{ "swagger": "2.0", "info": { "version": "2017-10-01", "title": "Azure Log Analytics", "description": "This API exposes Azure Log Analytics query capabilities", "termsOfService": "https://dev.loganalytics.io/tos", "contact": { "name": "AIAPI Team", "url": "https://dev.loganalytics.io/support", "email": "aiapi@microsoft.com" }, "license": { "name": "Microsoft", "url": "https://dev.loganalytics.io/license" } }, "host": "management.azure.com", "schemes": [ "https" ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "securityDefinitions": { "azure_auth": { "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", "description": "Azure Active Directory OAuth2 Flow", "scopes": { "user_impersonation": "impersonate your user account" } } }, "security": [ { "azure_auth": [ "user_impersonation" ] } ], "paths": { "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/query": { "get": { "operationId": "Query_Get", "summary": "Execute an Analytics query", "description": "Executes an Analytics query for data", "x-ms-examples": { "simple-query": { "$ref": "examples/oms-get-example.json" }, "cross-workspace": { "$ref": "examples/oms-get-cross-workspace-example.json" } }, "parameters": [ { "$ref": "#/parameters/subscriptionId" }, { "$ref": "#/parameters/resourceGroupName" }, { "$ref": "#/parameters/workspaceName" }, { "$ref": "#/parameters/queryParam" }, { "$ref": "#/parameters/timespanParam" }, { "$ref": "#/parameters/apiVersion" } ], "responses": { "200": { "description": "OK. The API call succeeded and the Analytics query result is in the response payload", "schema": { "$ref": "#/definitions/queryResults" } }, "default": { "description": "An error response object.", "schema": { "$ref": "#/definitions/errorResponse" } } } }, "post": { "operationId": "Query_Execute", "summary": "Execute an Analytics query", "description": "Executes an Analytics query for data. [Here](https://dev.loganalytics.io/documentation/Using-the-API) is an example for using POST with an Analytics query.", "x-ms-examples": { "simple-query": { "$ref": "examples/oms-post-example.json" }, "cross-workspace": { "$ref": "examples/oms-post-cross-workspace-example.json" } }, "parameters": [ { "$ref": "#/parameters/subscriptionId" }, { "$ref": "#/parameters/resourceGroupName" }, { "$ref": "#/parameters/workspaceName" }, { "$ref": "#/parameters/queryBody" }, { "$ref": "#/parameters/apiVersion" } ], "responses": { "200": { "description": "OK. The API call succeeded and the Analytics query result is in the response payload", "schema": { "$ref": "#/definitions/queryResults" } }, "default": { "description": "An error response object.", "schema": { "$ref": "#/definitions/errorResponse" } } } } }, "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/metadata": { "get": { "operationId": "Metadata_Get", "summary": "Gets metadata information", "description": "Retrieve the metadata information for the workspace, including its schema, functions, workspace info, categories etc.", "x-ms-examples": { "metadataGet": { "$ref": "examples/metadata-get.json" } }, "parameters": [ { "$ref": "#/parameters/subscriptionId" }, { "$ref": "#/parameters/resourceGroupName" }, { "$ref": "#/parameters/workspaceName" }, { "$ref": "#/parameters/apiVersion" } ], "responses": { "200": { "description": "OK. The API call succeeded and the metadata result is in the response payload", "schema": { "$ref": "#/definitions/metadataResults" } }, "default": { "description": "An error response object.", "schema": { "$ref": "#/definitions/errorResponse" } } } }, "post": { "operationId": "Metadata_Post", "summary": "Gets metadata information", "description": "Retrieve the metadata information for the workspace, including its schema, functions, workspace info, categories etc.", "x-ms-examples": { "metadataPost": { "$ref": "examples/metadata-post.json" } }, "parameters": [ { "$ref": "#/parameters/subscriptionId" }, { "$ref": "#/parameters/resourceGroupName" }, { "$ref": "#/parameters/workspaceName" }, { "$ref": "#/parameters/apiVersion" } ], "responses": { "200": { "description": "OK. The API call succeeded and the metadata result is in the response payload", "schema": { "$ref": "#/definitions/metadataResults" } }, "default": { "description": "An error response object.", "schema": { "$ref": "#/definitions/errorResponse" } } } } } }, "parameters": { "queryParam": { "name": "query", "in": "query", "required": true, "x-ms-parameter-location": "method", "description": "The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)", "type": "string" }, "queryBody": { "name": "body", "in": "body", "description": "The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)", "required": true, "schema": { "$ref": "#/definitions/queryBody" }, "x-ms-parameter-location": "method" }, "timespanParam": { "name": "timespan", "in": "query", "required": false, "format": "duration", "x-ms-parameter-location": "method", "description": "Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression.", "type": "string" }, "apiVersion": { "name": "apiVersion", "description": "Client API version.", "in": "query", "required": true, "type": "string", "default": "2017-10-01", "x-ms-parameter-location": "method" }, "subscriptionId": { "name": "subscriptionId", "description": "Gets subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.", "in": "path", "required": true, "type": "string", "x-ms-parameter-location": "method" }, "resourceGroupName": { "name": "resourceGroupName", "description": "The name of the resource group to get. The name is case insensitive.", "in": "path", "required": true, "type": "string", "pattern": "^[-\\w\\._\\(\\)]+$", "minLength": 1, "maxLength": 90, "x-ms-parameter-location": "method" }, "workspaceName": { "name": "workspaceName", "description": "Name of the Log Analytics workspace.", "in": "path", "required": true, "type": "string", "x-ms-parameter-location": "method" } }, "definitions": { "queryParam": { "description": "The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)", "type": "string" }, "timespanParam": { "description": "Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression.", "type": "string" }, "workspacesParam": { "description": "Workspace IDs to include in cross-workspace queries.", "type": "array", "items": { "type": "string" } }, "queryBody": { "description": "The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/)", "type": "object", "properties": { "query": { "description": "The query to execute.", "$ref": "#/definitions/queryParam" }, "timespan": { "description": "Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression.", "$ref": "#/definitions/timespanParam" }, "workspaces": { "description": "A list of workspaces that are included in the query.", "$ref": "#/definitions/workspacesParam" } }, "required": [ "query" ] }, "queryResults": { "title": "A query response.", "description": "Contains the tables, columns & rows resulting from a query.", "type": "object", "properties": { "tables": { "description": "The list of tables, columns and rows.", "type": "array", "items": { "$ref": "#/definitions/table" } } }, "required": [ "tables" ] }, "table": { "title": "A query response table.", "description": "Contains the columns and rows for one table in a query response.", "type": "object", "properties": { "name": { "description": "The name of the table.", "type": "string" }, "columns": { "description": "The list of columns in this table.", "type": "array", "items": { "$ref": "#/definitions/column" } }, "rows": { "description": "The resulting rows from this query.", "type": "array", "items": { "type": "array", "items": { "type": "string" } } } }, "required": [ "name", "columns", "rows" ] }, "column": { "title": "A table column.", "description": "A column in a table.", "type": "object", "properties": { "name": { "description": "The name of this column.", "type": "string" }, "type": { "description": "The data type of this column.", "type": "string" } } }, "metadataResults": { "title": "A metadata response.", "description": "The metadata response for the app, including available tables, etc.", "type": "object", "properties": { "categories": { "description": "The list of categories that are referenced in this metadata response.", "type": "array", "items": { "$ref": "#/definitions/metadataCategory" }, "uniqueItems": true }, "resourceTypes": { "description": "The list of resource types that are referenced in this metadata response.", "type": "array", "items": { "$ref": "#/definitions/metadataResourceType" }, "uniqueItems": true }, "solutions": { "description": "The list of Log Analytics solutions installed on the workspace.", "type": "array", "items": { "$ref": "#/definitions/metadataSolution" }, "uniqueItems": true }, "tables": { "description": "The list of tables and columns that comprise the schema of the workspace.", "type": "array", "items": { "$ref": "#/definitions/metadataTable" }, "uniqueItems": true }, "functions": { "description": "The list of functions stored on the workspace, or introduced by solutions etc.", "type": "array", "items": { "$ref": "#/definitions/metadataFunction" }, "uniqueItems": true }, "queries": { "description": "The list of saved queries stored on the workspace, or introduced by solutions, resource types, etc.", "type": "array", "items": { "$ref": "#/definitions/metadataQuery" }, "uniqueItems": true }, "applications": { "description": "The list of Application Insights apps that were referenced in the metadata request.", "type": "array", "items": { "$ref": "#/definitions/metadataApplication" }, "uniqueItems": true }, "workspaces": { "description": "The list of Log Analytics workspaces that were referenced in the metadata request.", "type": "array", "items": { "$ref": "#/definitions/metadataWorkspace" }, "uniqueItems": true }, "resources": { "description": "The list of Azure resources that were referenced in the metadata request.", "type": "array", "items": { "$ref": "#/definitions/metadataResource" }, "uniqueItems": true }, "permissions": { "description": "The list of permission rules that affected the metadata request.", "type": "array", "items": { "$ref": "#/definitions/metadataPermissions" }, "uniqueItems": true } } }, "metadataCategory": { "title": "A metadata category.", "description": "Categories are used to group other metadata entities.", "type": "object", "properties": { "id": { "description": "The ID of the category", "type": "string" }, "displayName": { "description": "The display name of the category", "type": "string" }, "description": { "description": "The description