Calling APIs from KQL??
Is it possible to make API calls from KQL/query explorer?
Forum Discussion
- You can use the externaldata operation in KQL - https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel/ba-p/1091306?fbclid=IwAR20ClvXfB2_r5oejWFa8Npr6-qFC3fuKKYEs7Hr19_im_en5BkE1e8L_Jo
But this is rather limited as there is no way to authenticate.
If you need access to an API that requires authentication, you should write a Logic App and use thatI have used externaldata operator to fetch data from a CSV having a few columns namely, IP ranges, country code, country name, continent name etc.
In Azure Activity table there is a CallerIP value.
I need to print the location for each caller Ip.
CSV file - https://datahub.io/core/geoip2-ipv4#premium-data-2
Can you help me with the KQL??
@hspinto
