAccount* while provisioning and *Succeeded* when completed.
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -224,6 +243,10 @@ The workspace and the cluster can be in different subscriptions. It's possible f
 
 Use the following steps to link a workspace to a cluster. You can automated for linking multiple workspaces:
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 > [!NOTE]
@@ -292,6 +315,11 @@ Content-type: application/json
   
 When a cluster is configured with customer-managed keys, data ingested to the workspaces after the link operation completion is stored encrypted with your managed key. The workspace link operation can take up to 90 minutes to complete and you can check the state by sending Get request to workspace and observe if *clusterResourceId* property is present in the response under *features*.
 
+#### [Portal](#tab/azure-portal)
+
+1. Open the **Log Analytics workspaces** menu and then select your workspace.
+1. On the **Overview** page, select **JSON View**.
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -371,6 +399,10 @@ After you create your cluster resource and it's fully provisioned, you can edit
 
 ## Get all clusters in resource group
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -439,6 +471,10 @@ Authorization: Bearer <token>
 
 ## Get all clusters in subscription
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -476,6 +512,10 @@ When the data volume to linked workspaces changes over time, you can update the
 
 During the commitment period, you can change to a higher commitment tier, which restarts the 31-day commitment period. You can't move back to pay-as-you-go or to a lower commitment tier until after you finish the commitment period.
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -518,10 +558,18 @@ The *billingType* property determines the billing attribution for the cluster an
 - *Cluster* (default) -- billing is attributed to the Cluster resource
 - *Workspaces* -- billing is attributed to linked workspaces proportionally. When data volume from all linked workspaces is below Commitment Tier level, the bill for the remaining volume is attributed to the cluster
 
-#### [CLI](#tab/cli)
+#### [Portal](#tab/azure-portal)
 
 N/A
 
+#### [CLI](#tab/cli)
+
+```azurecli
+az account set --subscription "cluster-subscription-id"
+
+az monitor log-analytics cluster update --resource-group "resource-group-name" --name "cluster-name"  --billing-type {Cluster, Workspaces}
+```
+
 #### [PowerShell](#tab/powershell)
 
 ```powershell
@@ -564,6 +612,10 @@ Queries aren't affected when workspace is unlinked and service performs cross-cl
 
 Use the following commands to unlink a workspace from cluster:
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
@@ -583,7 +635,9 @@ Remove-AzOperationalInsightsLinkedService -ResourceGroupName "resource-group-nam
 
 #### [REST API](#tab/restapi)
 
-N/A
+```rest
+DELETE https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/linkedServices/{linkedServiceName}?api-version=2020-08-01
+```
 
 ---
 
@@ -604,6 +658,10 @@ If you delete a cluster that has linked workspaces, workspaces get automatically
 
 Use the following commands to delete a cluster:
 
+#### [Portal](#tab/azure-portal)
+
+N/A
+
 #### [CLI](#tab/cli)
 
 ```azurecli
