I am trying to read log analytics in python. Here is my code:

AZURE_CLIENT_ID = ''
AZURE_CLIENT_SECRET = ''
AZURE_TENANT_ID = ''
workspace_id = ''
from azure.identity import ClientSecretCredential
from datetime import datetime
from azure.monitor.query import LogsQueryClient, LogsQueryStatus


start_time = datetime(2022, 1, 1)
end_time = datetime(2023, 1, 2)
credential  = ClientSecretCredential(
        client_id = AZURE_CLIENT_ID,
        client_secret = AZURE_CLIENT_SECRET,
        tenant_id = AZURE_TENANT_ID
    )

client = LogsQueryClient(credential)
query = "ContainerLog"

response = client.query_workspace(workspace_id=workspace_id,
                                  query=query, timespan=(start_time, end_time - start_time))

if response.status == LogsQueryStatus.PARTIAL:
    error = response.partial_error
    print('Results are partial', error.message)

elif response.status == LogsQueryStatus.SUCCESS:
    results = []
    for table in response.tables:
        for row in table.rows:
            results.append(dict(zip(table.columns, row)))
    print(convert_azure_table_to_dict(results))

and it is failing:

Traceback (most recent call last):
  File "c:\temp\x.py", line 24, in <module>
    response = client.query_workspace(workspace_id=workspace_id,
  File "C:\kourosh\venv\lib\site-packages\azure\core\tracing\decorator.py", line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
  File "C:\kourosh\venv\lib\site-packages\azure\monitor\query\_logs_query_client.py", line 136, in query_workspace
    process_error(err, LogsQueryError)
  File "C:\kourosh\venv\lib\site-packages\azure\monitor\query\_helpers.py", line 141, in process_error
    raise HttpResponseError(message=error.message, response=error.response, model=model)
azure.core.exceptions.HttpResponseError: (InsufficientAccessError) The provided credentials have insufficient access to perform the requested operation
Code: InsufficientAccessError
Message: The provided credentials have insufficient access to perform the requested operation

I have added Log Analytics API -> Data.Read permission to the registered app that I'm using. Any idea what is causing this?

CodePudding user response：

Data.Read provides permissions to use the API and grant your app access to your Log Analytics Workspace. However, for accessing data within log analytics workspace, you need to provide permissions as per the data you need access to.

References:

• https://learn.microsoft.com/en-us/azure/azure-monitor/logs/api/access-api
• https://learn.microsoft.com/en-us/azure/azure-monitor/logs/manage-access?tabs=portal