Feb 10 2024 03:29 AM
I am trying to set up a LA Workspace intended to collect custom events submitted from custom powershell scripts (i.e, via Invoke-WebRequest).
I don't want to use the workspace's Shared Key - I want to use either an app principal and/or a managed identity.
What are the minimum RBAC permissions that I need to assign to successfully submit custom events?
(I tried reading up and down here, it doesn't seem to tackle permissions for writing log events).
Manage access to Log Analytics workspaces - Azure Monitor | Microsoft Learn
Feb 25 2024 06:30 AM
SolutionHi @mindfulrants, as you mentioned workspace key, it means you're probably referring to the (now called) legacy HTTP Data Collector API, which has been deprecated and will be retired in 2026.
As you want to use an app registration, then I suggest that you use the new API, that's based in DCR\DCE: Logs Ingestion API in Azure Monitor - Azure Monitor | Microsoft Learn
Since the permissions are actually given at the DCR level, it does allow a deeper level of granularity, hence you can just use the 'Microsoft.Insights/Telemetry/Write' action:
Once you have everything setup, you can use the sample PowerShell code to get you started: Sample code to send data to Azure Monitor using Logs ingestion API - Azure Monitor | Microsoft Learn
Hope this helps!
Feb 26 2024 09:18 AM
Feb 25 2024 06:30 AM
SolutionHi @mindfulrants, as you mentioned workspace key, it means you're probably referring to the (now called) legacy HTTP Data Collector API, which has been deprecated and will be retired in 2026.
As you want to use an app registration, then I suggest that you use the new API, that's based in DCR\DCE: Logs Ingestion API in Azure Monitor - Azure Monitor | Microsoft Learn
Since the permissions are actually given at the DCR level, it does allow a deeper level of granularity, hence you can just use the 'Microsoft.Insights/Telemetry/Write' action:
Once you have everything setup, you can use the sample PowerShell code to get you started: Sample code to send data to Azure Monitor using Logs ingestion API - Azure Monitor | Microsoft Learn
Hope this helps!