Home > Net >  How to configure Basic Logs in Azure Log Analytics - how to get bearer token?
How to configure Basic Logs in Azure Log Analytics - how to get bearer token?

Time:03-09

I have Azure Log Analytics and Azure Application Insights. I want to set certain tables in my Log Analytics to "Basic Logs" because that is cheaper. First I want to just check the settings for these tables.

I am trying to follow this article: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-configure?tabs=api-2

The article tells me to get a bearer token by following this other article: https://social.technet.microsoft.com/wiki/contents/articles/51140.azure-rest-management-api-the-quickest-way-to-get-your-bearer-token.aspx

I extract a bearer token from the Azure Portal using the developer tools. It looks like this (a few hundred characters long): Bearer ey...A.

I then try to do this in PowerShell:

$BearerToken = "Bearer ey...A"
$uri = "https://management.azure.com/subscriptions/<subscriptionId>/resourcegroups/<resourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<workspaceName>/tables/<tableName>?api-version=2021-12-01-preview"
Invoke-WebRequest $uri -Headers @{Authorization = $BearerToken}

This gives me:

{"error":{"code":"InvalidAuthenticationToken","message":"The access token is invalid."}}

In my PowerShell session I am logged in as the same user as in the Portal (using az login).

Might it be a rights issue? I have "Owner" and "Contributor" access to the Log Analytics workspace.

What do I need to do to get through the authentication? Do I need any further headers or options on my Invoke-WebRequest call?

CodePudding user response:

The issue is probably because the audience of the token isn't set to management.azure.com, the resource you want to have access to.

If you try out this command:

 az account get-access-token --resource=https://management.azure.com --query accessToken --output tsv

You'll end up with a token which looks like this:

{
  "aud": "https://management.azure.com",
  "iss": "https://sts.windows.net/[guid]/",
  "iat": 1646746056,
  "nbf": 1646746056,
  "exp": 1646750582,
  "acr": "1",
  "aio":

You can copy the complete token to jwt.io/jwt.ms to see the values of all claims.

This token is meant for the management API, so will probably work.

CodePudding user response:

I figured out what I was doing wrong. I was copying the token from Firefox's developer tools, but the token displayed was truncated with a character in the middle. That was just very difficult to spot.

The full token should be something like 5000 characters long.

In Firefox, in the place where Request Headers are displayed, select Raw and then right-click, select all and copy. That gives you the complete values.

Or use the command that Jan_V suggested in his answer:

az account get-access-token --resource=https://management.azure.com --query accessToken --output tsv

Page link:https//www.codepudding.com/net/327909.html

Prev:How to output Get-ADComputer PowerShell results to JSON format containing IP and a parent object (Eg
Next:Escape the period character in a command flag within a PowerShell script?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding