SOLVED

Log Analytics / App Insights permissions

%3CLINGO-SUB%20id%3D%22lingo-sub-1013982%22%20slang%3D%22en-US%22%3ELog%20Analytics%20%2F%20App%20Insights%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1013982%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20Monitor%20%2F%20Log%20Analytics%20alerts%20need%20any%20special%20rights%20to%20to%20read%20Application%20Insights%20held%20in%20another%20subscription%20%3F%3C%2FP%3E%3CP%3EI%20can%20set%20an%20alert%20up%20by%20using%20a%20query%20that%20reads%20an%20Application%20Insights%20instance%20e.g%3C%2FP%3E%3CP%3Eapp('myAppInsightInstance').traces%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20setting%20the%20alert%20up%2C%20I%20can%20see%20data%20in%20the%20bar%20chart%20and%20I%20can%20also%20click%20on%20'run%20query%20in%20log%20analytics'%20and%20receive%20data.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20despite%20all%20this%2C%20no%20alerts%20are%20ever%20fired.%20I've%20set%20up%20plenty%20of%20alerts%20up%20before%20but%20this%20is%20the%20first%20using%20application%20insights.%3C%2FP%3E%3CP%3EIt's%20as%20if%2C%20while%20setting%20the%20alert%20up%20it's%20using%20my%20rights%20as%20I'm%20the%20one%20logged%20in%20on%20the%20portal%20but%20then%20afterwards%20the%20alert%20uses%20a%20different%20set%20of%20rights%20which%20maybe%20hasn't%20got%20rights%20on%20the%20app%20insights%20instance%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGrateful%20for%20any%20pointers.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1013982%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%20Insights%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1014287%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Analytics%20%2F%20App%20Insights%20permissions%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1014287%22%20slang%3D%22en-US%22%3E%3CP%3EHI%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F452208%22%20target%3D%22_blank%22%3E%40JK_UK%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20haven't%20give%20up%20much%20information%20how%20did%20you%20create%20the%20alert%20but%20in%20order%20this%20to%20work%20the%20alert%20rule%20needs%20to%20have%20authorized%20resources%20property%20filled%20with%20the%20resource%20ID%20of%20the%20application%20insights%20instance.%20This%20can%20be%20checked%20by%20getting%20the%20resource%20properties%20of%20the%20alert%20resource.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Do Monitor / Log Analytics alerts need any special rights to to read Application Insights held in another subscription ?

I can set an alert up by using a query that reads an Application Insights instance e.g

app('myAppInsightInstance').traces

 

When setting the alert up, I can see data in the bar chart and I can also click on 'run query in log analytics' and receive data.

 

However, despite all this, no alerts are ever fired. I've set up plenty of alerts up before but this is the first using application insights.

It's as if, while setting the alert up it's using my rights as I'm the one logged in on the portal but then afterwards the alert uses a different set of rights which maybe hasn't got rights on the app insights instance ?

 

Grateful for any pointers.

4 Replies
Highlighted

HI@JK_UK 

You haven't give up much information how did you create the alert but in order this to work the alert rule needs to have authorized resources property filled with the resource ID of the application insights instance. This can be checked by getting the resource properties of the alert resource.

Highlighted

@Stanislav Zhelyazkov 

 

Hi Stanislav, thanks for the reply.

The Resource is a Log Analytics instance:

clipboard_image_0.png

 

The alert is just a log query running the following (purely as a test)

app('uniweb-dev').customMetrics

 

This should work shouldn't it ? In fact, I've got instances in my dev environment where this works. The difference is is that the environment I'm trying to get this to work in is a lot more complicated.

 

I'm just about to try redeploying the alert but this time set the Resource at the top as the Application Insights instance. Then the query presumably would just need to be:

customMetrics

 

I'll keep you posted.

 

Solution

Hi@JK_UK 

To be more precise I have written a blog post about alerts API:

https://cloudadministrator.net/2019/10/07/azure-monitor-alert-series-part-7/

If you scroll to the bottom there is example and on line 44-48 you will see that resources (log analytics workspace or application insights instance) needs to be added with their resource IDs. As far as I know that information is not available trough the portal so you will have to check the ARM API to get it and see if the mentioned app insights instance is added to that part of the properties. Authorized resources part is used when you do cross workspace/app insights queries for alerts.

Highlighted

@Stanislav Zhelyazkov 

 

Thanks! 

That's exactly what it was, I'd never noticed the authorizedResources value before. Burst into life once I'd added the app insight resourceId in there!

 

Thanks again.