Join Log in
Score:0
Volodymyr Litovka avatar Server

Azure log analytics API read

cn flag
Volodymyr Litovka

I'm trying to get read access to Azure Log Analytics from my app and did the following steps:

  1. Registered App under the “App registrations” in AD portal
  2. Added platform: Web; redirect URI: http://localhost/auth under the Authentication tab
  3. Requested and granted to this App API permissions to read Log Analytics Data: Log Analytics API : Data read : Type Application : Status Granted

and then, using this code, trying to read:

SECRET="XXXXXXXXXXX"
CLIENT="e7207353-ee8d-4bcc-9580-bfaaf2c0da7e"
URI="http://localhost/auth"
RESOURCE="management.azure.com"
TARGET="https://$RESOURCE/subscriptions/XXXXXXX/resourceGroups/myRG01/providers/Microsoft.OperationalInsights/workspaces/law-01/api/query?api-version=1"

# (1) Obtain token
RESP=$(curl --silent -H "Content-Type: application/x-www-form-urlencoded" -X POST \
            -d "grant_type=client_credentials&client_id=${CLIENT}&resource=https://${RESOURCE}&client_secret=${SECRET}&redirect_uri=${URI}" \
         https://login.microsoftonline.com/...orgTenantID.../oauth2/token )

TOKEN=$(echo "$RESP" | jq -r .access_token)

# (2) Call Log Analytics API
curl --silent -X POST \
   -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
   -d '{"query": "AzureActivity | limit 10"}' $TARGET | jq

but while successfully obtaining token, getting ‘AuthorizationFailed’ when calling Log Analytics:

{
  "error": {
    "code": "AuthorizationFailed",
    "message": "The client '02531282-409c-4752-8b10-4f995ceaac5d' with object id '02531282-409c-4752-8b10-4f995ceaac5d' does not have authorization to perform action 'microsoft.operationalinsights/workspaces/query/read' over scope '/subscriptions/XXXXXXX/resourceGroups/myRG01/providers/Microsoft.OperationalInsights/workspaces/law-01/api/query' or the scope is invalid. If access was recently granted, please refresh your credentials."
  }
}

Where I can be wrong? Access was granted few days ago, so any delays in propagation, hopefully, passed. Anyway, what 'refresh your credentials' can mean for this case? Anything else?

Appreciate your help. Thank you.

=== Post answer update === Use the API to access loganalytics data as described here - https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/request-format so vars for the code above should be:

RESOURCE="api.loganalytics.io"
TARGET="https://$RESOURCE/v1/workspaces/...LAW_ID.../query"
476
1 + 0
Score:1
avatar Server
ng flag
Sam Cogan

You will need to grant your Service Principal (app registration) Azure RBAC rights on the log analytics workspace for it to be able to read the data, this is separate to any rights you may have granted through Azure AD.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.