of the category", "type": "string" }, "related": { "description": "The related metadata items for the category", "type": "object", "properties": { "tables": { "description": "The tables related to the category", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The functions related to the category", "type": "array", "items": { "type": "string" } }, "resourceTypes": { "description": "The resource types related to the category", "type": "array", "items": { "type": "string" } }, "queries": { "description": "The saved queries related to the category", "type": "array", "items": { "type": "string" } }, "solutions": { "description": "The Log Analytics solutions related to the category", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "displayName" ] }, "metadataSolution": { "title": "A Log Analytics solution.", "description": "Solutions can group tables and functions that are associated with a certain Azure Log Analytics offering.", "type": "object", "properties": { "id": { "description": "The ID of the Log Analytics solution", "type": "string" }, "name": { "description": "The name of the Log Analytics solution", "type": "string" }, "displayName": { "description": "The display name of the Log Analytics solution", "type": "string" }, "description": { "description": "The description of the Log Analytics solution", "type": "string" }, "tags": { "description": "The tags that are associated with the Log Analytics solution", "$ref": "#/definitions/tags" }, "properties": { "description": "The properties of the Log Analytics solution", "type": "object" }, "related": { "description": "The related metadata items for the Log Analytics solution", "type": "object", "properties": { "tables": { "description": "The tables related to the Log Analytics solution", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The functions related to the Log Analytics solution", "type": "array", "items": { "type": "string" } }, "categories": { "description": "The categories related to the Log Analytics solution", "type": "array", "items": { "type": "string" } }, "queries": { "description": "The saved queries related to the Log Analytics solution", "type": "array", "items": { "type": "string" } }, "workspaces": { "description": "The Workspaces referenced in the metadata request that are related to the Log Analytics solution", "type": "array", "items": { "type": "string" } } }, "required": [ "tables" ] } }, "required": [ "id", "name", "related" ] }, "metadataResourceType": { "title": "A type of resource in Azure.", "description": "Metadata about types of Azure resources, containing relevant tables, functions, etc.", "type": "object", "properties": { "id": { "description": "The ID of the resource-type", "type": "string" }, "type": { "description": "The type of the resource-type", "type": "string" }, "displayName": { "description": "The display name of the resource-type", "type": "string" }, "description": { "description": "The description of the resource-type", "type": "string" }, "labels": { "description": "The user-defined labels of the resource-type", "type": "array", "items": { "type": "string" } }, "tags": { "description": "The tags associated with the resource-type", "$ref": "#/definitions/tags" }, "properties": { "description": "The properties of the resource-type", "type": "object" }, "related": { "description": "The related metadata items for the resource-type", "type": "object", "properties": { "tables": { "description": "The tables related to the resource-type", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The functions related to the resource-type", "type": "array", "items": { "type": "string" } }, "categories": { "description": "The categories related to the resource-type", "type": "array", "items": { "type": "string" } }, "queries": { "description": "The queries related to the resource-type", "type": "array", "items": { "type": "string" } }, "workspaces": { "description": "The Log Analytics workspaces related to the resource-type", "type": "array", "items": { "type": "string" } }, "resources": { "description": "The Azure resources related to the resource-type", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "type" ] }, "metadataTable": { "title": "A data table that takes part in a workspace schema.", "description": "Tables are part of the workspace schema, and contain a list of columns and a reference to other relevant metadata items.", "type": "object", "properties": { "id": { "description": "The ID of the table", "type": "string" }, "name": { "description": "The name of the table", "type": "string" }, "description": { "description": "The description of the table", "type": "string" }, "timespanColumn": { "description": "The column associated with the timespan query parameter for the table", "type": "string" }, "labels": { "description": "The user defined labels of the table", "type": "array", "items": { "type": "string" } }, "tags": { "description": "The tags associated with the table", "$ref": "#/definitions/tags" }, "properties": { "description": "The properties of the table", "type": "object" }, "columns": { "description": "The list of columns defined on the table", "type": "array", "items": { "properties": { "name": { "description": "The name of the