Table: azure_log_analytics_workspace - Query Azure Log Analytics Workspaces using SQL
Azure Log Analytics Workspaces are environments for managing log data collected from various sources. These workspaces are essential for centralizing and analyzing log data to monitor and gain insights into the operational health and performance of Azure resources.
Table Usage Guide
The azure_log_analytics_workspace table provides insights into the properties and configurations of Log Analytics Workspaces within your Azure environment. System administrators can explore details such as the workspace's SKU, retention settings, network access configurations, and various features. Utilize this table to manage and optimize your log data collection and analysis processes.
Examples
Basic Info
Retrieve basic information about your Log Analytics Workspaces, including their names, IDs, and locations. This helps in keeping track of all available workspaces within your Azure environment.
select name, id, locationfrom azure_log_analytics_workspace;select name, id, locationfrom azure_log_analytics_workspace;List workspaces with retention period greater than 30 days
Identify workspaces where the log retention period exceeds 30 days. This can be useful for compliance and data retention policy enforcement.
select name, id, retention_in_daysfrom azure_log_analytics_workspacewhere retention_in_days > 30;select name, id, retention_in_daysfrom azure_log_analytics_workspacewhere retention_in_days > 30;Get workspaces that have data export enabled
Find workspaces that have data export enabled. This is essential for monitoring data export activities and ensuring that important data is being transferred as expected.
select name, id, enable_data_exportfrom azure_log_analytics_workspacewhere enable_data_export = true;select name, id, enable_data_exportfrom azure_log_analytics_workspacewhere enable_data_export = true;Identify workspaces with local auth disabled
List workspaces where non-AAD based authentication is disabled. This information is crucial for maintaining secure access controls and adhering to organizational security policies.
select name, id, disable_local_authfrom azure_log_analytics_workspacewhere disable_local_auth = true;select name, id, disable_local_authfrom azure_log_analytics_workspacewhere disable_local_auth = true;Workspaces with private link scoped resources
Retrieve workspaces that have linked private link scope resources. This helps in understanding the private network configurations and ensuring secure communication within your Azure environment.
select name, id, private_link_scoped_resourcesfrom azure_log_analytics_workspacewhere private_link_scoped_resources is not null;select name, id, private_link_scoped_resourcesfrom azure_log_analytics_workspacewhere private_link_scoped_resources is not null;Workspaces with force CMK for query enabled
Find workspaces where customer-managed keys are mandatory for query management. This is important for organizations that require additional security measures for data encryption and query operations.
select name, id, force_cmk_for_queryfrom azure_log_analytics_workspacewhere force_cmk_for_query = true;select name, id, force_cmk_for_queryfrom azure_log_analytics_workspacewhere force_cmk_for_query = true;Control examples
Schema for azure_log_analytics_workspace
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | The list of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| cluster_resource_id | text | Dedicated LA cluster resourceId that is linked to the workspaces. | |
| created_date | timestamp with time zone | Workspace creation date. | |
| customer_id | text | Represents the ID associated with the workspace. | |
| disable_local_auth | boolean | Disable Non-AAD based Auth. | |
| enable_data_export | boolean | Flag that indicates if data should be exported. | |
| enable_log_access_using_only_resource_permissions | boolean | Flag that indicates which permission to use - resource or workspace or both. | |
| force_cmk_for_query | boolean | Indicates whether customer managed storage is mandatory for query management. | |
| id | text | Contains the unique ID to identify the Log Analytics workspace. | |
| immediate_purge_data_on_30_days | boolean | Flag that describes if we want to remove the data after 30 days. | |
| location | text | The location of the Log Analytics workspace. | |
| modified_date | timestamp with time zone | Workspace modification date. | |
| name | text | = | The friendly name that identifies the Log Analytics workspace. |
| private_link_scoped_resources | jsonb | List of linked private link scope resources. | |
| provisioning_state | text | The provisioning state of the Log Analytics workspace. | |
| public_network_access_for_ingestion | text | The network access type for accessing Log Analytics ingestion. | |
| public_network_access_for_query | text | The network access type for accessing Log Analytics query. | |
| region | text | The region of the Log Analytics workspace. | |
| resource_group | text | = | The resource group of the Log Analytics workspace. |
| retention_in_days | bigint | The retention period for the Log Analytics workspace data in days. | |
| sku | jsonb | The SKU (pricing level) of the Log Analytics workspace. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | The tags assigned to the Log Analytics workspace. | |
| title | text | The title of the Log Analytics workspace. | |
| type | text | The type of the Log Analytics workspace. | |
| workspace_capping | jsonb | The workspace capping properties. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_log_analytics_workspace