stackoom
  简体   繁体   中英

Are “Cross Application Queries” possible using the Azure API format for app insights?

 原文  2019-08-20 11:35:15       azure/ azure-application-insights

Question

I'm trying to make a query to Application Insights using the Azure API format to retrieve data on multiple applications. I can successfully make queries for any application without a join .

I have previously done this using the Public API format, following the documentation for making "cross-application queries" successfully. Under the Azure API schema, however, once I add a second application to a query - either using the implicit or explicit mechanisms described in the documentation - I get an error of type InsufficientAccessError with the message: "The provided credentials have insufficient access to perform the requested operation".

If there are sufficient permissions to access either table individually, I would expect there to be sufficient to do a join. Is there a separate permission required to make these queries, or is it an issue with the API itself?

For reference, the Azure AD application has delegated permissions for:

  • user_impersonation
  • Directory.Read.All
  • Group.Read.All
  • User.Read
  • User.ReadBasic.All
  • User.ReadWrite

The user which is making the requests has the Owner role on all relevant applications.

And the final request has a JSON body (with the blanks filled in): 

{
  "query": "requests \n| summarize avgRequestDuration=avg(duration) by bin(timestamp, 1h)",
  "applications": [
    "/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/microsoft.operationalinsights/components/<applicationName>"
  ],
  "timespan": "P1D"
}

Edit: I've tried this query using different forms of the resource identifiers as mentioned in the documentation, including the recommended "/providers/microsoft.operationalinsights/applications/" and "/providers/microsoft.operationalinsights/components/".

1 answers

solution1
 0  2019-08-28 16:27:11

Based on a couple of things I've discovered, I believe it is impossible to do a cross-resource query in the Azure API URL format.

  1. All experimentation with adding different roles to users and experimenting with permissions failed to find anything that worked.

  2. The Go SDK uses the Azure API URL format and does not allow cross-resource queries, the .NET SDK uses the Public API URL format and does allow cross-resource queries, indicating that the feature set is different for the two APIs.

I would be happy to be proven wrong or to have this proven correct with a better reference.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create Application Insights using Azure Fluent API Is there a limit to the Maximum size of data returned of queries to the Azure App Insights API? How to access Application Insights data using the Azure API format with AD authentication Azure Application Insights for monitoring SQL Queries Azure Application Insights not tracking SQL Queries Create an alert on calling a third party API using Azure Application Insights Creating Azure App Insights using REST API fails requires ROLE Azure App Insights API to get traces using Query in c# Azure Application Insights console logs format Query Application Insights via Azure REST API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM