Azure Log Analytics Workspace pattern-based discovery

  • Release version: Yokohama
  • Updated June 16, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Log Analytics Workspace pattern-based discovery

    Azure Log Analytics Workspace pattern-based discovery in ServiceNow enables automated detection and mapping of Azure Log Analytics workspaces within your cloud environment. This discovery populates relevant Configuration Management Database (CMDB) and non-CMDB tables, allowing you to manage and visualize Azure resources effectively. The discovery relies on specific patterns that need to be enabled and configured, ensuring accurate and up-to-date data collection.

    Show full answer Show less

    Key Features

    • Pattern Activation: The Azure Log Analytics Workspace discovery pattern is disabled by default and must be enabled. With Visibility Content version 6.28.0 and later, pattern activation does not count as customization and will receive updates automatically.
    • Discovery Prerequisites: Microsoft Azure discovery prerequisites must be met, including proper setup of Azure service accounts and configuration of discovery schedules, especially when working with Azure GovCloud (US).
    • Data Population: The discovery populates data into both CMDB and non-CMDB tables. Non-CMDB tables store extended inventory details, while CMDB tables maintain core configuration items representing Azure resources.
    • Tag Collection: Azure resource tags are collected and stored in the Key Value [cmdbkeyvalue] table, providing additional metadata management capabilities.
    • CI Relationships: The pattern automatically creates relationships between discovered resources, resource groups, datacenters, and cloud resources to support comprehensive service mapping.

    Key Outcomes

    • Comprehensive Asset Visibility: Gain detailed insight into your Azure Log Analytics workspaces, including their subscription, tenant, provisioning state, and geographic location.
    • Improved CMDB Accuracy: Automatically update CMDB entries with accurate and current Azure resource data, supporting better IT service management and cloud governance.
    • Enhanced Service Mapping: Utilize created CI relationships to understand dependencies and hosting structures, facilitating impact analysis and operational decision-making.
    • Efficient Tag Management: Leverage collected Azure tags for classification, reporting, and policy enforcement within your ServiceNow environment.
    • Support for GovCloud Discovery: Configure discovery schedules to include Azure GovCloud (US), ensuring compliance and comprehensive coverage of cloud assets.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud components discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Log Analytics Workspace - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Log Analytics - Workspace [cmdb_azure_log_analytics_workspace]
    Field Description
    Object Id [object_id] The unique identifier of the Azure resource.
    Kind [kind] The specific kind or variant of the resource.
    DC Location [location] The geographical region where the resource is deployed.
    Resource Group [resource_group] The Azure resource group to which the resource belongs.
    Subscription Id [subscription_id] The unique identifier of the Azure subscription containing the resource.
    Tenant Id [tenant_id] The identifier of the Azure Active Directory tenant associated with the resource.
    Provisioning State [provisioning_state] The current lifecycle state of the resource. For example: Succeeded, Creating, or Failed.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.
    Customer Id [customer_id] The unique identifier of the Log Analytics workspace or customer instance.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Log Analytics Workspace - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Object ID [object_id] The unique identifier of the Azure resource.
    Name [name] The name of the resource.
    Location [location] The geographical region where the resource is deployed.
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.operationalinsights/workspaces.

    CI relationships

    The Azure - Log Analytics Workspace - Extended Inventory(LP) pattern creates these relationships to support Azure Log Analytics Workspace discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Log Analytics - Workspace [cmdb_azure_log_analytics_workspace] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.