Edit

Azure Monitor Log Analytics API overview

  • Article

The Log Analytics Query API is a REST API that you can use to query the full set of data collected by Azure Monitor logs. You can use the same query language that's used throughout the service. Use this API to retrieve data, build new visualizations of your data, and extend the capabilities of Log Analytics.

Log Analytics API authentication

You must authenticate to access the Log Analytics API:

  • To query your workspaces, you must use Microsoft Entra authentication.
  • To quickly explore the API without using Microsoft Entra authentication, you can use an API key to query sample data in a non-production environment.

Microsoft Entra authentication for workspace data

The Log Analytics API supports Microsoft Entra authentication with three different Microsoft Entra ID OAuth2 flows:

  • Authorization code
  • Implicit
  • Client credentials

The authorization code flow and implicit flow both require at least one user interactive sign-in to your application. If you need a non-interactive flow, use the client credentials flow.

After you receive a token, the process for calling the Log Analytics API is the same for all flows. Requests require the Authorization: Bearer header, populated with the token received from the OAuth2 flow.

API key authentication for sample data

To quickly explore the API without using Microsoft Entra authentication, we provide a demonstration workspace with sample data. You can authenticate by using an API key.

Note

When you use Microsoft Entra authentication, it might take up to 60 minutes for the Application Insights REST API to recognize new role-based access control permissions. While permissions are propagating, REST API calls might fail with error code 403.

Log Analytics API query limits

For information about query limits, see the Query API section of this webpage.

Try the Log Analytics API

To try the API without writing any code, you can use:

  • Your favorite client such as Fiddler or Postman to manually generate queries with a user interface.
  • cURL from the command line. Then pipe the output into jsonlint to get readable JSON.

Instead of calling the REST API directly, you can use the idiomatic Azure Monitor Query client libraries:

Each client library is a wrapper around the REST API that allows you to retrieve log data from the workspace.