cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

log analytics API returning empty Table collection

Paul Hunt - Cimares
MVP

‎Jul 04 2019 03:17 AM - last edited on ‎Apr 07 2022 05:59 PM by

‎Jul 04 2019 03:17 AM - last edited on ‎Apr 07 2022 05:59 PM by

log analytics API returning empty Table collection

I'm using Client Credentials to query Office 365 Audit data stored in Log Analytics. The AppID principal has Log Analytics Reader permissions to both the Log Analytics workspace and the Office 365 Audit Solution through IAM. (As detailed here: https://dev.loganalytics.io/documentation/1-Tutorials/Direct-API)

 

When I Invoke a rest request against the endpoint, I get an HTTP 200 response, so authentication is working fine, bu the Content payload is empty and just returns {"tables":[]}, without any results.

 

This happens regardless of query, all of which work fine when testing the query through the Log Explorer interface in the workspace.

I thought this might be permissions related, but still no change despite adding the App permissions to both workspace and solution. Any thoughts welcome as my Bing-fu hasn't helped.

 

Paul.

4,326 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Paul Hunt - Cimares (MVP)
Paul Hunt - Cimares

‎Jul 04 2019 03:45 AM - edited ‎Jul 04 2019 03:45 AM

‎Jul 04 2019 03:45 AM - edited ‎Jul 04 2019 03:45 AM

Solution

Re: log analytics API returning empty Table collection

After much bashing of the head against the desk, it would seem that not all the queries that work in the Log Analytics web engine work through the API. My previous errors were being masked by the JSON not converting properly and being left out of the body. Fiddler ftw!

 

If I use "search Operation == 'desired op'" and pass it into the body of the POST then that works ok and results are returned.

1 Like
Reply
niukk

‎Nov 15 2019 07:25 AM

‎Nov 15 2019 07:25 AM

Re: log analytics API returning empty Table collection

@Paul Hunt - Cimares I got the same, trying simple query 'Heartbeat| limit 50' which gets me empty table. How do I pass "search Operation == 'desired op'"  into the body ? Thnx

0 Likes
Reply
caractacus

‎Sep 15 2021 06:43 AM

‎Sep 15 2021 06:43 AM

Re: log analytics API returning empty Table collection

@niukk in my case, it was a missing "Content-Type: application/json" header.

 

Once the request header was added, data was returned.

 

0 Likes
Reply
ktvasanhotmailcom

‎Dec 02 2021 08:45 AM

‎Dec 02 2021 08:45 AM

Re: log analytics API returning empty Table collection

I had same problem, Instead of posting query as json just append the query string in the url
like:

url = "https://api.loganalytics.io/v1/workspaces/"+ workspace_id + "/query?query=AzureActivity | summarize count() by Category"
0 Likes
Reply