Microsoft Azure

Microsoft Azure Log Analytics

Microsoft Azure Log Analytics is a tool that allows users to collect, analyze, and monitor log and performance data from various sources. This service helps organizations gain valuable insights into their systems, applications, and services by providing a centralized platform for storing and querying log data. With Azure Log Analytics, users can easily create custom dashboards, alerts, and reports to track performance metrics, troubleshoot issues, and improve overall system efficiency.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/azure-log-analytics-openapi-original.yml

OpenAPI Specification

azure-log-analytics-openapi-original.yml Raw ↑ 
swagger: '2.0'
info:
  version: 2021-05-19_Preview
  title: Microsoft Azure Azure Log Analytics
  description: This API exposes Azure Log Analytics query capabilities
  termsOfService: https://dev.loganalytics.io/tos
  contact:
    name: AIAPI Team
    url: https://dev.loganalytics.io/support
    email: [email protected]
  license:
    name: Microsoft
    url: https://dev.loganalytics.io/license
host: api.loganalytics.io
basePath: /v1
schemes:
  - https
consumes:
  - application/json
produces:
  - application/json
securityDefinitions:
  oauth2:
    type: oauth2
    authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
    flow: implicit
    description: Azure Active Directory OAuth2 Flow
    scopes:
      user_impersonation: impersonate your user account
security:
  - oauth2:
      - user_impersonation
paths:
  /workspaces/{workspaceId}/query:
    get:
      operationId: microsoftAzureQueryGet
      summary: Microsoft Azure Execute An Analytics Query
      description: Executes an Analytics query for data
      x-ms-examples:
        simple-query:
          $ref: examples/oms-get-example.json
        cross-workspace:
          $ref: examples/oms-get-cross-workspace-example.json
      parameters:
        - $ref: '#/parameters/workspaceId'
        - $ref: '#/parameters/queryParam'
        - $ref: '#/parameters/timespanParam'
      responses:
        '200':
          description: >-
            OK. The API call succeeded and the Analytics query result is in the
            response payload
          schema:
            $ref: '#/definitions/queryResults'
        default:
          description: An error response object.
          schema:
            $ref: '#/definitions/errorResponse'
      tags:
        - Workspaces
    post:
      operationId: microsoftAzureQueryExecute
      summary: Microsoft Azure Execute An Analytics Query
      description: >-
        Executes an Analytics query for data.
        [Here](https://dev.loganalytics.io/documentation/Using-the-API) is an
        example for using POST with an Analytics query.
      x-ms-examples:
        simple-query:
          $ref: examples/oms-post-example.json
        cross-workspace:
          $ref: examples/oms-post-cross-workspace-example.json
      parameters:
        - $ref: '#/parameters/workspaceId'
        - $ref: '#/parameters/queryBody'
        - $ref: '#/parameters/PreferHeaderParameter'
      responses:
        '200':
          description: >-
            OK. The API call succeeded and the Analytics query result is in the
            response payload
          schema:
            $ref: '#/definitions/queryResults'
        default:
          description: An error response object.
          schema:
            $ref: '#/definitions/errorResponse'
      tags:
        - Workspaces
  /workspaces/{workspaceId}/metadata:
    get:
      operationId: microsoftAzureMetadataGet
      summary: Microsoft Azure Gets Metadata Information
      description: >-
        Retrieve the metadata information for the workspace, including its
        schema, functions, workspace info, categories etc.
      x-ms-examples:
        metadataGet:
          $ref: examples/metadata-get.json
      parameters:
        - $ref: '#/parameters/workspaceId'
      responses:
        '200':
          description: >-
            OK. The API call succeeded and the metadata result is in the
            response payload
          schema:
            $ref: '#/definitions/metadataResults'
        default:
          description: An error response object.
          schema:
            $ref: '#/definitions/errorResponse'
      tags:
        - Workspaces
    post:
      operationId: microsoftAzureMetadataPost
      summary: Microsoft Azure Gets Metadata Information
      description: >-
        Retrieve the metadata information for the workspace, including its
        schema, functions, workspace info, categories etc.
      x-ms-examples:
        metadataPost:
          $ref: examples/metadata-post.json
      parameters:
        - $ref: '#/parameters/workspaceId'
      responses:
        '200':
          description: >-
            OK. The API call succeeded and the metadata result is in the
            response payload
          schema:
            $ref: '#/definitions/metadataResults'
        default:
          description: An error response object.
          schema:
            $ref: '#/definitions/errorResponse'
      tags:
        - Workspaces
  /$batch:
    post:
      operationId: microsoftAzureQueryBatch
      summary: Microsoft Azure Execute A Batch Of Analytics Queries
      description: >-
        Executes a batch of Analytics queries for data.
        [Here](https://dev.loganalytics.io/documentation/Using-the-API) is an
        example for using POST with an Analytics query.
      x-ms-examples:
        metadataPost:
          $ref: examples/batch-query-example.json
      parameters:
        - name: body
          in: body
          description: The batch request body
          required: true
          schema:
            type: object
            $ref: '#/definitions/batchRequest'
      responses:
        '200':
          description: >-
            OK. The API call succeeded and the Analytics query result is in the
            response payload
          schema:
            $ref: '#/definitions/batchResponse'
        default:
          description: An error response object.
          schema:
            $ref: '#/definitions/errorResponse'
      tags:
        - $Batch
parameters:
  workspaceId:
    name: workspaceId
    description: >-
      ID of the workspace. This is Workspace ID from the Properties blade in the
      Azure portal.
    in: path
    required: true
    type: string
    x-ms-parameter-location: method
  workspacesParam:
    name: workspaces
    description: Comma separated workspace IDs to include in cross-workspace queries.
    in: query
    collectionFormat: csv
    required: false
    default: ''
    type: string
    x-ms-parameter-location: method
  queryParam:
    name: query
    in: query
    required: true
    x-ms-parameter-location: method
    description: >-
      The Analytics query. Learn more about the [Analytics query
      syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)
    type: string
  queryBody:
    name: body
    in: body
    description: >-
      The Analytics query. Learn more about the [Analytics query
      syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)
    required: true
    schema:
      $ref: '#/definitions/queryBody'
    x-ms-parameter-location: method
  timespanParam:
    name: timespan
    in: query
    required: false
    format: duration
    x-ms-parameter-location: method
    description: >-
      Optional. The timespan over which to query data. This is an ISO8601 time
      period value.  This timespan is applied in addition to any that are
      specified in the query expression.
    type: string
  PreferHeaderParameter:
    name: Prefer
    in: header
    required: false
    type: string
    description: >-
      Optional. The prefer header to set server timeout, query statistics and
      visualization information.
    x-ms-parameter-location: method
definitions:
  queryParam:
    description: >-
      The Analytics query. Learn more about the [Analytics query
      syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)
    type: string
  timespanParam:
    description: >-
      Optional. The timespan over which to query data. This is an ISO8601 time
      period value.  This timespan is applied in addition to any that are
      specified in the query expression.
    type: string
  workspacesParam:
    description: Workspace names to include in cross-workspace queries.
    type: array
    items:
      type: string
  queryBody:
    description: >-
      The Analytics query. Learn more about the [Analytics query
      syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)
    type: object
    properties:
      query:
        description: The query to execute.
        $ref: '#/definitions/queryParam'
      timespan:
        description: >-
          Optional. The timespan over which to query data. This is an ISO8601
          time period value.  This timespan is applied in addition to any that
          are specified in the query expression.
        $ref: '#/definitions/timespanParam'
      workspaces:
        description: A list of workspaces that are included in the query.
