run a script as soon as an event is added to azure log analytics

Arunkumar Akuthota 26 Reputation points
2020-09-10T22:04:32.32+00:00

I need to run a script as soon as an event is added to azure log analytics

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,196 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,087 questions
0 comments No comments
{count} votes

Accepted answer
  1. bharathn-msft 5,096 Reputation points Microsoft Employee
    2020-09-11T02:42:00.383+00:00

    @Arunkumar Akuthota Welcome to Microsoft Q&A platform and thanks for using this forum.

    For your query on running a script as soon as an event is added to Azure Log Analytics, as a out of box solution that is not available. Azure Log Analytics is basically used to store data and you have to write queries on top of the data to trigger an alert which can perform certain actions , for your case I believe Webhook can be a possible solution.

    • Find the query you want to execute with Log Analytics for a specific event , a sample query 23829-query.png
    • Write your custom script with in the Azure Automation runbook and configure the webhook for the same, please refer to this documentation for additional details. Have the WebHook URL ready from this step
    • Create action group with webhook configuration , which will be used in the alert. 23917-webhook.png
    • Create a new alert rule with in the Log Analytics workspace for the query you have from first step , configure the alert frequency and scope and map to the action group you created in above step. 23925-alertlogic.png

    Flow would be that alert checks the log analytics workspace by running the query with the frequency you have set and if the alert rule passes , the webhook gets trigged and which in turn should invoke your script. Please be aware that the alert frequency cannot be less than 5 minutes with the current product functionality.

    You can also explore Azure Monitor Logs connector for Logic Apps and Power Automate , which can help you query Log Analytics and perform any action based on that result.

    Hope this information helps, please feel free to revert back if you have any further queries. Thank you

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.