Even this is written in one of the connection examples, it wasn’t clear to me there is a really easy way of authenticating to Log Analytics using KQLMagic.
This option can be used when you want to have a browser popup appear for the user to sign in to Log Analytics, showing an AAD login form. From this interactive popup, KQLMagic will receive the tokens necessary to Query the configured Log Analytics Workspace on behalf of the user.
I will explain using VisualStudio Code from which I send python script to a dockerhost running jupyter, the python script will be the same no matter if you use this directly in your scipy notebook or remote.
|!pip install Kqlmagic --no-cache-dir --upgrade|
- The first line installs the KQLMagic module into Python.
- Second we configure the variables that will help build the connectionstring for KQLMagic. These are the ids for my private environment, you need to replace these with yours. (see quicktips below)
- Last the connectionstring will be saved to an environment variable that KQLMagic automatically loads on start.
Notice the “…loganalytics://code;….”
The keyword code in the connectionstring will instruct KQLMagic to authenticate using device code (using ADAL).
This will reload the extension so KQLMagic joins in the game!
|%kql AzureActivity | where Caller contains "maurice" | where TimeGenerated > ago(12h) | project TimeGenerated, OperationName, ActivityStatus, CallerIpAddress|
Now, in my situation the “Copy code…” button does not work. I have to copy the device code manually and open https://microsoft.com/devicelogin myself and paste the code.
After this you have to enter credentials for the Log Analytics Workspace.
If you have successfully been authenticated the query will run.
tenant id: navigate to https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties the value of Directory ID is your tenant id
workspace id: navigate to https://portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.OperationalInsights%2Fworkspaces and select your workspace you wish to query, in the workspace essentials on the right collumn you can find the workspace id.