Cross-resource query Azure Data Explorer by using Azure Monitor
Azure Monitor supports cross-service queries between Azure Data Explorer, Application Insights, and Log Analytics. You can then query your Azure Data Explorer cluster by using Log Analytics or Application Insights tools and refer to it in a cross-service query. This article shows how to make a cross-service query.
The following diagram shows the Azure Monitor cross-service flow:
Cross query your Log Analytics or Application Insights resources and Azure Data Explorer
You can run cross-resource queries by using client tools that support Kusto queries. Examples of these tools include the Log Analytics web UI, workbooks, PowerShell, and the REST API.
Enter the identifier for an Azure Data Explorer cluster in a query within the adx pattern, followed by the database name and table.
adx('https://help.kusto.windows.net/Samples').StormEvents
Note
- Database names are case sensitive.
- Cross-resource query as an alert isn't supported.
- Identifying the Timestamp column in the cluster isn't supported. The Log Analytics Query API won't pass along the time filter.
- The cross-service query ability is used for data retrieval only. For more information, see Function supportability.
- Private Link is not supported with this feature.
Function supportability
The Azure Monitor cross-service queries support functions for Application Insights, Log Analytics, and Azure Data Explorer. This capability enables cross-cluster queries to reference an Azure Monitor or Azure Data Explorer tabular function directly. The following commands are supported with the cross-service query:
.show functions.show function {FunctionName}.show database {DatabaseName} schema as json
Combine Azure Data Explorer cluster tables with a Log Analytics workspace
Use the union command to combine cluster tables with a Log Analytics workspace.
union customEvents, adx('https://help.kusto.windows.net/Samples').StormEvents
| take 10
let CL1 = adx('https://help.kusto.windows.net/Samples').StormEvents;
union customEvents, CL1 | take 10
Tip
Shorthand format is allowed: ClusterName/InitialCatalog. For example, adx('help/Samples') is translated to adx('help.kusto.windows.net/Samples').
When you use the join operator instead of union, you're required to use a hint to combine the data in the Azure Data Explorer cluster with the Log Analytics workspace. Use Hint.remote={Direction of the Log Analytics Workspace}. For example:
AzureDiagnostics
| join hint.remote=left adx("cluster=ClusterURI").AzureDiagnostics on (ColumnName)
Join data from an Azure Data Explorer cluster in one tenant with an Azure Monitor resource in another
Cross-tenant queries between the services aren't supported. You're signed in to a single tenant for running the query that spans both resources.
If the Azure Data Explorer resource is in Tenant A and the Log Analytics workspace is in Tenant B, use one of the following methods:
- Use Azure Data Explorer to add roles for principals in different tenants. Add your user ID in Tenant B as an authorized user on the Azure Data Explorer cluster. Validate that the TrustedExternalTenant property on the Azure Data Explorer cluster contains Tenant B. Run the cross query fully in Tenant B.
- Use Lighthouse to project the Azure Monitor resource into Tenant A.
Connect to Azure Data Explorer clusters from different tenants
Kusto Explorer automatically signs you in to the tenant to which the user account originally belongs. To access resources in other tenants with the same user account, you must explicitly specify TenantId in the connection string:
Data Source=https://ade.applicationinsights.io/subscriptions/SubscriptionId/resourcegroups/ResourceGroupName;Initial Catalog=NetDefaultDB;AAD Federated Security=True;Authority ID=TenantId
Next steps
Feedback
Submit and view feedback for