admin管理员组文章数量:1349221
I have a webapi hosted on Azure App Service, it has managed identity on, there is an existing Application Insights that has given a reader permission to that hosted api.
In the AppInsights, a new role assigned and a reader permission granted to the API, now I want the api to read data from AppInsights.
I want to add a C# method as a REST API that reads last 10 traces?
// Use DefaultAzureCredential to authenticate with Managed Identity
var credential = new DefaultAzureCredential();
// Create a LogsQueryClient
var client = new LogsQueryClient(credential);
// Replace this with your Application Insights resource ID
string appInsightsResourceId = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/microsoft.insights/components/{applicationInsightsName}";
// KQL query to get the last 10 traces
string kqlQuery = "traces | order by timestamp desc | take 10";
// Execute the query
Response<LogsQueryResult> queryResponse = await client.QueryWorkspaceAsync(
appInsightsResourceId,
kqlQuery,
new QueryTimeRange(TimeSpan.FromHours(1))
);
It didn't work, it comes back with invalid token credentials.
I also tried using DefaultAzureCredentials with ManagedClientID value, it still didn't work, I want to get logs/traces data as a http method.
I have a webapi hosted on Azure App Service, it has managed identity on, there is an existing Application Insights that has given a reader permission to that hosted api.
In the AppInsights, a new role assigned and a reader permission granted to the API, now I want the api to read data from AppInsights.
I want to add a C# method as a REST API that reads last 10 traces?
// Use DefaultAzureCredential to authenticate with Managed Identity
var credential = new DefaultAzureCredential();
// Create a LogsQueryClient
var client = new LogsQueryClient(credential);
// Replace this with your Application Insights resource ID
string appInsightsResourceId = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/microsoft.insights/components/{applicationInsightsName}";
// KQL query to get the last 10 traces
string kqlQuery = "traces | order by timestamp desc | take 10";
// Execute the query
Response<LogsQueryResult> queryResponse = await client.QueryWorkspaceAsync(
appInsightsResourceId,
kqlQuery,
new QueryTimeRange(TimeSpan.FromHours(1))
);
It didn't work, it comes back with invalid token credentials.
I also tried using DefaultAzureCredentials with ManagedClientID value, it still didn't work, I want to get logs/traces data as a http method.
1 Answer
Reset to default 1My test codes
public async Task<LogsQueryResult> GetAsync()
{
try
{
var credential = new DefaultAzureCredential();
var client = new LogsQueryClient(credential);
string workspaceId = "2xxxxxx7-7xx1-xxxx-xxxx-16xxxf7c";
//string kqlQuery = "traces | order by timestamp desc | take 10";
string kqlQuery = "AzureActivity | summarize Count = count() by ResourceGroup | top 10 by Count";
_logger.LogInformation("credential bypass");
var queryResponse = await client.QueryWorkspaceAsync(
workspaceId,
kqlQuery,
new QueryTimeRange(TimeSpan.FromHours(1))
);
_logger.LogInformation("queryResponse success");
return queryResponse;
}
catch (Exception ex) {
_logger.LogError(ex.Message);
return null;
}
}
I get the workspace ID by clicking into the workspace showed in App Insights instance.
And my test result like below. Using your query will get 400 error Failed to resolve table or column expression named 'traces'" which indicating there's no traces table. Then I know QueryWorkspaceAsync might not be designed to query App Insights tables. I follow the official document for QueryWorkspaceAsync and used another query then I got it worked.
This is method is not working for querying Application Insights, I tried codes below and worked:
string resourceId = "/subscriptions/xxx/resourceGroups/xxx/providers/microsoft.insights/components/tinytest0304";
string kqlQuery = "traces | order by timestamp desc | take 10";
Response<LogsQueryResult> queryResponse = await client.QueryResourceAsync(
new ResourceIdentifier(resourceId),
kqlQuery,
new QueryTimeRange(TimeSpan.FromHours(1)));
=========================
I enabled system-assigned managed identity for my Azure web app instance.
Then I go to the application insights instance which I hope to query log from, and add RBAC permission. Screenshoots below shows the permissions I added.
To add these permissions, going to Access Control(IAM) blade -> click the Add button and choose Add role assignment -> choose the role in Roles tab -> choose members in the Members tab(like screeshot below) -> Review + assign. Pls note, it might take several minutes to take effect, we might wait for a while and maybe a restart of the Azure web app to validate the role applyment.
本文标签: cREST method to access Application insightsStack Overflow
版权声明:本文标题:c# - REST method to access Application insights - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743860495a2551645.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
QueryWorkspaceAsyncshould be the workspace Id instead of app Insights resource id, could you pls try to adjjust the parameter? – Tiny Wang Commented Apr 2 at 7:20The provided credentials have insufficient access to perform the requested operation. Your error message indicates that you might visit an unexisted workspace. – Tiny Wang Commented Apr 2 at 8:26string workspaceId = "29xxxx11-4xx2-axx0-16xxxxxxxaf7c";. I tried to use an incorrect workspace id, then I get errorThe requested path does not exist– Tiny Wang Commented Apr 2 at 8:37Reader, Monitoring Contributor, Log Analytics Readerpermissions to both Application Insights instance and workspace instance. But I'm not sure which permission is exactly required.. Roles applyment seems to require several minutes to take effect... – Tiny Wang Commented Apr 2 at 9:19