In Azure AAD – App Registrations - Add a new Registration:
Give a name for your App:
Register, After that the App will be created:
Take note of the Application ID.
Go to API Permissions – Add a Permission - APIs my organization use look for “Log Analytics API” and select:
Select Application Permissions, Select Data.Read and Add Permissions
Grant admin consent for directory:
Create a secret and copy the value
Access Control:
Go to your Log Analytics workspace and add a Role assignment (Log Analytics Reader – and look for the Application name ):
Postman:
To access the Log Analytics API I use PostMan but you can use other tools, like PowerShell, Curl etc.
Download the Post Man:
https://www.postman.com/downloads/
In the PostMan create a Collection, in my example the name of colletion is “Noob”
The HTTP Method is POST:
The address is:
https://login.microsoftonline.com/XXXXXXXXXXXX/oauth2/token
Where XXXXXXXXXXXX is my Azure Active Directory ID
You can check your Azure Id in the App Registration ( Directory Tenant ID ):
grant_type=client_credentials
client_id=YOUR_CLIENT_ID
resource=https://api.loganalytics.io
client_secret=YOUR_CLIENT_SECRET
Body:
Send and copy the access token :
You need to copy the value of the access token.
Create a new query in PostMan. The HTTP method is POST, where:
https://api.loganalytics.io/v1/workspaces/AAAAAAAA/query
Where AAAAAAA is my Log Analytics ID.
For check the ID go to Log Analytics and check the ID:
In the Authorization select “Bearer Token” and paste token that you got when you connect to API using Postman.
Go to the Body:
And type this query (It is an example):
{
"query": "Perf | where CounterName == 'Available MBytes' | summarize avg(CounterValue) by bin(TimeGenerated, 1h)",
"timespan": "PT12H"
}
Select raw and JSON:
Send, then you will get the results:
