Azure Log Analytics

aid: azure-log-analytics
name: Azure Log Analytics
description: Azure Log Analytics is a service that helps you collect and analyze data generated by resources in your cloud
  and on-premises environments, providing query, management, and data collection APIs for monitoring and analytics.
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- Analytics
- Azure
- Cloud
- Logging
- Monitoring
url: https://raw.githubusercontent.com/api-evangelist/azure-log-analytics/refs/heads/main/apis.yml
created: '2024-01-01'
modified: '2026-05-19'
specificationVersion: '0.19'
apis:
- aid: azure-log-analytics:azure-log-analytics-query-api
  name: Azure Log Analytics Query API
  description: API for querying logs and data collected in Azure Log Analytics workspaces using Kusto Query Language (KQL),
    supporting both workspace-scoped and cross-workspace queries.
  humanURL: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/overview
  baseURL: https://api.loganalytics.azure.com/v1
  tags:
  - Analytics
  - Logs
  - Query
  properties:
  - type: Documentation
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/overview
  - type: OpenAPI
    url: openapi/azure-log-analytics-query-api.yaml
  - type: APIReference
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/request-format
  - type: Authentication
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api
  - type: Quickstart
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial
  - type: JSONSchema
    url: json-schema/query-api-query-body-schema.json
  - type: JSONSchema
    url: json-schema/query-api-query-results-schema.json
  - type: JSONLD
    url: json-ld/azure-log-analytics-query-api-context.jsonld
  - type: Example
    url: examples/query-api-query-body-example.json
  - type: Example
    url: examples/query-api-query-results-example.json
  - type: NaftikoCapability
    url: capabilities/query-query.yaml
- aid: azure-log-analytics:azure-log-analytics-management-api
  name: Azure Log Analytics Management API
  description: API for managing Log Analytics workspaces, data sources, saved searches, linked services, storage insights,
    clusters, and tables through Azure Resource Manager.
  humanURL: https://learn.microsoft.com/en-us/rest/api/loganalytics/
  baseURL: https://management.azure.com
  tags:
  - Configuration
  - Management
  - Workspaces
  properties:
  - type: Documentation
    url: https://learn.microsoft.com/en-us/rest/api/loganalytics/
  - type: OpenAPI
    url: openapi/azure-log-analytics-management-api.yaml
  - type: APIReference
    url: https://learn.microsoft.com/en-us/rest/api/loganalytics/workspaces
  - type: JSONSchema
    url: json-schema/management-api-workspace-schema.json
  - type: JSONSchema
    url: json-schema/management-api-saved-search-schema.json
  - type: JSONLD
    url: json-ld/azure-log-analytics-management-api-context.jsonld
  - type: Example
    url: examples/management-api-workspace-example.json
  - type: Example
    url: examples/management-api-saved-search-example.json
  - type: NaftikoCapability
    url: capabilities/management-saved-searches.yaml
  - type: NaftikoCapability
    url: capabilities/management-tables.yaml
  - type: NaftikoCapability
    url: capabilities/management-workspaces.yaml
- aid: azure-log-analytics:azure-log-analytics-ingestion-api
  name: Azure Log Analytics Ingestion API
  description: API for sending custom log data to Azure Log Analytics workspaces using data collection rules and endpoints,
    supporting both custom and Azure tables.