        $ref: '#/definitions/workspacesParam'
    required:
      - query
  queryResults:
    title: A query response.
    description: Contains the tables, columns & rows resulting from a query.
    type: object
    properties:
      tables:
        description: The list of tables, columns and rows.
        type: array
        items:
          $ref: '#/definitions/table'
      statistics:
        type: object
        description: Statistics represented in JSON format.
        properties: {}
      render:
        type: object
        description: Visualization data in JSON format.
        properties: {}
      error:
        $ref: '#/definitions/errorInfo'
    required:
      - tables
  table:
    title: A query response table.
    description: Contains the columns and rows for one table in a query response.
    type: object
    properties:
      name:
        description: The name of the table.
        type: string
      columns:
        description: The list of columns in this table.
        type: array
        items:
          $ref: '#/definitions/column'
      rows:
        description: The resulting rows from this query.
        type: array
        items:
          type: array
          items:
            type: object
    required:
      - name
      - columns
      - rows
  column:
    title: A table column.
    description: A column in a table.
    type: object
    properties:
      name:
        description: The name of this column.
        type: string
      type:
        description: The data type of this column.
        $ref: '#/definitions/logsColumnType'
  logsColumnType:
    type: string
    description: The data type of this column.
    enum:
      - bool
      - datetime
      - dynamic
      - int
      - long
      - real
      - string
      - guid
      - decimal
      - timespan
    x-ms-enum:
      name: logsColumnType
      modelAsString: true
  metadataResults:
    title: A metadata response.
    description: The metadata response for the app, including available tables, etc.
    type: object
    properties:
      categories:
        description: The list of categories that are referenced in this metadata response.
        type: array
        items:
          $ref: '#/definitions/metadataCategory'
        uniqueItems: true
      resourceTypes:
        description: >-
          The list of resource types that are referenced in this metadata
          response.
        type: array
        items:
          $ref: '#/definitions/metadataResourceType'
        uniqueItems: true
      solutions:
        description: The list of Log Analytics solutions installed on the workspace.
        type: array
        items:
          $ref: '#/definitions/metadataSolution'
        uniqueItems: true
      tables:
        description: >-
          The list of tables and columns that comprise the schema of the
          workspace.
        type: array
        items:
          $ref: '#/definitions/metadataTable'
        uniqueItems: true
      functions:
        description: >-
          The list of functions stored on the workspace, or introduced by
          solutions etc.
        type: array
        items:
          $ref: '#/definitions/metadataFunction'
        uniqueItems: true
      queries:
        description: >-
          The list of saved queries stored on the workspace, or introduced by
          solutions, resource types, etc.
        type: array
        items:
          $ref: '#/definitions/metadataQuery'
        uniqueItems: true
      applications:
        description: >-
          The list of Application Insights apps that were referenced in the
          metadata request.
        type: array
        items:
          $ref: '#/definitions/metadataApplication'
        uniqueItems: true
      workspaces:
        description: >-
          The list of Log Analytics workspaces that were referenced in the
          metadata request.
        type: array
        items:
          $ref: '#/definitions/metadataWorkspace'
        uniqueItems: true
      resources:
        description: >-
          The list of Azure resources that were referenced in the metadata
          request.
        type: array
        items:
          $ref: '#/definitions/metadataResource'
        uniqueItems: true
      permissions:
        description: The list of permission rules that affected the metadata request.
        type: array
        items:
          $ref: '#/definitions/metadataPermissions'
        uniqueItems: true
  metadataCategory:
    title: A metadata category.
    description: Categories are used to group other metadata entities.
    type: object
    properties:
      id:
        description: The ID of the category
        type: string
      displayName:
        description: The display name of the category
        type: string
      description:
        description: The description of the category
        type: string
      related:
        description: The related metadata items for the category
        type: object
        properties:
          tables:
            description: The tables related to the category
            type: array
            items:
              type: string
          functions:
            description: The functions related to the category
            type: array
            items:
              type: string
          resourceTypes:
            description: The resource types related to the category
            type: array
            items:
              type: string
          queries:
            description: The saved queries related to the category
            type: array
            items:
              type: string
          solutions:
            description: The Log Analytics solutions related to the category
            type: array
            items:
              type: string
    required:
      - id
      - displayName
  metadataSolution:
    title: A Log Analytics solution.
