Forum Discussion

Thomas Iwang's avatar
Thomas Iwang
Copper Contributor
Mar 15, 2018
Solved

Schedule a query and mail the result?

hi out there

 

I have a simple query for given security events in OMS which I want to run as a scheduled job and email me the result - daily - but sorry - I can't figure out how/where to do this from my Azure Log Analytics console - there must be a simple way - but how?

The script I want to run at 08:00 every morning is simply like this:

 

SecurityEvent

| where ( EventID == 4728 ) | sort by AccountName  

and then mail me the outcome as a csv file - just like exporting it to csv...

 

azure monitor
Query Language
  • Meir_Mendelovich's avatar
    Meir_Mendelovich
    Mar 17, 2018

    Hi,

     

    There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.

     

    If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992

     

    Thanks,

            Meir :->

     

6 Replies

Sort By
  • Meir_Mendelovich's avatar
    Meir_Mendelovich
    Icon for Microsoft rankMicrosoft
    Mar 17, 2018

    Hi,

     

    There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.

     

    If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992

     

    Thanks,

            Meir :->

     

    • Motemote's avatar
      Motemote
      Copper Contributor
      Jul 15, 2021
      Hello Meir,

      Is that possible to schedule AAD Audit log query and mail the result?
      • CliveWatson's avatar
        CliveWatson
        Former Employee
        Jul 16, 2021

        Motemote 

         

        Create a 3 step Logic App:

         

        1. Set your Recurrence (once a day, once an hour etc..)

        2. Run whatever KQL query for AAD Audit logs you need, I have set my "chart type" to "html table"  but there are other options.

        3. Send the email (or action you require), picking up the "attachment content" from step 2

         

      • GouravIN's avatar
        GouravIN
        Brass Contributor
        Oct 09, 2018

        How you are sending csv output of query to mails.

         

        I tired this but no luck , it is sending lots of mail to all like (130 and so on).

         

        Could you please suggest me what i missed in logic app 

Resources