I am currently streaming my Azure AD sign-in logs to Log Analytics (as described in this MS Doc). I also have a separate Azure Function that retrieves all Users from Graph API, performs some lookup operations, and creates a "CompanyTeam" value for each user. The Function runs once per day.
My goal is to combine the AAD sign-in Logs Analytics with the "CompanyTeam" data, so that I can perform queries like SigninLogs | join kind=inner CompanyTeam on UserPrincipalName
What is the best storage option for Azure Function outputting User+CompanyTeam data? It is a daily refresh that overwrites previous values.
How do I connect that storage option to the existing AAD Sign-in Log Analytics workspace?
Thanks for any guidance.
For azure function, you should enable application insights as per this doc. Then in azure log analytics or application insights, you can use the cross query to join the related application insights or azure log analytics.
Another solution is that, you can create a new application insights with azure log analytics enabled(here, the azure log analytics is the existing AAD Sign-in Log Analytics workspace), then all the data from azure functions will flow into that azure log analytics. Next, you can write a proper query to fetch the data.
Please let me know if you have any questions.
Related
Can anyone share a Kusto query (KQL) that I can use in log analytics that would return some usage tracking stats?
I am trying to identify which "Views" and "Tables" are used the most. Also trying to find out who the power users are and commands/query that is run against the "Tables".
Any insights would be appreciated.
You can use below functions to gather the useage statics
DiagnosticMetricsExpand()
DiagnosticLogsExpand()
ActivityLogRecordsExpand()
And create target tables to store the function data to analyse the useage information.
Refer the Azure documentation for complete details https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-no-code?tabs=activity-logs
Tutorial: Ingest monitoring data in Azure Data Explorer without code
In this tutorial, you learn how to ingest monitoring data to Azure Data Explorer without one line of code and query that data.
Has anyone found a solution to adding source control to Azure Log Analytics Workspace Functions? (KQL queries saved on the Azure GUI)
I have a number complex queries and I would like to track changes over time. So far my searches have not come up with anything.
Azure has a vast support in REST API
Docs / Log Analytics / Saved Searches / Saved Searches - Create Or Update
In azure API Documentation, AZURE - VM API's not providing an API to retrieve update management related information for the VM
Is there a possible way of retrieving Update Management related details from azure VM or from Automation account(as a summary for all VMs).
#Thanuja as you mentioned in the comment section, we don’t have api available to get the results.
You can view the results from log analytics data(work space), or else you can retrieve the information using power shell script as discussed in this
Thread
I have a Stream Analytics Job with Use System-assigned Managed Identity enabled and which I would like to output its results to a Data Lake Storage Gen2.
As far as I understand I should only need to go into the Storage Account's IAM settings and add the Stream Analytics Identity as a Stroage Blob Data Owner. However, I don't see the Category of Stream Ananlytics Jobs in the dropdown and I can't seem to find the service principal in any of the other ones.
Am I missing something here or is this scenario just not supported yet?
Just choose the options like below, in the Select option, search for the name of your Stream Analytics Job, then you can find it and add it.
I need to query my Log Analytics workspace into Azure Data Explorer but i didn't fined any idea about it.
Below are my doubts?
1. Do i need to ingest data from Log Analytics to Azure Data Explorer before utilizing it?
2. I didn't find any way to make a connection to Log Analytics into Azure Data Explorer?
3. The only option i saw to ingest data in Azure Data Explorer is through Event Hub. But now my issue is how can i ingest my log analytics data into Azure Data Explorer using event hub? Do i need to write any process to ingest?
If anyone have then please share so that I can explore about it.
Thanks,
Log Analytics team is working on a direct solution to ingest data to Azure Data
Explorer, meanwhile please export Log Analytics data and ingest data into ADX using the ingest API's or Logic Apps (Event Hub) to setup the export of Log Analytics data to Event Hub.