column", "type": "string" }, "description": { "description": "The description of the column", "type": "string" }, "type": { "description": "The data type of the column", "type": "string", "enum": [ "bool", "datetime", "dynamic", "int", "long", "real", "string" ], "x-ms-enum": { "name": "MetadataColumnDataType", "modelAsString": true } }, "isPreferredFacet": { "description": "A flag indicating this column is a preferred facet", "type": "boolean" }, "source": { "description": "an indication of the source of the column, used only when multiple workspaces have conflicting definition for the column", "type": "object" } }, "required": [ "name", "type" ] } }, "related": { "description": "The related metadata items for the table", "type": "object", "properties": { "categories": { "description": "The related categories for the table", "type": "array", "items": { "type": "string" } }, "solutions": { "description": "The related Log Analytics solutions for the table", "type": "array", "items": { "type": "string" } }, "resourceTypes": { "description": "The related resource types for the table", "type": "array", "items": { "type": "string" } }, "workspaces": { "description": "The related Log Analytics workspaces for the table", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The related functions for the table", "type": "array", "items": { "type": "string" } }, "queries": { "description": "The related saved queries for the table", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "name" ] }, "metadataFunction": { "title": "A stored function.", "description": "Functions are stored Kusto queries that can be specified as part of queries by using their name.", "type": "object", "properties": { "id": { "description": "The ID of the function.", "type": "string" }, "name": { "description": "The name of the function, to be used in queries.", "type": "string" }, "parameters": { "description": "The parameters/arguments of the function, if any.", "type": "string" }, "displayName": { "description": "The display name of the function.", "type": "string" }, "description": { "description": "The description of the function.", "type": "string" }, "body": { "description": "The KQL body of the function.", "type": "string" }, "tags": { "description": "The tags associated with the function.", "$ref": "#/definitions/tags" }, "properties": { "description": "The properties of the function.", "type": "object" }, "related": { "description": "The related metadata items for the function.", "type": "object", "properties": { "tables": { "description": "The related tables for the function.", "type": "array", "items": { "type": "string" } }, "solutions": { "description": "The related Log Analytics solutions for the function.", "type": "array", "items": { "type": "string" } }, "resourceTypes": { "description": "The related resource types for the function.", "type": "array", "items": { "type": "string" } }, "categories": { "description": "The related categories for the function.", "type": "array", "items": { "type": "string" } }, "workspaces": { "description": "The related workspaces for the function.", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "name", "body" ] }, "metadataQuery": { "title": "A stored query.", "description": "Queries are stored pieces of KQL, along with a list of relevant metadata items.", "type": "object", "properties": { "id": { "description": "The ID of the query.", "type": "string" }, "displayName": { "description": "The display name of the query.", "type": "string" }, "description": { "description": "The description of the query.", "type": "string" }, "body": { "description": "The KQL body of the query.", "type": "string" }, "labels": { "description": "The user defined labels associated with the query.", "type": "array", "items": { "type": "string" } }, "tags": { "description": "The tags associated with the query.", "$ref": "#/definitions/tags" }, "properties": { "description": "The properties of the query.", "type": "object" }, "related": { "description": "The related metadata items for the query.", "type": "object", "properties": { "categories": { "description": "The related categories for the query.", "type": "array", "items": { "type": "string" } }, "solutions": { "description": "The related Log Analytics solutions for the query.", "type": "array", "items": { "type": "string" } }, "resourceTypes": { "description": "The related resource types for the query.", "type": "array", "items": { "type": "string" } }, "tables": { "description": "The related tables for the query.", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "body" ] }, "metadataApplication": { "title": "An Application Insights application.", "description": "Application Insights apps that were part of the metadata request and that the user has access to.", "type": "object", "properties": { "id": { "description": "The ID of the Application Insights app.", "type": "string" }, "resourceId": { "description": "The ARM resource ID of the Application Insights app.", "type": "string" }, "name": { "description": "The name of the Application Insights app.", "type": "string" }, "region": { "description": "The Azure region of the Application Insights app.", "type": "string" }, "related": { "description": "The related metadata items