Skip to main content
Version: Next

to_azure_log_analytics

Sends events via the Microsoft Azure Logs Ingestion API.

to_azure_log_analytics tenant_id=string, client_id=string, client_secret=string,
      dce=string, dcr=string, stream=string, [batch_timeout=duration]

Description

The to_azure_log_analytics operator makes it possible to upload events to supported tables or to custom tables in Microsoft Azure.

The operator handles access token retrievals by itself and updates that token automatically, if needed.

tenant_id = string

The Microsoft Directory (tenant) ID, written as xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

client_id = string

The Microsoft Application (client) ID, written as xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

client_secret = string

The client secret.

dce = string

The data collection endpoint URL.

dcr = string

The data collection rule ID, written as dcr-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.

stream = string

The stream to upload events to.

batch_timeout = duration

Maximum duration to wait for new events before sending a batch.

Defaults to 5s.

Examples

Upload custom.mydata events to a table Custom-MyData

export
where @name == "custom.mydata"
to_azure_log_analytics tenant_id="00a00a00-0a00-0a00-00aa-000aa0a0a000",
  client_id="000a00a0-0aa0-00a0-0000-00a000a000a0",
  client_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  dce="https://my-stuff-a0a0.westeurope-1.ingest.monitor.azure.com",
  dcr="dcr-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  stream="Custom-MyData"