Log Analytics ARM REST API specification update

Copper Contributor

For example, I want to get resource type "Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions",
but there is no easy way to get it.

Please release version 2017-03-15-preview specification.

 

REST API Document(2015-03-20)
<https://docs.microsoft.com/en-us/rest/api/loganalytics/savedsearches>

 

GitHub azure-rest-api-specs(2015-03-20/2015-11-01-preview)
<https://github.com/Azure/azure-rest-api-specs/tree/master/specification/operationalinsights/resource...>

 

Manage Log Analytics using Azure Resource Manager templates(2017-03-15-preview)

<https://docs.microsoft.com/en-us/azure/azure-monitor/platform/template-workspace-configuration?toc=%...>

9 Replies

Hi,

I've shared your request with the relevant PM and engineer, who should reply here.

 

Thanks for posting this request.

 

Noa

Hi,

The ScheduledQueryRules API guide is live, see examples: https://docs.microsoft.com/en-us/rest/api/monitor/scheduledqueryrules/createorupdate#examples

 

An official announcement of the API is expected in Jan 2019, but you can already use it.

 

HTH,

Noa

Hey,

I have similar problem.

Link is for ScheduledQueryRules from provider microsoft.insights, and we are searching under provider Microsoft.OperationalInsights for QueryRules. ScheduledQueryRules and QueryRules are two different things.

 

I need this to modify Query Rules (not ScheduledQueryRules) to Log Analytics in Azure Monitor. Alerts are using data from Microsoft.OperationalInsights/workspaces/savedSearches/ , Microsoft.OperationalInsights/workspaces/savedSearches/schedules/ and Microsoft.OperationalInsights/workspaces/savedSearches/schedules/actions. API is documented only for Microsoft.OperationalInsights/workspaces/savedSearches/.

 

I asked a question about the documentation and future of the Microsoft.OperationalInsights and microsoft.insights API on the Azure Advisor platform, but no one has answered me yet. Maybe you'll help :)

Thanks for response.

 

I thought that scheduledQueryRules is an alert only on the Application Insights,
but As I read the presented document, scheduledQueryRules seemed to be able to target LogAnalytics.

 

In my guess, will savedSearches be abolished and integrated into scheduledQueryRules?
If savedSearches is to be abolished, I will move to scheduledQueryRules.

 

Anyway, next week, if I have time, I will try it.

Sadly scheduledQueryRules don't work with a custom query to Log Analytics.

 

BTW. This can help https://docs.microsoft.com/en-us/azure/azure-monitor/platform/api-alerts

Its little bit outdated with schema but method there are working fine. Just do GET there and you will have a schema.

The new API works as Noa stated. The benefits of that new API are:

- alignment with Application Insights

- No need to do saved query to create alert. Now with single resource deployment you create the whole alert.

- The alert is detached from the Log Analytics workspace resource

The schedulequeryrules worked in LogAnalytics as well,
It seems to be easier to use than savedsearches.

 

I have two questions.

1.Creation from the portal is still "savedsearches", but will it change to "scheduledqueryrules"?

 

2.About the ActionGroup action of LogAnalytics alert,
POST body (Json schema) is slightly different for "webhook" and "function".

 

Specifically, the top properties ("schemaId" and "Data") are not found in "webhook".
The schema of AppInsights is the same for "webhook" and "function".

 

Is this difference the intended behavior?


It is useful if it is the same schema as AppInsights, but do you plan to change it in the future?

1 - For sure. That is the reason of releasing new API to fix the issues with the old one and to be rolled to other experiences like Azure Portal.

 

 

Any plans on the service please ask Noa or someone else from the product group. I am Microsoft MVP and I do not officially represent the service.

Thats why I had problem. Alerts from portal are created as SavedSearch. Thanks!