SOLVED

Schedule a query and mail the result?

%3CLINGO-SUB%20id%3D%22lingo-sub-172154%22%20slang%3D%22en-US%22%3ESchedule%20a%20query%20and%20mail%20the%20result%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172154%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%20out%20there%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20have%20a%20simple%20query%20for%20given%20security%20events%20in%20OMS%20which%20I%20want%20to%20run%20as%20a%20scheduled%20job%20and%20email%20me%20the%20result%20-%20daily%20-%20but%20sorry%20-%20I%20can't%20figure%20out%20how%2Fwhere%20to%20do%20this%20from%20my%20Azure%20Log%20Analytics%20console%20-%20there%20must%20be%20a%20simple%20way%20-%20but%20how%3F%3C%2FP%3E%0A%3CP%3EThe%20script%20I%20want%20to%20run%20at%2008%3A00%20every%20morning%20is%20simply%20like%20this%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESecurityEvent%3C%2FP%3E%0A%3CP%3E%7C%20where%20(%20EventID%20%3D%3D%204728%20)%20%7C%20sort%20by%20AccountName%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eand%20then%20mail%20me%20the%20outcome%20as%20a%20csv%20file%20-%20just%20like%20exporting%20it%20to%20csv...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-172154%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuery%20Language%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-352718%22%20slang%3D%22en-US%22%3ERe%3A%20Schedule%20a%20query%20and%20mail%20the%20result%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-352718%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20video%20is%20not%20very%20detailed%20at%20all.%26nbsp%3B%20I'm%20guessing%20no%20one%20has%20solved%20this%20yet%3F%26nbsp%3B%20I've%20tried%20exporting%20the%20info%20to%20a%20spreadsheet%2C%20but%20that%20got%20complicated%20doing%20it%20row%20by%20row%2C%20and%20didn't%20work%20correctly.%26nbsp%3B%20I%20just%20want%20a%20simple%20step%20of%20%22email%20me%20the%20result's%22%20but%20I%20can't%20seem%20to%20find%20that.%26nbsp%3B%20Not%20a%20graph%2C%20just%20the%20results.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-268585%22%20slang%3D%22en-US%22%3ERe%3A%20Schedule%20a%20query%20and%20mail%20the%20result%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-268585%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20you%20are%20sending%20csv%20output%20of%20query%20to%20mails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tired%20this%20but%20no%20luck%20%2C%20it%20is%20sending%20lots%20of%20mail%20to%20all%20like%20(130%20and%20so%20on).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20suggest%20me%20what%20i%20missed%20in%20logic%20app%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-185143%22%20slang%3D%22en-US%22%3ERe%3A%20Schedule%20a%20query%20and%20mail%20the%20result%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-185143%22%20slang%3D%22en-US%22%3Ethanks%20-%20just%20what%20I%20needed%3CBR%20%2F%3E%3CBR%20%2F%3Ebr%20%2Fti%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-172910%22%20slang%3D%22en-US%22%3ERe%3A%20Schedule%20a%20query%20and%20mail%20the%20result%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-172910%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20several%20ways%20to%20implement%20this%20scenario.%20IMHO%2C%20the%20most%20elegant%20method%20is%20using%20Azure%20Logic%20App.%20It%20has%20a%20connector%20that%20can%20execute%20a%20query%20and%20other%20connectors%20to%20send%20mail.%20There%20are%20logic%20modules%20to%20transform%20and%20format%20the%20results.%20You%20can%20also%20add%20additional%20logic%20items%20and%20connectors%20to%20other%20systems%20as%20much%20as%20you%20like.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20see%20this%20scenario%20demo%20in%20video%20just%20watch%20this%20video%3A%20%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F4whwxXWM894%3Ft%3D2992%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2F4whwxXWM894%3Ft%3D2992%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Meir%20%3A%26gt%3B%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

hi out there

 

I have a simple query for given security events in OMS which I want to run as a scheduled job and email me the result - daily - but sorry - I can't figure out how/where to do this from my Azure Log Analytics console - there must be a simple way - but how?

The script I want to run at 08:00 every morning is simply like this:

 

SecurityEvent

| where ( EventID == 4728 ) | sort by AccountName  

and then mail me the outcome as a csv file - just like exporting it to csv...

 

4 Replies
Best Response confirmed by Thomas Iwang (New Contributor)
Solution

Hi,

 

There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.

 

If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992

 

Thanks,

        Meir :>

 

Azure Log Analytics is now offering new interactive and expressive query language and advanced analytics portal. The service is now powered by the same highl...
thanks - just what I needed

br /ti

How you are sending csv output of query to mails.

 

I tired this but no luck , it is sending lots of mail to all like (130 and so on).

 

Could you please suggest me what i missed in logic app 

That video is not very detailed at all.  I'm guessing no one has solved this yet?  I've tried exporting the info to a spreadsheet, but that got complicated doing it row by row, and didn't work correctly.  I just want a simple step of "email me the result's" but I can't seem to find that.  Not a graph, just the results.