SOLVED

Schedule a query and mail the result?

Copper Contributor

hi out there

 

I have a simple query for given security events in OMS which I want to run as a scheduled job and email me the result - daily - but sorry - I can't figure out how/where to do this from my Azure Log Analytics console - there must be a simple way - but how?

The script I want to run at 08:00 every morning is simply like this:

 

SecurityEvent

| where ( EventID == 4728 ) | sort by AccountName  

and then mail me the outcome as a csv file - just like exporting it to csv...

 

6 Replies
best response confirmed by Thomas Iwang (Copper Contributor)
Solution

Hi,

 

There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.

 

If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992

 

Thanks,

        Meir :>

 

thanks - just what I needed

br /ti

How you are sending csv output of query to mails.

 

I tired this but no luck , it is sending lots of mail to all like (130 and so on).

 

Could you please suggest me what i missed in logic app 

That video is not very detailed at all.  I'm guessing no one has solved this yet?  I've tried exporting the info to a spreadsheet, but that got complicated doing it row by row, and didn't work correctly.  I just want a simple step of "email me the result's" but I can't seem to find that.  Not a graph, just the results.

Hello Meir,

Is that possible to schedule AAD Audit log query and mail the result?

@Motemote 

 

Create a 3 step Logic App:

 

1. Set your Recurrence (once a day, once an hour etc..)

2. Run whatever KQL query for AAD Audit logs you need, I have set my "chart type" to "html table"  but there are other options.

3. Send the email (or action you require), picking up the "attachment content" from step 2

 

emailLogicApp.png

1 best response

Accepted Solutions
best response confirmed by Thomas Iwang (Copper Contributor)
Solution

Hi,

 

There are several ways to implement this scenario. IMHO, the most elegant method is using Azure Logic App. It has a connector that can execute a query and other connectors to send mail. There are logic modules to transform and format the results. You can also add additional logic items and connectors to other systems as much as you like.

 

If you want to see this scenario demo in video just watch this video: https://youtu.be/4whwxXWM894?t=2992

 

Thanks,

        Meir :>

 

View solution in original post