swagger: '2.0' info: version: 2021-05-19_Preview title: Microsoft Azure Azure Log Analytics description: This API exposes Azure Log Analytics query capabilities termsOfService: https://dev.loganalytics.io/tos contact: name: AIAPI Team url: https://dev.loganalytics.io/support email: aiapi@microsoft.com license: name: Microsoft url: https://dev.loganalytics.io/license host: api.loganalytics.io basePath: /v1 schemes: - https consumes: - application/json produces: - application/json securityDefinitions: oauth2: type: oauth2 authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize flow: implicit description: Azure Active Directory OAuth2 Flow scopes: user_impersonation: impersonate your user account security: - oauth2: - user_impersonation paths: /workspaces/{workspaceId}/query: get: operationId: microsoftAzureQueryGet summary: Microsoft Azure Execute An Analytics Query description: Executes an Analytics query for data x-ms-examples: simple-query: $ref: examples/oms-get-example.json cross-workspace: $ref: examples/oms-get-cross-workspace-example.json parameters: - $ref: '#/parameters/workspaceId' - $ref: '#/parameters/queryParam' - $ref: '#/parameters/timespanParam' responses: '200': description: >- OK. The API call succeeded and the Analytics query result is in the response payload schema: $ref: '#/definitions/queryResults' default: description: An error response object. schema: $ref: '#/definitions/errorResponse' tags: - Workspaces post: operationId: microsoftAzureQueryExecute summary: Microsoft Azure Execute An Analytics Query description: >- Executes an Analytics query for data. [Here](https://dev.loganalytics.io/documentation/Using-the-API) is an example for using POST with an Analytics query. x-ms-examples: simple-query: $ref: examples/oms-post-example.json cross-workspace: $ref: examples/oms-post-cross-workspace-example.json parameters: - $ref: '#/parameters/workspaceId' - $ref: '#/parameters/queryBody' - $ref: '#/parameters/PreferHeaderParameter' responses: '200': description: >- OK. The API call succeeded and the Analytics query result is in the response payload schema: $ref: '#/definitions/queryResults' default: description: An error response object. schema: $ref: '#/definitions/errorResponse' tags: - Workspaces /workspaces/{workspaceId}/metadata: get: operationId: microsoftAzureMetadataGet summary: Microsoft Azure Gets Metadata Information description: >- Retrieve the metadata information for the workspace, including its schema, functions, workspace info, categories etc. x-ms-examples: metadataGet: $ref: examples/metadata-get.json parameters: - $ref: '#/parameters/workspaceId' responses: '200': description: >- OK. The API call succeeded and the metadata result is in the response payload schema: $ref: '#/definitions/metadataResults' default: description: An error response object. schema: $ref: '#/definitions/errorResponse' tags: - Workspaces post: operationId: microsoftAzureMetadataPost summary: Microsoft Azure Gets Metadata Information description: >- Retrieve the metadata information for the workspace, including its schema, functions, workspace info, categories etc. x-ms-examples: metadataPost: $ref: examples/metadata-post.json parameters: - $ref: '#/parameters/workspaceId' responses: '200': description: >- OK. The API call succeeded and the metadata result is in the response payload schema: $ref: '#/definitions/metadataResults' default: description: An error response object. schema: $ref: '#/definitions/errorResponse' tags: - Workspaces /$batch: post: operationId: microsoftAzureQueryBatch summary: Microsoft Azure Execute A Batch Of Analytics Queries description: >- Executes a batch of Analytics queries for data. [Here](https://dev.loganalytics.io/documentation/Using-the-API) is an example for using POST with an Analytics query. x-ms-examples: metadataPost: $ref: examples/batch-query-example.json parameters: - name: body in: body description: The batch request body required: true schema: type: object $ref: '#/definitions/batchRequest' responses: '200': description: >- OK. The API call succeeded and the Analytics query result is in the response payload schema: $ref: '#/definitions/batchResponse' default: description: An error response object. schema: $ref: '#/definitions/errorResponse' tags: - $Batch parameters: workspaceId: name: workspaceId description: >- ID of the workspace. This is Workspace ID from the Properties blade in the Azure portal. in: path required: true type: string x-ms-parameter-location: method workspacesParam: name: workspaces description: Comma separated workspace IDs to include in cross-workspace queries. in: query collectionFormat: csv required: false default: '' type: string x-ms-parameter-location: method queryParam: name: query in: query required: true x-ms-parameter-location: method description: >- The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/) type: string queryBody: name: body in: body description: >- The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/) required: true schema: $ref: '#/definitions/queryBody' x-ms-parameter-location: method timespanParam: name: timespan in: query required: false format: duration x-ms-parameter-location: method description: >- Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression. type: string PreferHeaderParameter: name: Prefer in: header required: false type: string description: >- Optional. The prefer header to set server timeout, query statistics and visualization information. x-ms-parameter-location: method definitions: queryParam: description: >- The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/) type: string timespanParam: description: >- Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression. type: string workspacesParam: description: Workspace names to include in cross-workspace queries. type: array items: type: string queryBody: description: >- The Analytics query. Learn more about the [Analytics query syntax](https://azure.microsoft.com/documentation/articles/app-insights-analytics-reference/) type: object properties: query: description: The query to execute. $ref: '#/definitions/queryParam' timespan: description: >- Optional. The timespan over which to query data. This is an ISO8601 time period