CODEWITHSUNDEEP
azure-application-insightsazure-cliazure-log-analytics
Matthew Campbell
Matthew Campbell

Reputation: 1884

Create Insights Log query from Azure cli not Log Monitor saved search

Using latest azure cli (2.28.1)

The creation of Kusto queries against Log Analytics with the azure cli is documented here: https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest

using the saved-search directive. A minor irritation is that the cli always creates legacy categories rather than non-legacy and tags sometimes are not correctly applied.

But what I can not find is how to create queries against Insights with the cli. Combed the Microsoft docs without a hit. Insights is a subset of Log Analytics (Monitor) but the queries are stored separately. Alarms can target both resource groups (i.e. Insights and Log Analytics).

Upvotes: 0

Views: 1023

Answers (2)

Matthew Campbell
Matthew Campbell

Reputation: 1884

With bicep (az bicep build --file <bicep file>) resource definitions can be defined in a template (json) then deployed with the azure cli (az deployment group create --resource-group <name> --template-file <bicep generated template>)

Hard part was making parent and child resources in bicep. Needed a parent query pack and a child queries:

resource querypack 'Microsoft.OperationalInsights/queryPacks@2019-09-01-preview' = 
{
 name: 'DefaultQueryPack'
 location: 'northeurope'
 properties: {}
}

resource query 'Microsoft.OperationalInsights/queryPacks/queries@2019-09-01-preview' = {
  parent: querypack
  name: '6967c00c-9b46-4270-bee0-5a27b8b85cef'
  properties: {
    displayName: 'BadEventsBySdcFileId'
    description: ''
    body: '<kusto query>'
    related: {
        categories: [
            'applications'
        ]
        resourceTypes: [
            'microsoft.insights/components'
        ]
    }
    tags: {}
  }
}

Also the query resource name has to be a GUID which is not at all clear in the documentation. Tags are helpful to group by topic when hunting around for queries say that belong to a project domain.

Upvotes: 0

VenkateshDodda
VenkateshDodda

Reputation: 5546

You need to use az monitor app-insights query command to run the kusto queries for application insights using Azure CLI.

We have tested in our environment Using the below cmdlets, can pull the appid for an application insights & also Total numbers requests for that particular application over a time period of 1day.

az monitor app-insights component show --app <app-insightsName> --resource-group <resource-Name> --query appId
az monitor app-insights query --app <appId> --analytics-query 'requests | summarize count() by bin(timestamp, 24h)' --offset 1h30m

Here is the reference document for more information about running app insight analytics-queries using Azure CLI.

Upvotes: 0

Related Questions