![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 44%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,639 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Azure Log Analytics does not support capturing metadata from Blob Storage directly. You can achieve this by using an Azure Function to process the Blob Storage logs and add the metadata to Log Analytics Workspace.
Create an Azure Function with a Blob Storage trigger. In the Azure Function, read the blob logs generated by the Blob Storage actions (PutBlob, GetBlob, or DeleteBlob). You can parse the logs to extract the necessary information, such as OperationName, TimeGenerated, RequesterUpn, Uri, ObjectKey, and AuthenticationType. Use the Azure Storage SDK to read the metadata for the blobs in question. You can then include the metadata in your log entry. Use the Azure Monitor SDK to send the log entry, including the metadata, to your Log Analytics Workspace.
after all you can write a kusto query like this
customLogs_CL |
where OperationName_s has "PutBlob" or OperationName_s has "GetBlob" or OperationName_s has "DeleteBlob"
and TimeGenerated > ago(7d)
| project OperationName_s, TimeGenerated, RequesterUpn_s, Uri_s, ObjectKey_s, AuthenticationType_s, MetaData_s