How to handle diagnostic logs from different resources of azure having different table log structure?

Question

I'm trying to send diagnostics logs of different azure resources of a specific subscription to Log Analytics Workspace(LAW)via EventHub.

But since we have different azure resource logs, each resource might have a different diagnostic log schema.

Then how can we handle this type of logs in Log Analytic Workspace(LAW) as all the logs stores in the form of tables in LAW ?

Answer 1

When a diagnostic setting is created for any resource within azure, tables are created based on the collection the resource is using:

• Azure diagnostics: All data is written to the AzureDiagnostics table. Because multiple resource types send data to the same table, its schema is the superset of the schemas of all the different data types being collected. For more information, on how each of the resource logs are collected, refer this and this document.
• Resource-specific: Data is written to individual tables for each category of the resource. For common and service specific schemas, refer this document.