Azure Log Analytics · Arazzo Workflow

Azure Log Analytics Ingest Logs and Verify

Version 1.0.0

Confirm a target table exists, upload logs via a DCR, then query to verify.

1 workflow 3 source APIs 1 provider
View Spec View on GitHub AnalyticsAzureCloudLoggingMonitoringArazzoWorkflows

Provider

azure-log-analytics

Workflows

ingest-and-verify
Read the target table, upload logs through a DCR, then query to verify.
Reads the target table definition to confirm it exists, uploads a batch of log entries through a data collection rule stream, and runs a KQL query against the table to confirm the ingested data is present.
3 steps inputs: dcrImmutableId, ingestionApiVersion, logEntries, managementApiVersion, resourceGroupName, streamName, subscriptionId, tableName, timespan, verifyQuery, workspaceId, workspaceName outputs: schema, verificationTables
1
confirmTable
getTable
Read the management definition of the destination table to confirm it exists and expose its current schema before ingesting.
2
uploadLogs
uploadLogs
Send the batch of log entries through the data collection rule stream to the ingestion endpoint. A 204 indicates the data was accepted.
3
verifyIngestion
postQuery
Run the verification KQL query against the table to confirm the ingested rows are queryable.

Source API Descriptions

openapi
managementApi https://raw.githubusercontent.com/api-evangelist/azure-log-analytics/refs/heads/main/openapi/azure-log-analytics-management-api.yaml
openapi
ingestionApi https://raw.githubusercontent.com/api-evangelist/azure-log-analytics/refs/heads/main/openapi/azure-log-analytics-ingestion-api.yaml
openapi
queryApi https://raw.githubusercontent.com/api-evangelist/azure-log-analytics/refs/heads/main/openapi/azure-log-analytics-query-api.yaml

Arazzo Workflow Specification

azure-log-analytics-ingest-and-verify-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Azure Log Analytics Ingest Logs and Verify
  summary: Confirm a target table exists, upload logs via a DCR, then query to verify.
  description: >-
    A safe ingestion pattern that confirms the destination table before sending
    data. The workflow reads the management definition of the target table to
    ensure it exists with the expected schema, uploads a batch of log entries
    through a data collection rule to the ingestion endpoint, and then runs a KQL
    query to verify the rows arrived. Every step spells out its request inline so
    the flow can be read and executed without opening the underlying OpenAPI
    descriptions.
  version: 1.0.0
sourceDescriptions:
- name: managementApi
  url: ../openapi/azure-log-analytics-management-api.yaml
  type: openapi
- name: ingestionApi
  url: ../openapi/azure-log-analytics-ingestion-api.yaml
  type: openapi
- name: queryApi
  url: ../openapi/azure-log-analytics-query-api.yaml
  type: openapi
workflows:
- workflowId: ingest-and-verify
  summary: Read the target table, upload logs through a DCR, then query to verify.
  description: >-
    Reads the target table definition to confirm it exists, uploads a batch of
    log entries through a data collection rule stream, and runs a KQL query
    against the table to confirm the ingested data is present.
  inputs:
    type: object
    required:
    - subscriptionId
    - resourceGroupName
    - workspaceName
    - tableName
    - dcrImmutableId
    - streamName
    - logEntries
    - workspaceId
    - verifyQuery
    properties:
      subscriptionId:
        type: string
        description: The ID of the target Azure subscription.
      resourceGroupName:
        type: string
        description: The resource group that contains the workspace.
      workspaceName:
        type: string
        description: The management name of the Log Analytics workspace.
      tableName:
        type: string
        description: The name of the destination table to confirm and query.
      dcrImmutableId:
        type: string
        description: The immutable ID of the data collection rule used for ingestion.
      streamName:
        type: string
        description: The DCR stream name that handles the data (e.g. Custom-MyTable).
      logEntries:
        type: array
        description: The batch of log entry objects to upload.
        items:
          type: object
      workspaceId:
        type: string
        description: The customer (workspace) GUID used by the query endpoint.
      verifyQuery:
        type: string
        description: The KQL query used to verify the ingested rows are present.
      timespan:
        type: string
        description: Optional ISO 8601 duration limiting the verification query (e.g. PT1H).
      managementApiVersion:
        type: string
        description: The management API version to use.
        default: '2025-02-01'
      ingestionApiVersion:
        type: string
        description: The ingestion API version to use.
        default: '2023-01-01'
  steps:
  - stepId: confirmTable
    description: >-
      Read the management definition of the destination table to confirm it
      exists and expose its current schema before ingesting.
    operationId: getTable
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: workspaceName
      in: path
      value: $inputs.workspaceName
    - name: tableName
      in: path
      value: $inputs.tableName
    - name: api-version
      in: query
      value: $inputs.managementApiVersion
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      schema: $response.body#/properties/schema
  - stepId: uploadLogs
    description: >-
      Send the batch of log entries through the data collection rule stream to
      the ingestion endpoint. A 204 indicates the data was accepted.
    operationId: uploadLogs
    parameters:
    - name: dcrImmutableId
      in: path
      value: $inputs.dcrImmutableId
    - name: streamName
      in: path
      value: $inputs.streamName
    - name: api-version
      in: query
      value: $inputs.ingestionApiVersion
    requestBody:
      contentType: application/json
      payload: $inputs.logEntries
    successCriteria:
    - condition: $statusCode == 204
  - stepId: verifyIngestion
    description: >-
      Run the verification KQL query against the table to confirm the ingested
      rows are queryable.
    operationId: postQuery
    parameters:
    - name: workspaceId
      in: path
      value: $inputs.workspaceId
    requestBody:
      contentType: application/json
      payload:
        query: $inputs.verifyQuery
        timespan: $inputs.timespan
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      tables: $response.body#/tables
  outputs:
    schema: $steps.confirmTable.outputs.schema
    verificationTables: $steps.verifyIngestion.outputs.tables