Azure CNI and Cilium for Advanced AKS Networking, Security & Observability
May 8, 2025Building a FinOps-Ready Azure Landing Zone: Infrastructure Foundations for Cost Optimization
May 8, 2025
Currently, to send logs to Azure Log Analytics, the recommended method involves using the Azure Log Analytics Data Collector.
This is a managed connector that typically requires public access to your Log Analytics Workspace (LAW).
Consequently, this connector does not function if your LAW has Virtual Network (VNet) integration, as outlined in the Azure Monitor private link security documentation.
Solution: Logic App Standard for VNet Integrated Log Analytics Workspace
To address this limitation, a solution has been developed using Logic App Standard to directly connect to the LAW ingestion http endpoint.
The relevant API documentation for this endpoint can be found here: Log Analytics REST API | Microsoft Learn.
It’s important to note that the current version of this endpoint exclusively supports authentication via a shared key, as detailed in the Log Analytics REST API Reference | Microsoft Learn.
Any request to the Log Analytics HTTP Data Collector API must include the Authorization header. To authenticate a request, you must sign the request with either the primary or secondary key for the workspace that is making the request and pass that signature as part of the request.
Implementing Shared Key Authentication with C# Inline Script
The proposed solution involves building a small C# inline script within the Logic App Standard to handle the shared key authentication process.
Sample code for this implementation has been uploaded to my GitHub: LAWLogIngestUsingHttp
string dateString = DateTime.UtcNow.ToString(“r”);
byte[] content = Encoding.UTF8.GetBytes(jsonData);
int contentLength = content.Length;
string method = “POST”;
string contentType = “application/json”;
string resource = “/api/logs”;
string stringToSign = $”{method}n{contentLength}n{contentType}nx-ms-date:{dateString}n{resource}”;
byte[] sharedKeyBytes = Convert.FromBase64String(connection.SharedKey);
using HMACSHA256 hmac = new HMACSHA256(sharedKeyBytes);
byte[] stringToSignBytes = Encoding.UTF8.GetBytes(stringToSign);
byte[] signatureBytes = hmac.ComputeHash(stringToSignBytes);
string signature = Convert.ToBase64String(signatureBytes);
HTTP Action Configuration
Subsequently, an HTTP action within the Logic App Standard is configured to call the Log Analytics ingestion endpoint using an HTTP POST method.
The endpoint URL follows this format:
https://{WorkspaceId}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01Remember to replace {WorkspaceId} with your actual Log Analytics Workspace ID.
the custom table name will be in the log-type header