for the Application Insights app.", "type": "object", "properties": { "tables": { "description": "The related tables for the Application Insights app.", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The related functions for the Application Insights app.", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "resourceId", "name", "region" ] }, "metadataWorkspace": { "title": "A Log Analytics workspace.", "description": "Log Analytics workspaces that were part of the metadata request and that the user has access to.", "type": "object", "properties": { "id": { "description": "The ID of the Log Analytics workspace.", "type": "string" }, "resourceId": { "description": "The ARM resource ID of the Log Analytics workspace.", "type": "string" }, "name": { "description": "The name of the Log Analytics workspace.", "type": "string" }, "region": { "description": "The Azure region of the Log Analytics workspace.", "type": "string" }, "related": { "description": "The related metadata items for the Log Analytics workspace.", "type": "object", "properties": { "tables": { "description": "The related tables for the Log Analytics workspace.", "type": "array", "items": { "type": "string" } }, "solutions": { "description": "The related Log Analytics solutions for the Log Analytics workspace.", "type": "array", "items": { "type": "string" } }, "resourceTypes": { "description": "The related resource types for the Log Analytics workspace.", "type": "array", "items": { "type": "string" } }, "functions": { "description": "The related functions for the Log Analytics workspace.", "type": "array", "items": { "type": "string" } }, "resources": { "description": "The related Azure resources for the Log Analytics workspace.", "type": "array", "items": { "type": "string" } } } } }, "required": [ "id", "resourceId", "name", "region" ] }, "metadataResource": { "title": "An Azure resource.", "description": "Azure resources that were part of the metadata request and that the user has access to." }, "metadataPermissions": { "title": "Permission information.", "description": "Permission information for the metadata call, includes apps/workspaces/resource the user didn't have access to.", "type": "object", "properties": { "workspaces": { "description": "The permission indication for the workspaces on the metadata request.", "type": "array", "items": { "type": "object", "properties": { "resourceId": { "description": "The resource ID on the permission indication.", "type": "string" }, "denyTables": { "description": "The list of tables that were denied access for the resource ID.", "type": "array", "items": { "type": "string" } } }, "required": [ "resourceId" ] } }, "resources": { "description": "The permission indication for the Azure resources on the metadata request.", "type": "array", "items": { "type": "object", "properties": { "resourceId": { "description": "The resource ID on the permission indication.", "type": "string" }, "denyTables": { "description": "The list of tables that were denied access for the resource ID.", "type": "array", "items": { "type": "string" } } }, "required": [ "resourceId" ] } }, "applications": { "description": "The permission indication for the Application Insights apps on the metadata request.", "type": "array", "items": { "type": "object", "properties": { "resourceId": { "description": "The resource ID on the permission indication.", "type": "string" } }, "required": [ "resourceId" ] } } }, "required": [ "workspaces" ] }, "tags": { "description": "String-based key-value tags", "type": "object" }, "errorDetail": { "title": "Error details.", "type": "object", "properties": { "code": { "description": "The error's code.", "type": "string" }, "message": { "description": "A human readable error message.", "type": "string" }, "target": { "description": "Indicates which property in the request is responsible for the error.", "type": "string" }, "value": { "description": "Indicates which value in 'target' is responsible for the error.", "type": "string" }, "resources": { "description": "Indicates resources which were responsible for the error.", "type": "array", "items": { "type": "string" } }, "additionalProperties": { "description": "Additional properties that can be provided on the error details object", "type": "object" } }, "required": [ "code", "message" ] }, "errorInfo": { "title": "The code and message for an error.", "type": "object", "properties": { "code": { "description": "A machine readable error code.", "type": "string" }, "message": { "description": "A human readable error message.", "type": "string" }, "details": { "description": "error details.", "type": "array", "items": { "$ref": "#/definitions/errorDetail" } }, "innererror": { "description": "Inner error details if they exist.", "$ref": "#/definitions/errorInfo" }, "additionalProperties": { "description": "Additional properties that can be provided on the error info object", "type": "object" } }, "required": [ "code", "message" ] }, "errorResponse": { "title": "Error details.", "description": "Contains details when the response code indicates an error.", "type": "object", "properties": { "error": { "description": "The error details.", "$ref": "#/definitions/errorInfo" } }, "required": [ "error" ] } } }