Azure LogAnalytics Workspaces datasources

Question

Has anyone created a custom Azure LogAnalytics Workspaces datasource?

I have a query written in Azure workbooks but not sure how to translate it to a Log Analytics Workspace Query in a Azure LogAnalytics Workspaces datasource.

This is the query in workbooks...

W3CIISLog
| where Computer contains "server1"
or Computer contains "server2"
or Computer contains "server3"
or Computer contains "server4"
| summarize Code_Totals = count() by bin(TimeGenerated, 5m), scStatus
| render barchart

chrisred · Answer

Not at DataSource, but you could look at the "Azure Site Recovery" official EventSource. This uses the "Azure Log Analytics Workspaces" collection method, which has a kusto query configured.

I asked support about whether it was possible to use that collection method for our own custom EventSources. They said it wasn't supported. I played around with returning different fields, but with it being undocumented and support being evasive i gave up.

Maybe it is the same situation with the DataSource, it has the option to configure a query, but no information on how it is supposed to work.

stephen_c · Answer

Thanks, but I can't even find Azure Site Recovery eventsource in my portal...

chrisred · Answer

If it's not been installed it will be in the "Exchange" module section, an EventSource (E) called "Azure Site Recovery".

Forum Discussion

Azure LogAnalytics Workspaces datasources

Related Content

Google Workspace Webhooks

UIv4 DataSource editor - calm down dear!

DataSource with PowerShell script

Windows service datasource error

DataSources missing

Recent Discussions

Can anyone help modify this Datasource to be able to use any port?

Dashboard updates

Does anyone monitor their iDracs with LM? Tons of duplicate alerts

How do you monitor Running Services on Linux boxes?

Event Sources SNMP and Windows collectors?