    description: >-
      Solutions can group tables and functions that are associated with a
      certain Azure Log Analytics offering.
    type: object
    properties:
      id:
        description: The ID of the Log Analytics solution
        type: string
      name:
        description: The name of the Log Analytics solution
        type: string
      displayName:
        description: The display name of the Log Analytics solution
        type: string
      description:
        description: The description of the Log Analytics solution
        type: string
      tags:
        description: The tags that are associated with the Log Analytics solution
        $ref: '#/definitions/tags'
      properties:
        description: The properties of the Log Analytics solution
        type: object
      related:
        description: The related metadata items for the Log Analytics solution
        type: object
        properties:
          tables:
            description: The tables related to the Log Analytics solution
            type: array
            items:
              type: string
          functions:
            description: The functions related to the Log Analytics solution
            type: array
            items:
              type: string
          categories:
            description: The categories related to the Log Analytics solution
            type: array
            items:
              type: string
          queries:
            description: The saved queries related to the Log Analytics solution
            type: array
            items:
              type: string
          workspaces:
            description: >-
              The Workspaces referenced in the metadata request that are related
              to the Log Analytics solution
            type: array
            items:
              type: string
        required:
          - tables
    required:
      - id
      - name
      - related
  metadataResourceType:
    title: A type of resource in Azure.
    description: >-
      Metadata about types of Azure resources, containing relevant tables,
      functions, etc.
    type: object
    properties:
      id:
        description: The ID of the resource-type
        type: string
      type:
        description: The type of the resource-type
        type: string
      displayName:
        description: The display name of the resource-type
        type: string
      description:
        description: The description of the resource-type
        type: string
      labels:
        description: The user-defined labels of the resource-type
        type: array
        items:
          type: string
      tags:
        description: The tags associated with the resource-type
        $ref: '#/definitions/tags'
      properties:
        description: The properties of the resource-type
        type: object
      related:
        description: The related metadata items for the resource-type
        type: object
        properties:
          tables:
            description: The tables related to the resource-type
            type: array
            items:
              type: string
          functions:
            description: The functions related to the resource-type
            type: array
            items:
              type: string
          categories:
            description: The categories related to the resource-type
            type: array
            items:
              type: string
          queries:
            description: The queries related to the resource-type
            type: array
            items:
              type: string
          workspaces:
            description: The Log Analytics workspaces related to the resource-type
            type: array
            items:
              type: string
          resources:
            description: The Azure resources related to the resource-type
            type: array
            items:
              type: string
    required:
      - id
      - type
  metadataTable:
    title: A data table that takes part in a workspace schema.
    description: >-
      Tables are part of the workspace schema, and contain a list of columns and
      a reference to other relevant metadata items.
    type: object
    properties:
      id:
        description: The ID of the table
        type: string
      name:
        description: The name of the table
        type: string
      description:
        description: The description of the table
        type: string
      timespanColumn:
        description: The column associated with the timespan query parameter for the table
        type: string
      labels:
        description: The user defined labels of the table
        type: array
        items:
          type: string
      tags:
        description: The tags associated with the table
        $ref: '#/definitions/tags'
      properties:
        description: The properties of the table
        type: object
      columns:
        description: The list of columns defined on the table
        type: array
        items:
          properties:
            name:
              description: The name of the column
              type: string
            description:
              description: The description of the column
              type: string
            type:
              description: The data type of the column
              type: string
              enum:
                - bool
                - datetime
                - dynamic
                - int
                - long
                - real
                - string
                - guid
                - decimal
                - timespan
              x-ms-enum:
                name: MetadataColumnDataType
                modelAsString: true
            isPreferredFacet:
              description: A flag indicating this column is a preferred facet
              type: boolean
            source:
              description: >-
                an indication of the source of the column, used only when
                multiple workspaces have conflicting definition for the column
              type: object
          required:
            - name
            - type
      related:
        description: The related metadata items for the table
        type: object
        properties:
          categories:
            description: The related categories for the table
            type: array
            items:
              type: string
          solutions:
            description: The related Log Analytics solutions for the table
            type: array
            items:
              type: string
          resourceTypes:
            description: The related resource types for the table
            type: array
            items:
              type: string
          workspaces:
            description: The related Log Analytics workspaces for the table
            type: array
            items:
              type: string
          functions:
            description: The related functions for the table
            type: array
            items:
              type: string
          queries:
            description: The related saved queries for the table
            type: array
            items:
              type: string
    required:
      - id
      - name
  metadataFunction:
    title: A stored function.
