Forum Discussion

SebastiaanR's avatar
SebastiaanR
Copper Contributor
May 18, 2020
Solved

Log Analytics into Azure Lighthouse

I had a look at the community pages, but can't find a section specific to Lighthouse, so pardon me for posting here. If there is a dedicated space, I would appreciate a link.   I have an issue pull...
monitoring
  • SoniaCuff's avatar
    SoniaCuff
    Sep 27, 2020

    SebastiaanR  I never even thought of a scenario where the managing tenant wouldn't have a subscription! Add even an Azure Free Account sub to it and see if that works.

Azeem308's avatar
Azeem308
Copper Contributor
Jun 06, 2020

SebastiaanR 

Apply "Log Analytics Reader" role. "Contributor" rights will not give access to read/query logs.

Hope this helps!

-Azeem

SebastiaanR's avatar
SebastiaanR
Copper Contributor
Jun 23, 2020

Thanks for the guidance.

I've changed this, and I now get the LA Reader role assigned (at subscription level). Whenever I run any query, I still get the following error:

 

ERROR RETRIEVING DATA
Register resource provider 'Microsoft.Insights' for this subscription to enable this query If issue persists, please open a support ticket.
Request id: 
 
I've confirmed that the provider is registered against the subscription.
When running this same query when logged in directly to the subscription, I get a successful result.
 
This is the case with multiple subscriptions, which leads me to believe it is either still a permission issue. Especially considering the following alert I get via e-mail:

{"statusCode":"Unauthorized","serviceRequestId":null,"statusMessage":"{\"error\":{\"code\":\"AuthorizationRequiredError\",\"message\":\"Valid authentication was not provided\"}}","eventCategory":"Administrative"}
 
 
  • SoniaCuff's avatar
    SoniaCuff
    Icon for Microsoft rankMicrosoft
    Aug 31, 2020

    SebastiaanR Did you get a resolution for this?

     

    I've mirrored your scenario by setting up my provider with ONLY log analytics reader access to a test customer subscription, and I can successfully query log analytics (via Lighthouse delegation) with no errors. This suggests it's something specific to your provider tenant, which would require a support ticket for Microsoft to investigate.

     

    -Sonia

    • milkmix_'s avatar
      milkmix_
      Copper Contributor
      Sep 11, 2020

      Hi SoniaCuff 

       

      Same error in my case. I gave Sentinel Contributor and Logs Analytics Reader (also tried w/ Contributor) access to the same PrincipalId through Lighthouse. I can see alerts/incidents but not perform queries or see tables from the managing tenant.

       

      Managed tenant did enable Microsoft.Insights. Any idea on how to debug this?

      • milkmix_'s avatar
        milkmix_
        Copper Contributor
        Sep 11, 2020
        In case anyone else ran into the same issue: Microsoft.Insights needs to be applied on the managing tenant, not the managed one. This was confusing as the error message only mentions "this subscription" while you're accessing a managed one.

Resources