Forum Discussion

SebastiaanR's avatar
SebastiaanR
Brass Contributor
May 18, 2020

Log Analytics into Azure Lighthouse

I had a look at the community pages, but can't find a section specific to Lighthouse, so pardon me for posting here. If there is a dedicated space, I would appreciate a link.

 

I have an issue pulling customer log information from Log Analytics into our Lighthouse tenant.

 

I have a group that gets assigned Contributor rights to the customer environment at subscription level. I am able to browse all resources, and I  have verified that I can create resources. However, when I access the Log Analytics workspace(s), I am unable to run any queries (or query any VM performance data through Azure Monitor), and it's as if it just hangs there trying to retrieve the log data. Attached is a snip of what I see.

Logging in to the customer tenant directly with Owner permissions I am able to successfully query the logs and view VM performance data.

Please advise if there are any specific considerations in terms of permissions. I assumed Contributor role at subscription level would have sufficed.

Thanks

Sebastiaan

monitoring
  • SoniaCuff's avatar
    SoniaCuff
    Sep 27, 2020

    SebastiaanR  I never even thought of a scenario where the managing tenant wouldn't have a subscription! Add even an Azure Free Account sub to it and see if that works.

  • Azeem308's avatar
    Azeem308
    Copper Contributor
    Jun 06, 2020

    SebastiaanR 

    Apply "Log Analytics Reader" role. "Contributor" rights will not give access to read/query logs.

    Hope this helps!

    -Azeem

    • SebastiaanR's avatar
      SebastiaanR
      Brass Contributor
      Jun 23, 2020

      Thanks for the guidance.

      I've changed this, and I now get the LA Reader role assigned (at subscription level). Whenever I run any query, I still get the following error:

       

      ERROR RETRIEVING DATA
      Register resource provider 'Microsoft.Insights' for this subscription to enable this query If issue persists, please open a support ticket.
      Request id: 
       
      I've confirmed that the provider is registered against the subscription.
      When running this same query when logged in directly to the subscription, I get a successful result.
       
      This is the case with multiple subscriptions, which leads me to believe it is either still a permission issue. Especially considering the following alert I get via e-mail:

      {"statusCode":"Unauthorized","serviceRequestId":null,"statusMessage":"{\"error\":{\"code\":\"AuthorizationRequiredError\",\"message\":\"Valid authentication was not provided\"}}","eventCategory":"Administrative"}
       
       
      • SoniaCuff's avatar
        SoniaCuff
        Icon for Microsoft rankMicrosoft
        Aug 31, 2020

        SebastiaanR Did you get a resolution for this?

         

        I've mirrored your scenario by setting up my provider with ONLY log analytics reader access to a test customer subscription, and I can successfully query log analytics (via Lighthouse delegation) with no errors. This suggests it's something specific to your provider tenant, which would require a support ticket for Microsoft to investigate.

         

        -Sonia