    description: >-
      Functions are stored Kusto queries that can be specified as part of
      queries by using their name.
    type: object
    properties:
      id:
        description: The ID of the function.
        type: string
      name:
        description: The name of the function, to be used in queries.
        type: string
      parameters:
        description: The parameters/arguments of the function, if any.
        type: string
      displayName:
        description: The display name of the function.
        type: string
      description:
        description: The description of the function.
        type: string
      body:
        description: The KQL body of the function.
        type: string
      tags:
        description: The tags associated with the function.
        $ref: '#/definitions/tags'
      properties:
        description: The properties of the function.
        type: object
      related:
        description: The related metadata items for the function.
        type: object
        properties:
          tables:
            description: The related tables for the function.
            type: array
            items:
              type: string
          solutions:
            description: The related Log Analytics solutions for the function.
            type: array
            items:
              type: string
          resourceTypes:
            description: The related resource types for the function.
            type: array
            items:
              type: string
          categories:
            description: The related categories for the function.
            type: array
            items:
              type: string
          workspaces:
            description: The related workspaces for the function.
            type: array
            items:
              type: string
    required:
      - id
      - name
      - body
  metadataQuery:
    title: A stored query.
    description: >-
      Queries are stored pieces of KQL, along with a list of relevant metadata
      items.
    type: object
    properties:
      id:
        description: The ID of the query.
        type: string
      displayName:
        description: The display name of the query.
        type: string
      description:
        description: The description of the query.
        type: string
      body:
        description: The KQL body of the query.
        type: string
      labels:
        description: The user defined labels associated with the query.
        type: array
        items:
          type: string
      tags:
        description: The tags associated with the query.
        $ref: '#/definitions/tags'
      properties:
        description: The properties of the query.
        type: object
      related:
        description: The related metadata items for the query.
        type: object
        properties:
          categories:
            description: The related categories for the query.
            type: array
            items:
              type: string
          solutions:
            description: The related Log Analytics solutions for the query.
            type: array
            items:
              type: string
          resourceTypes:
            description: The related resource types for the query.
            type: array
            items:
              type: string
          tables:
            description: The related tables for the query.
            type: array
            items:
              type: string
    required:
      - id
      - body
  metadataApplication:
    title: An Application Insights application.
    description: >-
      Application Insights apps that were part of the metadata request and that
      the user has access to.
    type: object
    properties:
      id:
        description: The ID of the Application Insights app.
        type: string
      resourceId:
        description: The ARM resource ID of the Application Insights app.
        type: string
      name:
        description: The name of the Application Insights app.
        type: string
      region:
        description: The Azure region of the Application Insights app.
        type: string
      related:
        description: The related metadata items for the Application Insights app.
        type: object
        properties:
          tables:
            description: The related tables for the Application Insights app.
            type: array
            items:
              type: string
          functions:
            description: The related functions for the Application Insights app.
            type: array
            items:
              type: string
    required:
      - id
      - resourceId
      - name
      - region
  metadataWorkspace:
    title: A Log Analytics workspace.
    description: >-
      Log Analytics workspaces that were part of the metadata request and that
      the user has access to.
    type: object
    properties:
      id:
        description: The ID of the Log Analytics workspace.
        type: string
      resourceId:
        description: The ARM resource ID of the Log Analytics workspace.