  humanURL: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview
  baseURL: https://monitor.azure.com
  tags:
  - Data Collection
  - Ingestion
  - Logs
  properties:
  - type: Documentation
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview
  - type: OpenAPI
    url: openapi/azure-log-analytics-ingestion-api.yaml
  - type: Quickstart
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-code
  - type: Authentication
    url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview#configuration
  - type: JSONSchema
    url: json-schema/ingestion-api-log-entry-schema.json
  - type: JSONLD
    url: json-ld/azure-log-analytics-ingestion-api-context.jsonld
  - type: Example
    url: examples/ingestion-api-log-entry-example.json
  - type: NaftikoCapability
    url: capabilities/ingestion-ingestion.yaml
common:
- type: Portal
  url: https://portal.azure.com/
- type: Documentation
  url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview
- type: GettingStarted
  url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial
- type: Pricing
  url: https://azure.microsoft.com/en-us/pricing/details/monitor/
- type: StatusPage
  url: https://status.azure.com/
- type: Support
  url: https://azure.microsoft.com/en-us/support/
- type: Blog
  url: https://azure.microsoft.com/en-us/blog/tag/azure-log-analytics/
- type: TermsOfService
  url: https://azure.microsoft.com/en-us/support/legal/
- type: PrivacyPolicy
  url: https://privacy.microsoft.com/en-us/privacystatement
- type: GitHubOrganization
  url: https://github.com/Azure
- type: GitHubRepository
  url: https://github.com/Azure/azure-rest-api-specs
- type: CLI
  url: https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics
- type: SDK
  url: https://pypi.org/project/azure-monitor-query/
  title: Python SDK
- type: SDK
  url: https://www.npmjs.com/package/@azure/monitor-query
  title: JavaScript SDK
- type: SDK
  url: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/monitor/query/azlogs
  title: Go SDK
- type: SDK
  url: https://learn.microsoft.com/en-us/dotnet/api/overview/azure/Monitor.Query-readme
  title: .NET SDK
- type: SDK
  url: https://learn.microsoft.com/en-us/java/api/overview/azure/monitor-query-readme
  title: Java SDK
- type: RateLimits
  url: https://learn.microsoft.com/en-us/azure/azure-monitor/service-limits#query-api
- type: SpectralRules
  url: rules/azure-log-analytics-spectral-rules.yml
- type: Vocabulary
  url: vocabulary/azure-log-analytics-vocabulary.yaml
- type: Features
  data:
  - name: Kusto Query Language
    description: Full KQL query language support for complex log analytics and data exploration across cloud and on-premises
      resources.
  - name: Custom Log Ingestion
    description: Send custom log data from any source using the Logs Ingestion API with data collection rules and transformations.
  - name: Workspace Management
    description: Create, configure, and manage Log Analytics workspaces including data sources, retention policies, and access
      control.
  - name: Saved Searches
    description: Save and reuse KQL queries across workspace sessions for consistent monitoring and reporting.
  - name: Data Collection Rules
    description: Define data collection pipelines with transformations that shape incoming data before it reaches the workspace.
  - name: Cross-Workspace Queries
    description: Query data across multiple Log Analytics workspaces in a single query for centralized analysis.
  - name: Simple Mode Queries
    description: Point-and-click spreadsheet-like query experience for users who do not need full KQL knowledge.
  - name: Alert Rule Integration
    description: Create alert rules directly from log queries to enable proactive monitoring and automated responses.
  - name: Workspace Failover
    description: Activate and deactivate failover for workspace disaster recovery and high availability.
  - name: Data Export
    description: Export query results to Excel, CSV, Power BI, and Grafana dashboards for external analysis.
- type: UseCases
  data:
  - name: Infrastructure Monitoring
    description: Collect and analyze logs from virtual machines, containers, and network resources to monitor infrastructure
      health.
  - name: Security Investigation
    description: Query security events and audit logs to investigate incidents and detect threats across Azure resources.
  - name: Application Performance Monitoring
    description: Analyze application logs and telemetry to identify performance bottlenecks and errors.
  - name: Compliance Auditing
    description: Collect and retain audit logs to meet regulatory compliance requirements and generate compliance reports.
  - name: Custom Data Integration
    description: Ingest custom log data from third-party systems and on-premises resources using the Logs Ingestion API.
  - name: Cost Optimization
    description: Analyze resource usage patterns and log data to identify cost-saving opportunities across Azure deployments.
- type: Integrations
  data:
  - name: Azure Monitor
    description: Core integration with Azure Monitor for unified observability across metrics, logs, and traces.
  - name: Microsoft Sentinel
    description: Feed log data into Microsoft Sentinel for SIEM and SOAR capabilities.
  - name: Azure Data Explorer
    description: Built on Azure Data Explorer engine, supports the same KQL query language for advanced analytics.
  - name: Power BI
    description: Export and visualize log query results in Power BI dashboards for business intelligence reporting.
  - name: Grafana
    description: Connect Azure Monitor Logs as a data source in managed Grafana dashboards for visualization.
  - name: Azure Workbooks
    description: Create interactive visual reports using log query results within Azure Workbooks.
  - name: Azure Automation
    description: Trigger automation runbooks based on log query results and alert rules.
  - name: Azure Logic Apps
    description: Integrate log analytics alerts with Logic Apps workflows for automated incident response.
  - name: Application Insights
    description: Combine application telemetry from Application Insights with infrastructure logs for full-stack observability.
  - name: Azure Resource Manager
    description: Manage Log Analytics resources programmatically through Azure Resource Manager REST APIs.
maintainers:
- FN: Kin Lane
  email: [email protected]