cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Log Analytics Workspace - Minimum Permissions to submit custom events?

mindfulrants
Copper Contributor

‎Feb 10 2024 03:29 AM

‎Feb 10 2024 03:29 AM

Log Analytics Workspace - Minimum Permissions to submit custom events?

I am trying to set up a LA Workspace intended to collect custom events submitted from custom powershell scripts (i.e, via Invoke-WebRequest).

 

 

I don't want to use the workspace's Shared Key - I want to use either an app principal and/or a managed identity.

 

What are the minimum RBAC permissions that I need to assign to successfully submit custom events?

 

(I tried reading up and down here, it doesn't seem to tackle permissions for writing log events).

Manage access to Log Analytics workspaces - Azure Monitor | Microsoft Learn

 

 

Labels:
254 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by mindfulrants (Copper Contributor)
josecons

‎Feb 25 2024 06:30 AM

‎Feb 25 2024 06:30 AM

Solution

Re: Log Analytics Workspace - Minimum Permissions to submit custom events?

Hi @mindfulrants, as you mentioned workspace key, it means you're probably referring to the (now called) legacy HTTP Data Collector API, which has been deprecated and will be retired in 2026. 

As you want to use an app registration, then I suggest that you use the new API, that's based in DCR\DCE: Logs Ingestion API in Azure Monitor - Azure Monitor | Microsoft Learn
Since the permissions are actually given at the DCR level, it does allow a deeper level of granularity, hence you can just use the 'Microsoft.Insights/Telemetry/Write' action:

josecons_0-1708870867278.png


Once you have everything setup, you can use the sample PowerShell code to get you started: Sample code to send data to Azure Monitor using Logs ingestion API - Azure Monitor | Microsoft Learn

Hope this helps!

0 Likes
Reply
mindfulrants

‎Feb 26 2024 09:18 AM

‎Feb 26 2024 09:18 AM

Re: Log Analytics Workspace - Minimum Permissions to submit custom events?

Thanks, @josecons this is actually very useful.
I dont want to have an app registration because there is a shared secret involved, rather i want to use a Managed Identity, in this particular case assigned to an Azure Arc Enabled Server.
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by mindfulrants (Copper Contributor)
josecons

‎Feb 25 2024 06:30 AM

‎Feb 25 2024 06:30 AM

Solution

Re: Log Analytics Workspace - Minimum Permissions to submit custom events?

Hi @mindfulrants, as you mentioned workspace key, it means you're probably referring to the (now called) legacy HTTP Data Collector API, which has been deprecated and will be retired in 2026. 

As you want to use an app registration, then I suggest that you use the new API, that's based in DCR\DCE: Logs Ingestion API in Azure Monitor - Azure Monitor | Microsoft Learn
Since the permissions are actually given at the DCR level, it does allow a deeper level of granularity, hence you can just use the 'Microsoft.Insights/Telemetry/Write' action:

josecons_0-1708870867278.png


Once you have everything setup, you can use the sample PowerShell code to get you started: Sample code to send data to Azure Monitor using Logs ingestion API - Azure Monitor | Microsoft Learn

Hope this helps!

View solution in original post

0 Likes
Reply