Send custom logs to Log Analytics Workspace via REST

729 views Asked by At

I need to send custom data (json) to my Log Analytics Workspace. In the documentation they say that custom app can send it via Data Ingestion API:

https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-endpoint-overview?tabs=portal

I created Data Collection Endpoint, but now have a problem with Data Collection Rule. enter image description here

Data source is an obligatory setting there, but none of Data Source types are matches my needs. Seems like Custom Text Logs are the closest, but they have File Pattern setting, which I assume related to logs stored on a machine. After all, I don't have any Data source, my app will just use Ingestion API.

My question is should I just pick random and then just use those DCE and DCR via Ingestion API(and sending my custom jsons) or is there some other way to do it?

1

There are 1 answers

0
Jahnavi On

Send custom logs to Log Analytics Workspace via REST:

To send customized JSON data to the Log Analytics Workspace, you can use a custom app to deliver it over the Data Ingestion API. Create a new data collection endpoint and a data collection rule by selecting the custom text logs type with some random file pattern such as '/'.

Once it is created, use below PowerShell script to send the data by using REST API with the Invoke-RestMethod command.

$Key = "xxxx" // Obtain this under agents in the log analytics workspace blade.
$workspaceID = "xxxx"
$Type = "Custom Text Logs"
$timestamp= [System.DateTime]::UtcNow.ToString("R") // RFC 1123 format
$Date = Get-Date -Format "yyyy-MM-dd"
$json = @{ "name" = "Jessie" "ID" = "1" }
$string = $json | ConvertTo-Json 
$logs = "$timestamp $string"

Now generated an encoded hash by using the below format for authentication purpose.

$signature = [System.Security.Cryptography.HMACSHA256]::new([System.Text.Encoding]::UTF8.GetBytes($Key))
$bytesToHashconv = [System.Text.Encoding]::UTF8.GetBytes("$Type`n$logs") 
$hashed = $signature.ComputeHash($bytesToHashconv) 
$encoded = [System.Convert]::ToBase64String($hashed)

At last, use Invoke-RestMethod by passing the above gathered headers as shown below.

$headers = @{                                                                                                            
     "Authorization" = "SharedKey $workspaceID : $encoded"  
     "Log-Type" = $Type
     "x-ms-timegenerated" = $timestamp
     "x-ms-date" = $Date
 }
 Invoke-RestMethod -Uri "https://$workspaceID.ods.opinsights.azure.com/api/logs?api-version=2016-04-01" -Method Post -Headers $headers -Body $logs

enter image description here

Refer MSDoc for more related information.