value. This timespan is applied in addition to any that are specified in the query expression. $ref: '#/definitions/timespanParam' workspaces: description: A list of workspaces that are included in the query. $ref: '#/definitions/workspacesParam' required: - query queryResults: title: A query response. description: Contains the tables, columns & rows resulting from a query. type: object properties: tables: description: The list of tables, columns and rows. type: array items: $ref: '#/definitions/table' statistics: type: object description: Statistics represented in JSON format. properties: {} render: type: object description: Visualization data in JSON format. properties: {} error: $ref: '#/definitions/errorInfo' required: - tables table: title: A query response table. description: Contains the columns and rows for one table in a query response. type: object properties: name: description: The name of the table. type: string columns: description: The list of columns in this table. type: array items: $ref: '#/definitions/column' rows: description: The resulting rows from this query. type: array items: type: array items: type: object required: - name - columns - rows column: title: A table column. description: A column in a table. type: object properties: name: description: The name of this column. type: string type: description: The data type of this column. $ref: '#/definitions/logsColumnType' logsColumnType: type: string description: The data type of this column. enum: - bool - datetime - dynamic - int - long - real - string - guid - decimal - timespan x-ms-enum: name: logsColumnType modelAsString: true metadataResults: title: A metadata response. description: The metadata response for the app, including available tables, etc. type: object properties: categories: description: The list of categories that are referenced in this metadata response. type: array items: $ref: '#/definitions/metadataCategory' uniqueItems: true resourceTypes: description: >- The list of resource types that are referenced in this metadata response. type: array items: $ref: '#/definitions/metadataResourceType' uniqueItems: true solutions: description: The list of Log Analytics solutions installed on the workspace. type: array items: $ref: '#/definitions/metadataSolution' uniqueItems: true tables: description: >- The list of tables and columns that comprise the schema of the workspace. type: array items: $ref: '#/definitions/metadataTable' uniqueItems: true functions: description: >- The list of functions stored on the workspace, or introduced by solutions etc. type: array items: $ref: '#/definitions/metadataFunction' uniqueItems: true queries: description: >- The list of saved queries stored on the workspace, or introduced by solutions, resource types, etc. type: array items: $ref: '#/definitions/metadataQuery' uniqueItems: true applications: description: >- The list of Application Insights apps that were referenced in the metadata request. type: array items: $ref: '#/definitions/metadataApplication' uniqueItems: true workspaces: description: >- The list of Log Analytics workspaces that were referenced in the metadata request. type: array items: $ref: '#/definitions/metadataWorkspace' uniqueItems: true resources: description: >- The list of Azure resources that were referenced in the metadata request. type: array items: $ref: '#/definitions/metadataResource' uniqueItems: true permissions: description: The list of permission rules that affected the metadata request. type: array items: $ref: '#/definitions/metadataPermissions' uniqueItems: true metadataCategory: title: A metadata category. description: Categories are used to group other metadata entities. type: object properties: id: description: The ID of the category type: string displayName: description: The display name of the category type: string description: description: The description of the category type: string related: description: The related metadata items for the category type: object properties: tables: description: The tables related to the category type: array items: type: string functions: description: The functions related to the category type: array items: type: string resourceTypes: description: The resource types related to the category type: array items: type: string queries: description: The saved queries related to the category type: array items: type: string solutions: description: The Log Analytics solutions related to the category type: array items: type: string required: - id - displayName metadataSolution: title: A Log Analytics solution. description: >- Solutions can group tables and functions that are associated with a certain Azure Log Analytics offering. type: object properties: id: description: The ID of the Log Analytics solution type: string name: description: The name of the Log Analytics solution type: string displayName: description: The display name of the Log Analytics solution type: string description: description: The description of the Log Analytics solution type: string tags: description: The tags that are associated with the Log Analytics solution $ref: '#/definitions/tags' properties: description: The properties of the Log Analytics solution type: object related: description: The related metadata items for the Log Analytics solution type: object properties: tables: description: The tables related to the Log Analytics solution type: array items: type: string functions: description: The functions related to the Log Analytics solution type: array items: type: string categories: description: The categories related to the Log Analytics solution type: array items: type: string queries: description: The saved queries related to the Log Analytics solution type: array items: type: string workspaces: description: >- The Workspaces referenced in the metadata request that are related to the Log Analytics solution type: array items: type: string required: - tables required: - id - name - related metadataResourceType: title: A type of resource in Azure. description: >- Metadata about types of Azure resources, containing relevant tables, functions, etc. type: object properties: id: description: The ID of the resource-type type: string type: description: The