Intro

One of the common ask I get from customers is to alert on new resources when they are created. I typically hesitate to alert every time a single resource is created because I think the better approach is to generate a report of new resource on a schedule. So, for this blog I want to walk you through utilizing Azure Logic Apps along with Azure Log Analytics to generate a useful report that you can schedule. 

Sneek Peak 

Before we jump into implementation let’s look at what the Logic Apps looks like.  

As you can see this is a simple Logic App. We only have 3 steps in this process: 

• Schedule: simple scheduler to kick off the workflow 
• Query for New Resources: Query Log Analytics Workspace using the KQL language to find new resources. 
• Email HTML Report: Send the results of the KQL query via email as a HTML attachment. 

Below is an example of the HTML Report: 

Prerequisites 

If you’re interested in implementing this Logic App you need to be aware of a few requirements: 

1. You need to send you’re Azure Activity Logs to a Log Analytics Workspace in order for the Log Analytics query to come back with any results. 

Azure Activity log - Azure Monitor | Microsoft Docs 

2. For the example below I use the connector to Office365. So you either need an Office365 account or you need to use a different action for the email. 

Implementing 

Hopefully, everyone is still interested and wants to look at this in your environment. Well let’s walk through importing the Logic App! 

Step 1: Create a Logic App 

You can follow the below document to create a Logic App if you’ve never created one before: 

Quickstart - Create your first Logic Apps workflow - Azure portal - Azure Logic Apps | Microsoft Doc... 

You can name you’re Logic App whatever you like. I chose to name mine “NewResourcesReport” 

Step 2: Customize the Logic App 

When you create the Logic App it will bring you to the Template page. You can choose “Recurrence” to get started with the Logic App. 

I typically like to rename my steps before I do anything. So whenever I mention renaming a step you simply click on the “…” for the step and choose rename: 

Complete the following for the “Recurrence” step: 

• Rename to “Schedule” 

• Set to whatever interval you wish. I’m choosing to run mine once a week. 

Click on “+ New Step”, search for “Azure Monitor”, and choose “Azure Monitor Logs” 

This will bring up the actions available for “Azure Monitor Logs” and we will use the “Run query and visualize results” 

Rename the action to “Query for New Resources” 

Enter the following values to connect to the Log Analytics Workspace where your “Azure Activity Logs” are being sent. 

• Subscription: Azure Subscription where the Log Analytics Workspace is located 

• Resource Group: Azure Resource Group where the Log Analytics Workspace is located 
• Resource Type: Log Analytics Workspace 
• Resource Name: Log Analytics Workspace where the Azure Activity Logs are being sent 
• Query: 

let ResourceCreation=AzureActivity 
| where OperationNameValue =~ 'MICROSOFT.RESOURCES/DEPLOYMENTS/WRITE'; 
ResourceCreation 
| summarize arg_max(TimeGenerated, *) by CorrelationId 
| where ActivityStatusValue =~ 'Success' 
| project CorrelationId 
| join kind=inner (ResourceCreation  
| summarize arg_min(TimeGenerated, *) by CorrelationId) on CorrelationId 
| project TimeGenerated, Caller, CallerIpAddress, ResourceGroup, ResourceId 

• Time Range: Should match with you Schedule Activity. For example, my schedule is for once a week so I chose “Last 7 days” 

• Chart Type: Html Table 

Click on “+ New Step” below this activity, search for “send an email (v2)”, and choose the Office 365 Outlook action named “Send an email (V2)” 

Rename the Action to “Email HTML Report” and fill out the following: 

• Body: Whatever you wish for the Body of the email 
• Subject: Whatever you wish for the Subject of the email 
• To: Fill out the emails you wish to receive the report 
• Click on “Add new parameter” and choose “Attachment” 

• Attachment Content: from the “Dynamic content” choose “Attachment Content” under “Query for New Resources” 
• Attachment Name: Something like “Resources.html” 

That’s it for the Logic App. You should now click on “Save” and once the Logic App is saved click on “Run” 

Summary 

With the help of Azure Log Analytics and the Kusto query language we are able to create a simple 3 step Logic App that will generate a HTML report that is emailed out on a recurring basis. This is a great example of how Azure Logic Apps can be a great tool to utilize as an Azure Administrator.