Reputation: 1055
Get log data from LogAnalytics Workspace using Rest API
I am trying to fetch log data from Azure Log Analytics workspace with the queries that I have saved inside the workspace. I have started developing a Web API to fetch the results of the query and I registered this Web API to an Azure Active Directory that I created inside my Visual Studio Enterprise Azure subscription. But when I try to 'Request Permission' for LogAnalytics API, I am not able to find LogAnalytics API from Microsoft API. I am following the instructions in the following link:
https://dev.loganalytics.io/oms/documentation/1-Tutorials/1-Direct-API
Can someone please let me know how can i fetch log data from inside LogAnalytics workspace? I have looked into Microsoft documentation which just gives the API but does not say how to get the token: https://learn.microsoft.com/en-us/rest/api/loganalytics/savedsearches/get
Upvotes: 2
Views: 14156
Answers (1)
Reputation: 42053
But when I try to 'Request Permission' for LogAnalytics API, I am not able to find LogAnalytics API from Microsoft API.
You need to navigate to the APIs my organization uses, search for the Log Analytics API, add the Application permission like below.
Note: The link you provided should be out of date, it uses the Delegated permission, that is not correct, it must be Application permission, because we will use the client credential flow to get the token.
After giving the permission, also make sure your AD App has an RBAC role e.g. Contributor, Log Analytics Reader in the Access control (IAM) of your workspace, if not, follow this doc to add it.
Then use the client credential flow to get the token, after getting the token, use it to call the api.
POST /YOUR_AAD_TENANT/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&resource=https://api.loganalytics.io
&client_secret=YOUR_CLIENT_SECRET
For more details, you could refer to this link, don't miss any step.
I have looked into Microsoft documentation which just gives the API but does not say how to get the token: https://learn.microsoft.com/en-us/rest/api/loganalytics/savedsearches/get
To get the token for this REST API, it is the same with the Log Analytics API. To call this API, no need to add the API permission for your AD App, it just needs the RBAC role. The difference is you need to change the resource in the request body to https://management.azure.com like below.
POST /YOUR_AAD_TENANT/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&resource=https://management.azure.com
&client_secret=YOUR_CLIENT_SECRET
For more details, refer to this link.
Upvotes: 9
Related Questions
- How to run log analytics query using azure api?
- REST API Logs in Azure
- Azure log analytics rest API call error 403
- How to connect azure virtual machine with log analytics workspace using REST API or Nodejs SDK?
- azure Loganalytics with API connection
- Azure log api JavaScript sample
- How to extract Log-Data from Azure Log Analytics / Application Insights?
- Fetch all resources which send data to a particular log analytics workspace?
- Azure Monitor - REST API Custom Log - .Net
- Azure LogAnalytics Parse JSON Array