如何 运行 Azure Log Analytics 查询 api,使用 python?
How To run Azure Log Analytics query api, Using python?
我一直在尝试 运行 使用 python 的日志分析查询 运行 在下面的查询中
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-0000-c05f0ccc198d/query\' -d \'{\"query\": \"ContainerLog\",\"timespan\": \"PT12H\"}\' -H \'Authorization:Bearer"+auth+" \' -H \'Content-Type: application/json\'")
但它不适用于以下查询
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-c05f0ccc198d/query\' -d \'{\"query\": \"search in (ContainerLog) \"error\" | where TimeGenerated > datetime(\"2020-09-09\") | project LogEntry\"}\' -H \'Authorization:Bearer "+auth+"\' -H \'Content-Type: application/json\'")
错误:
{"error":{"message":"请求有一些无效的属性","code":"BadArgumentError","correlationId":"3cf07489-2a00-4ef6-9c00-15bd7d1be648","details ":[{"code":"InvalidJsonBody","message":"Unexpected token e in JSON at position 38","target":null}],"innererror":{"code":"QueryValidationError ","message":"解析查询失败"}}}
\"error\" 和 \"2020-09-09\" 应该使用单引号而不是双引号。
例如,使用\'error\'代替\"error\";使用 datetime(\'2020-09-09\') 而不是 datetime(\"2020-09-09\")
查询如下所示:
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-c05f0ccc198d/query\' -d \'{\"query\": \"search in (ContainerLog) \'error\' | where TimeGenerated > datetime(\'2020-09-09\') | project LogEntry\"}\' -H \'Authorization:Bearer "+auth+"\' -H \'Content-Type: application/json\'")
use the below code
import requests
url = "https://api.loganalytics.io/v1/workspaces/{workspace_id}/query"
payload = "{\"query\": \"search in (ContainerLog) 'error' | top 50 by TimeGenerated asc | project LogEntry\"}"
headers = {
'Authorization': 'Bearer access token',
'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data = payload)
我一直在尝试 运行 使用 python 的日志分析查询 运行 在下面的查询中
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-0000-c05f0ccc198d/query\' -d \'{\"query\": \"ContainerLog\",\"timespan\": \"PT12H\"}\' -H \'Authorization:Bearer"+auth+" \' -H \'Content-Type: application/json\'")
但它不适用于以下查询
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-c05f0ccc198d/query\' -d \'{\"query\": \"search in (ContainerLog) \"error\" | where TimeGenerated > datetime(\"2020-09-09\") | project LogEntry\"}\' -H \'Authorization:Bearer "+auth+"\' -H \'Content-Type: application/json\'")
错误:
{"error":{"message":"请求有一些无效的属性","code":"BadArgumentError","correlationId":"3cf07489-2a00-4ef6-9c00-15bd7d1be648","details ":[{"code":"InvalidJsonBody","message":"Unexpected token e in JSON at position 38","target":null}],"innererror":{"code":"QueryValidationError ","message":"解析查询失败"}}}
\"error\" 和 \"2020-09-09\" 应该使用单引号而不是双引号。
例如,使用\'error\'代替\"error\";使用 datetime(\'2020-09-09\') 而不是 datetime(\"2020-09-09\")
查询如下所示:
os.system("curl -X POST \'https://api.loganalytics.io/v1/workspaces/0000000000000000000000-c05f0ccc198d/query\' -d \'{\"query\": \"search in (ContainerLog) \'error\' | where TimeGenerated > datetime(\'2020-09-09\') | project LogEntry\"}\' -H \'Authorization:Bearer "+auth+"\' -H \'Content-Type: application/json\'")
use the below code
import requests
url = "https://api.loganalytics.io/v1/workspaces/{workspace_id}/query"
payload = "{\"query\": \"search in (ContainerLog) 'error' | top 50 by TimeGenerated asc | project LogEntry\"}"
headers = {
'Authorization': 'Bearer access token',
'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data = payload)