type of the resource-type type: string displayName: description: The display name of the resource-type type: string description: description: The description of the resource-type type: string labels: description: The user-defined labels of the resource-type type: array items: type: string tags: description: The tags associated with the resource-type $ref: '#/definitions/tags' properties: description: The properties of the resource-type type: object related: description: The related metadata items for the resource-type type: object properties: tables: description: The tables related to the resource-type type: array items: type: string functions: description: The functions related to the resource-type type: array items: type: string categories: description: The categories related to the resource-type type: array items: type: string queries: description: The queries related to the resource-type type: array items: type: string workspaces: description: The Log Analytics workspaces related to the resource-type type: array items: type: string resources: description: The Azure resources related to the resource-type type: array items: type: string required: - id - type metadataTable: title: A data table that takes part in a workspace schema. description: >- Tables are part of the workspace schema, and contain a list of columns and a reference to other relevant metadata items. type: object properties: id: description: The ID of the table type: string name: description: The name of the table type: string description: description: The description of the table type: string timespanColumn: description: The column associated with the timespan query parameter for the table type: string labels: description: The user defined labels of the table type: array items: type: string tags: description: The tags associated with the table $ref: '#/definitions/tags' properties: description: The properties of the table type: object columns: description: The list of columns defined on the table type: array items: properties: name: description: The name of the column type: string description: description: The description of the column type: string type: description: The data type of the column type: string enum: - bool - datetime - dynamic - int - long - real - string - guid - decimal - timespan x-ms-enum: name: MetadataColumnDataType modelAsString: true isPreferredFacet: description: A flag indicating this column is a preferred facet type: boolean source: description: >- an indication of the source of the column, used only when multiple workspaces have conflicting definition for the column type: object required: - name - type related: description: The related metadata items for the table type: object properties: categories: description: The related categories for the table type: array items: type: string solutions: description: The related Log Analytics solutions for the table type: array items: type: string resourceTypes: description: The related resource types for the table type: array items: type: string workspaces: description: The related Log Analytics workspaces for the table type: array items: type: string functions: description: The related functions for the table type: array items: type: string queries: description: The related saved queries for the table type: array items: type: string required: - id - name metadataFunction: title: A stored function. description: >- Functions are stored Kusto queries that can be specified as part of queries by using their name. type: object properties: id: description: The ID of the function. type: string name: description: The name of the function, to be used in queries. type: string parameters: description: The parameters/arguments of the function, if any. type: string displayName: description: The display name of the function. type: string description: description: The description of the function. type: string body: description: The KQL body of the function. type: string tags: description: The tags associated with the function. $ref: '#/definitions/tags' properties: description: The properties of the function. type: object related: description: The related metadata items for the function. type: object properties: tables: description: The related tables for the function. type: array items: type: string solutions: description: The related Log Analytics solutions for the function. type: array items: type: string resourceTypes: description: The related resource types for the function. type: array items: type: string categories: description: The related categories for the function. type: array items: type: string workspaces: description: The related workspaces for the function. type: array items: type: string required: - id - name - body metadataQuery: title: A stored query. description: >- Queries are stored pieces of KQL, along with a list of relevant metadata items. type: object properties: id: description: The ID of the query. type: string displayName: description: The display name of the query. type: string description: description: The description of the query. type: string body: description: The KQL body of the query. type: string labels: description: The user defined labels associated with the query. type: array items: type: string tags: description: The tags associated with the query. $ref: '#/definitions/tags' properties: description: The properties of the query. type: object related: description: The related metadata items for the query. type: object properties: categories: description: The related categories for the query. type: array items: type: string solutions: description: The related Log Analytics solutions for the query. type: array items: type: string resourceTypes: description: The related resource types for the query. type: array items: type: string tables: description: The related tables for the query. type: array items: type: string required: - id - body metadataApplication: title: An Application Insights application. description: >- Application Insights apps that were part of the metadata request and that the user has access to. type: object properties: id: description: The ID of the Application Insights app. type: string resourceId: description: The ARM resource ID of the