Log Analytics Workspaces
List Log Analytics Workspaces
Query Parameters
Azure subscription ID
Response
Create Log Analytics Workspace
Request Body
Azure subscription ID
Resource group name
Workspace name
Azure region
Pricing tier (“PerGB2018”, “PerNode”, “Standard”, “Premium”)
Data retention period (30-730 days)
Response
Success message
Data Collection Rules
List Data Collection Rules for VM
Path Parameters
Virtual machine name
Query Parameters
Filter by workspace resource ID (optional)
Response
Create DCR and Associate with VM
Request Body
Azure subscription ID
Resource group name
Data Collection Rule name
Azure region
Log Analytics workspace resource ID
Full VM resource ID
Collect performance counters
Collect system logs (Windows Event Log or Syslog)
Response
Success message
Created DCR resource ID
Association resource ID
Data Sources
Performance Counters (if enabled):\Processor(_Total)\% Processor Time\Memory\Available MBytes- Sampling frequency: 60 seconds
- Windows: System and Application event logs (Level 1-3)
- Linux: Syslog (all facilities and levels)
VM Logs
Export VM Logs to CSV
Path Parameters
Virtual machine name
Query Parameters
Log Analytics workspace GUID
Log type: “heartbeat” or “perf”
Time range in hours
Response
CSV file download with semicolon delimiterQuery VM Logs
Request Body
Log Analytics workspace GUID
KQL query (must filter by Computer == '')
Security
- Query must include filter:
Computer == '{vm_id}' - Dangerous keywords blocked: delete, update, modify, insert, drop
- Read-only access enforced
Response
Array of log records (dynamic schema based on query)
VM Alerts
List Alerts for VM
Path Parameters
Virtual machine name
Response
Array of alert objects
Alert name
Alert description
Severity level (0-4)
Whether alert is active
Resource IDs monitored by this alert
Evaluation frequency (e.g., “PT1M”)
Time window size (e.g., “PT5M”)
Create Metric Alert for VM
Request Body
Alert rule name
Azure metric name (e.g., “Percentage CPU”, “Available Memory Bytes”)
Threshold value for the metric
Email address for alert notifications
Response
Success message
Created alert rule resource ID
Created action group resource ID
Alert Configuration
- Severity: 3 (Informational)
- Evaluation Frequency: 1 minute
- Window Size: 5 minutes
- Operator: GreaterThan
- Time Aggregation: Average
- Action Group: Created automatically with email receiver
Delete VM Alert
Path Parameters
Virtual machine name
Alert name to delete
Response
Confirmation message
Container Monitoring
Get Container Metrics
Path Parameters
Container group name
Response
Azure subscription ID
Resource group name
Full resource ID
Azure region
Container name
Interval: 1 minute
Get Container Linked Workspace
Response
Export Container Logs
Query Parameters
Log Analytics workspace GUID
Time range in hours
Log type
Response
CSV file download with logs (top 500 entries)Run Container KQL Query
Request Body
Log Analytics workspace GUID
KQL query (must filter by ContainerGroup_s == '')
Response
Column names
Query results
Container Alerts
List Container Alerts
Query Parameters
Azure subscription ID
Resource group name
Response
Create Container Alert
Request Body
Azure subscription ID
Resource group name
Action group resource ID for notifications
Threshold value
Metric name
Comparison operator
Time window (ISO 8601 duration)
Evaluation frequency (ISO 8601 duration)
Response
Success message
Created alert name
Delete Container Alert
Request Body
Azure subscription ID
Resource group name
Alert name to delete
Response
Confirmation message