To run a query and get data from Azure Log Analytics, we need to utilize the Azure Monitor Log Analytics REST API. First, we need to create an Azure Active Directory (Azure AD) app to gain the necessary permissions to call this API. We can create this app in the Azure portal.
Once we have the Azure AD app, we need to grant it Log Analytics read permissions. After that, we will be able to retrieve the Tenant ID, Client ID, and Client Secret from our Azure AD app.
Here is a simple Python script which uses the requests library to call the Azure Monitor Log Analytics REST API:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | import requests import json import datetime from azure.identity import ClientSecretCredential # Fill these in with the information from your Azure AD app tenant_id = 'YOUR_TENANT_ID' client_id = 'YOUR_CLIENT_ID' client_secret = 'YOUR_CLIENT_SECRET' workspace_id = 'YOUR_WORKSPACE_ID' # Log Analytics workspace ID query = 'YOUR_LOG_ANALYTICS_QUERY' # Query to be run on Log Analytics # Get a token for the Azure Monitor API credential = ClientSecretCredential(tenant_id, client_id, client_secret) token = credential.get_token('https://api.loganalytics.io/.default') headers = { 'Authorization': 'Bearer ' + token.token, 'Content-Type': 'application/json', 'Prefer': 'response-v1=true' } # Get the current time and format it as necessary for the API now = datetime.datetime.now().isoformat() timespan = f'PT24H/{now}' # Construct the API endpoint url = f'https://api.loganalytics.io/v1/workspaces/{workspace_id}/query' # Construct the API request body body = { 'query': query, 'timespan': timespan } # Send the API request response = requests.post(url, headers=headers, data=json.dumps(body)) # Print the response print(response.json()) |
import requests
import json
import datetime
from azure.identity import ClientSecretCredential
# Fill these in with the information from your Azure AD app
tenant_id = 'YOUR_TENANT_ID'
client_id = 'YOUR_CLIENT_ID'
client_secret = 'YOUR_CLIENT_SECRET'
workspace_id = 'YOUR_WORKSPACE_ID' # Log Analytics workspace ID
query = 'YOUR_LOG_ANALYTICS_QUERY' # Query to be run on Log Analytics
# Get a token for the Azure Monitor API
credential = ClientSecretCredential(tenant_id, client_id, client_secret)
token = credential.get_token('https://api.loganalytics.io/.default')
headers = {
'Authorization': 'Bearer ' + token.token,
'Content-Type': 'application/json',
'Prefer': 'response-v1=true'
}
# Get the current time and format it as necessary for the API
now = datetime.datetime.now().isoformat()
timespan = f'PT24H/{now}'
# Construct the API endpoint
url = f'https://api.loganalytics.io/v1/workspaces/{workspace_id}/query'
# Construct the API request body
body = {
'query': query,
'timespan': timespan
}
# Send the API request
response = requests.post(url, headers=headers, data=json.dumps(body))
# Print the response
print(response.json())We need to replace ‘YOUR_TENANT_ID’, ‘YOUR_CLIENT_ID’, ‘YOUR_CLIENT_SECRET’, ‘YOUR_WORKSPACE_ID’, and ‘YOUR_LOG_ANALYTICS_QUERY’ with our own data.
This script retrieves a token for the Azure Monitor API using the azure-identity library, then it uses the requests library to send a POST request to the API. The response from the API is printed to the console.
Please make sure to install necessary packages before running the script. If not installed, use the following commands to install:
1 | pip install requests azure-identity |
pip install requests azure-identity
Remember to follow security best practices when storing and using the Azure AD app credentials, as these can be used to authenticate as our app and perform actions in our Azure environment.
ModuleNotFoundError: No module named ‘azure.identity’
It is indicating that the Python module azure-identity is not installed or not available in our current Python environment.
To install the azure-identity package, we can use the Python package manager, pip. Run the following command in your terminal:
1 | pip install azure-identity |
pip install azure-identity
If we are using a specific Python environment or Jupyter notebook, make sure to activate that environment first before running the command.
If we are still facing issues after running the install command, it might be due to the following reasons:
- Python Environment: Make sure we are installing the package in the correct Python environment if you are using something like virtualenv or conda.
- Python and Pip version: Ensure we are using a compatible version of Python and pip. azure-identity requires Python 3.6 or later.
- Permission issues: If we are on a Unix-based system, we might need to use sudo to install the package to get around any permission issues. But, be cautious about using sudo as it might cause other problems.
- Internet Connection/Corporate Proxy: If we are behind a corporate proxy or your internet connection is not stable, pip installations can fail. We may need to provide proxy details to pip.
- Remember to replace pip with pip3 or the equivalent command on the system if we are using Python 3.
Query Azure Log Analytics Data using Azure CLI
We can definitely query Azure Log Analytics data using Azure CLI. Here is how we can do it:
First, we need to login to Azure. Open your terminal or command prompt, and then type:
1 | az login |
az login
This command will open a new window in the default web browser to login.
Once logged in, we can query your Log Analytics workspace. To do so, we need your subscription ID, resource group name, and the ID of your Log Analytics workspace. Use the following command to query:
1 | az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated" |
az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated"
Azure CLI queries are executed against the last 24 hours of data, and times are shown in UTC.
We can also specify the timespan for the query with the optional –timespan parameter, which accepts an ISO 8601 formatted string (like “PT1H” for the last one hour). Here is how:
1 | az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated" --timespan "PT1H" |
az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated" --timespan "PT1H"
To use a specific subscription, we can specify it using the –subscription argument:
1 | az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated" --subscription "SubscriptionId" |
az monitor log-analytics query --workspace "WorkspaceId" --analytics-query "AzureDiagnostics | top 10 by TimeGenerated" --subscription "SubscriptionId"
Azure CLI is a very handy tool for managing Azure resources. You can download it from the official Azure website.
PathNotFoundError: The requested path does not exist
The error PathNotFoundError: The requested path does not exist in this context means that the WorkSpace ID of Log Analytics does not exist – make sure you do not confuse it with the WorkSpace Name.
Also, make sure you have correct permissions to access the Log Analytics.
–EOF (The Ultimate Computing & Technology Blog) —
loading...
Last Post: Store and Backup Unlimited Photos using Amazon Photos (Prime)
Next Post: Optimizing Cryptocurrency Conversion: A Comparative Study of Wirex and Crypto Exchange Rates
