Cannot Access the Azure Monitor Log Analytics API

Tarkowski, Michael (M.) 156 Reputation points
2023-07-13T11:49:23.3066667+00:00

I'm using the information posted https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api but it does not work for me. I have completed the step "Set up authentication".

For the "Request an authorization token" step, I have chosen "Client credentials flow". Below is my information. Can you tell me why I'm getting "Valid authentication was not provided" error?


Returned Token Decoded
{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "-************",
  "kid": "-************"
}

{
  "aud": "https://api.loganalytics.io",
  "iss": "https://sts.windows.net/60986bc4-74a6-4b4b-af58-************/",
  "iat": 1689188354,
  "nbf": 1689188354,
  "exp": 1689192254,
  "aio": "**REMOVED**",
  "appid": "5535a0e8-f392-4962-a240-************",
  "appidacr": "1",
  "idp": "https://sts.windows.net/60986bc4-74a6-4b4b-af58-************/",
  "oid": "4ebe78a6-444d-45e3-b23a-39469b5fa8ab",
  "rh": "**REMOVED**",
  "roles": [
    "Data.Read"
  ],
  "sub": "4ebe78a6-444d-45e3-b23a-************",
  "tid": "60986bc4-74a6-4b4b-af58-************",
  "uti": "**REMOVED**",
  "ver": "1.0"
}

Log Analytics Request
curl --location 'https://api.loganalytics.azure.com/v1/workspaces/9191acb6-d477-45a8-a3c8-dows.net/60986bc4-74a6-4b4b-af58-************/query' \ --header 'Authorization: bearer eyJ0eXA . . .' \ --header 'Content-Type: application/json' \ --data '{     "query": "AzureActivity |summarize count() by Category" }'

Request Response
{
    "error": {
        "message": "Valid authentication was not provided",
        "code": "AuthorizationRequiredError",
        "correlationId": "7b7aae21-688d-4e15-8c2a-f9563c373205"
    }
}

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,452 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Tarkowski, Michael (M.) 156 Reputation points
    2023-07-19T15:33:43.6233333+00:00

    I figured out the issue.

    At https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api there are instructions to setup your Log Analytics request header with Authorization: bearer <your access token>.  The problem is, when the 1st letter in bearer is lower case you get the following error.
    
    Microsoft documentation says:
    Use the token in requests to the Log Analytics endpoint:
    POST /v1/workspaces/your workspace id/query?timespan=P1D
        Host: https://api.loganalytics.azure.com
        Content-Type: application/json
        Authorization: bearer <your access token>
    
        Body:
        {
        "query": "AzureActivity |summarize count() by Category"
        }
    
    
    Error returned if 1st letter in bearer is lower case.
    {
        "error": {
            "message": "Valid authentication was not provided",
            "code": "AuthorizationRequiredError",
            "correlationId": "e73fa45e-a3ac-4bde-8af0-3205e77a8074"
        }
    }
    
    Recommendation - update content at web site so bearer is alway Bearer.
    
    1 person found this answer helpful.

  2. David Broggy 6,081 Reputation points MVP
    2023-07-13T14:04:40.52+00:00

    Hi Tarkowski,

    What method are you using to test your api connection?

    For example if using curl you could authorize something like this:

    curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=<app-client-id>&resource=https://api.loganalytics.azure.com&client_secret=<app-client-secret>" https://login.microsoftonline.com/<your-tenant-id>/oauth2/token

    Once you have a token you can query the workspace like this:

    curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer <your access token>" -d '{"query": "AzureActivity | summarize count() by Category"}' https://api.loganalytics.azure.com/v1/workspaces/<your workspace id>/query?timespan=P1D

    Hope that helps.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.