Share via

connect VS code with sentinal logs

Biplab Roy 0 Reputation points
2026-02-03T15:46:19.3066667+00:00

I am attempting to use Visual Studio Code to connect to a Microsoft Sentinel Log Analytics workspace to run KQL queries. However, Visual Studio Code appears to have no supported extension or supported method for connecting to Azure Monitor / Log Analytics workspaces.

Microsoft Security | Microsoft Sentinel

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bharath Y P 9,720 Reputation points Microsoft External Staff Moderator
    2026-02-03T17:58:25.1566667+00:00

    Hello Biplab Roy, you’re trying to use Visual Studio Code to connect directly to a Microsoft Sentinel Log Analytics workspace and run KQL queries. The issue is that VS Code does not have a supported extension or method for authenticating and executing queries against Azure Monitor / Log Analytics.

    The main issue is that VS Code does not offer a native extension or built-in support for querying Azure Log Analytics or Sentinel workspaces using KQL. To resolve this, you need to explore third-party extensions, APIs, or use external tools like Azure CLI and PowerShell to interact with the Log Analytics workspace.

    Supported tools for KQL are CLI/PowerShell, and SDKs. Workarounds exist using REST APIs or SDKs inside VS Code. https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/overview

    Hope this helps, If you have any more questions or need further assistance, let me know. Thanks

    Was this answer helpful?

    0 comments
  2. Marcin Policht 92,125 Reputation points MVP Volunteer Moderator
    2026-02-03T16:01:15.5633333+00:00

    Follow https://stackoverflow.com/questions/79872470/how-to-connect-to-azure-monitor-log-analytics-from-vs-code

    1. Install Azure CLI (optional but recommended).
    2. Open VS Code → go to Extensions (Ctrl+Shift+X).
    3. Install Azure Account and Azure Monitor Logs extensions.
    4. Press F1 → type Azure: Sign In → log in to your Azure account.
    5. Open the Azure sidebar → find Azure Monitor Logs.
    6. Click Add Workspace → enter the workspace name or ID.
    7. Enter the workspace key if prompted (from Azure portal → Properties).
    8. Open a new file → set language to Kusto Query Language (KQL).
    9. Write your query → press F1 → select Run Query → choose workspace.
    10. View results in the VS Code results panel.
    11. (Optional) Install Kusto extension for IntelliSense and better query editing.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.