        type: string
      name:
        description: The name of the Log Analytics workspace.
        type: string
      region:
        description: The Azure region of the Log Analytics workspace.
        type: string
      related:
        description: The related metadata items for the Log Analytics workspace.
        type: object
        properties:
          tables:
            description: The related tables for the Log Analytics workspace.
            type: array
            items:
              type: string
          solutions:
            description: >-
              The related Log Analytics solutions for the Log Analytics
              workspace.
            type: array
            items:
              type: string
          resourceTypes:
            description: The related resource types for the Log Analytics workspace.
            type: array
            items:
              type: string
          functions:
            description: The related functions for the Log Analytics workspace.
            type: array
            items:
              type: string
          resources:
            description: The related Azure resources for the Log Analytics workspace.
            type: array
            items:
              type: string
    required:
      - id
      - resourceId
      - name
      - region
  metadataResource:
    title: An Azure resource.
    description: >-
      Azure resources that were part of the metadata request and that the user
      has access to.
  metadataPermissions:
    title: Permission information.
    description: >-
      Permission information for the metadata call, includes
      apps/workspaces/resource the user didn't have access to.
    type: object
    properties:
      workspaces:
        description: The permission indication for the workspaces on the metadata request.
        type: array
        items:
          type: object
          properties:
            resourceId:
              description: The resource ID on the permission indication.
              type: string
            denyTables:
              description: The list of tables that were denied access for the resource ID.
              type: array
              items:
                type: string
          required:
            - resourceId
      resources:
        description: >-
          The permission indication for the Azure resources on the metadata
          request.
        type: array
        items:
          type: object
          properties:
            resourceId:
              description: The resource ID on the permission indication.
              type: string
            denyTables:
              description: The list of tables that were denied access for the resource ID.
              type: array
              items:
                type: string
          required:
            - resourceId
      applications:
        description: >-
          The permission indication for the Application Insights apps on the
          metadata request.
        type: array
        items:
          type: object
          properties:
            resourceId:
              description: The resource ID on the permission indication.
              type: string
          required:
            - resourceId
    required:
      - workspaces
  tags:
    description: String-based key-value tags
    type: object
  errorDetail:
    title: Error details.
    type: object
    properties:
      code:
        description: The error's code.
        type: string
      message:
        description: A human readable error message.
        type: string
      target:
        description: Indicates which property in the request is responsible for the error.
        type: string
      value:
        description: Indicates which value in 'target' is responsible for the error.
        type: string
      resources:
        description: Indicates resources which were responsible for the error.
        type: array
        items:
          type: string
      additionalProperties:
        description: Additional properties that can be provided on the error details object
        type: object
    required:
      - code
      - message
  errorInfo:
    title: The code and message for an error.
    type: object
    properties:
      code:
        description: A machine readable error code.
        type: string
      message:
        description: A human readable error message.
        type: string
      details:
        description: error details.
        type: array
        items:
          $ref: '#/definitions/errorDetail'
      innererror:
        description: Inner error details if they exist.
        $ref: '#/definitions/errorInfo'
      additionalProperties:
        description: Additional properties that can be provided on the error info object
        type: object
    required:
      - code
      - message
  errorResponse:
    title: Error details.
    description: Contains details when the response code indicates an error.
    type: object
    properties:
      error:
        description: The error details.
        $ref: '#/definitions/errorInfo'
    required:
      - error
  batchRequest:
    type: object
    description: An array of requests.
    properties:
      requests:
        type: array
        description: An single request in a batch.
        items:
          $ref: '#/definitions/batchQueryRequest'
    required:
      - requests
  batchQueryRequest:
    type: object
    description: An single request in a batch.
    properties:
      id:
        description: The error details.
        type: string
      headers:
        type: object
        additionalProperties:
          type: string
      body:
        $ref: '#/definitions/queryBody'
      path:
        type:

# --- truncated at 32 KB (33 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/azure-log-analytics-openapi-original.yml