Application Insights app. type: string name: description: The name of the Application Insights app. type: string region: description: The Azure region of the Application Insights app. type: string related: description: The related metadata items for the Application Insights app. type: object properties: tables: description: The related tables for the Application Insights app. type: array items: type: string functions: description: The related functions for the Application Insights app. type: array items: type: string required: - id - resourceId - name - region metadataWorkspace: title: A Log Analytics workspace. description: >- Log Analytics workspaces that were part of the metadata request and that the user has access to. type: object properties: id: description: The ID of the Log Analytics workspace. type: string resourceId: description: The ARM resource ID of the Log Analytics workspace. type: string name: description: The name of the Log Analytics workspace. type: string region: description: The Azure region of the Log Analytics workspace. type: string related: description: The related metadata items for the Log Analytics workspace. type: object properties: tables: description: The related tables for the Log Analytics workspace. type: array items: type: string solutions: description: >- The related Log Analytics solutions for the Log Analytics workspace. type: array items: type: string resourceTypes: description: The related resource types for the Log Analytics workspace. type: array items: type: string functions: description: The related functions for the Log Analytics workspace. type: array items: type: string resources: description: The related Azure resources for the Log Analytics workspace. type: array items: type: string required: - id - resourceId - name - region metadataResource: title: An Azure resource. description: >- Azure resources that were part of the metadata request and that the user has access to. metadataPermissions: title: Permission information. description: >- Permission information for the metadata call, includes apps/workspaces/resource the user didn't have access to. type: object properties: workspaces: description: The permission indication for the workspaces on the metadata request. type: array items: type: object properties: resourceId: description: The resource ID on the permission indication. type: string denyTables: description: The list of tables that were denied access for the resource ID. type: array items: type: string required: - resourceId resources: description: >- The permission indication for the Azure resources on the metadata request. type: array items: type: object properties: resourceId: description: The resource ID on the permission indication. type: string denyTables: description: The list of tables that were denied access for the resource ID. type: array items: type: string required: - resourceId applications: description: >- The permission indication for the Application Insights apps on the metadata request. type: array items: type: object properties: resourceId: description: The resource ID on the permission indication. type: string required: - resourceId required: - workspaces tags: description: String-based key-value tags type: object errorDetail: title: Error details. type: object properties: code: description: The error's code. type: string message: description: A human readable error message. type: string target: description: Indicates which property in the request is responsible for the error. type: string value: description: Indicates which value in 'target' is responsible for the error. type: string resources: description: Indicates resources which were responsible for the error. type: array items: type: string additionalProperties: description: Additional properties that can be provided on the error details object type: object required: - code - message errorInfo: title: The code and message for an error. type: object properties: code: description: A machine readable error code. type: string message: description: A human readable error message. type: string details: description: error details. type: array items: $ref: '#/definitions/errorDetail' innererror: description: Inner error details if they exist. $ref: '#/definitions/errorInfo' additionalProperties: description: Additional properties that can be provided on the error info object type: object required: - code - message errorResponse: title: Error details. description: Contains details when the response code indicates an error. type: object properties: error: description: The error details. $ref: '#/definitions/errorInfo' required: - error batchRequest: type: object description: An array of requests. properties: requests: type: array description: An single request in a batch. items: $ref: '#/definitions/batchQueryRequest' required: - requests batchQueryRequest: type: object description: An single request in a batch. properties: id: description: The error details. type: string headers: type: object additionalProperties: type: string body: $ref: '#/definitions/queryBody' path: type: string enum: - /query method: type: string enum: - POST workspace: description: Workspace Id to be included in the query type: string required: - workspace - body - id batchResponse: type: object description: Response to a batch query. properties: responses: type: array description: >- An array of responses corresponding to each individual request in a batch. items: $ref: '#/definitions/batchQueryResponse' batchQueryResponse: type: object properties: id: type: string status: type: integer body: type: object $ref: '#/definitions/batchQueryResults' headers: type: object additionalProperties: type: string batchQueryResults: title: A query response for a single query in a batch. description: Contains the tables, columns & rows resulting from a query. type: object properties: tables: description: The list of tables, columns and rows. type: array items: $ref: '#/definitions/table' statistics: type: object description: Statistics represented in JSON format. properties: {} render: type: object description: Visualization data in JSON format. properties: {} error: $ref: '#/definitions/errorInfo' tags: - name: $Batch - name: Workspaces