Azure Log Analytics Client Library (Deprecated)

0.1.1 · deprecated · verified Sat Apr 11

This is an older Microsoft Azure client library for interacting with Azure Log Analytics. It is no longer maintained and has been officially deprecated. For querying data, users are advised to migrate to the `azure-monitor-query` library. For ingesting data into Log Analytics, the `azure-monitor-ingestion` library should be used. The last stable release for this package was 0.1.1 in 2021.

Warnings

breaking The `azure-loganalytics` package (0.1.1) is no longer maintained and has been deprecated. It will not receive new features or bug fixes. Continued use is not recommended for production environments.
Fix: Migrate your code to use `azure-monitor-query` for querying logs and `azure-monitor-ingestion` for sending custom logs. Install them via `pip install azure-monitor-query azure-monitor-ingestion azure-identity`.
deprecated The functionality for querying Azure Log Analytics programmatically has been moved to the `azure-monitor-query` library, and for ingesting data to `azure-monitor-ingestion`. These new libraries offer improved features, async support, and consistent Azure SDK patterns.
Fix: Refactor your application to use `LogsQueryClient` from `azure.monitor.query` and `LogsIngestionClient` from `azure.monitor.ingestion`. Refer to their respective documentation for migration guidance.
gotcha There are multiple Azure Python packages related to Log Analytics. `azure-loganalytics` (this package) is for data operations and is deprecated. `azure-mgmt-loganalytics` is for *managing* Log Analytics workspaces (e.g., creating, updating, deleting workspaces). The modern data querying library is `azure-monitor-query`.
Fix: Ensure you are using the correct library for your task: `azure-mgmt-loganalytics` for management tasks, and `azure-monitor-query` for querying logs.
gotcha Authentication for modern Azure SDK client libraries relies on `azure-identity`. Older `azure-loganalytics` (if still used) might have different, outdated authentication patterns. `DefaultAzureCredential` is the recommended way to authenticate for new libraries.
Fix: Install `azure-identity` and use `DefaultAzureCredential`. Set environment variables like `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, `AZURE_CLIENT_SECRET` or use `az login` via Azure CLI to enable automatic authentication.

Install

pip install azure-loganalytics Deprecated Package
pip install azure-monitor-query azure-monitor-ingestion azure-identity Recommended Replacement Packages

Imports

LogsQueryClient
```
from azure.monitor.query import LogsQueryClient
```
The original `azure-loganalytics` package is deprecated. Use `LogsQueryClient` from `azure-monitor-query` for current data querying.
DefaultAzureCredential
```
from azure.identity import DefaultAzureCredential
```
This is the standard authentication method for modern Azure SDKs.

Quickstart

This quickstart demonstrates how to query Azure Log Analytics using the recommended `azure-monitor-query` client library. It authenticates using `DefaultAzureCredential` (which leverages environment variables or Azure CLI login) and executes a Kusto Query Language (KQL) query against a specified Log Analytics workspace. Replace `<your_log_analytics_workspace_id>` with your actual workspace ID.

import os
from azure.identity import DefaultAzureCredential
from azure.monitor.query import LogsQueryClient
from datetime import timedelta

# Set your Log Analytics Workspace ID
# Can be found in the Azure portal under your Log Analytics workspace's 'Overview' page
LOGS_WORKSPACE_ID = os.environ.get("LOGS_WORKSPACE_ID", "<your_log_analytics_workspace_id>")

# Authenticate using DefaultAzureCredential
# Ensure environment variables AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET are set,
# or you are logged in via 'az login' (Azure CLI) for this to work automatically.
credential = DefaultAzureCredential()

# Create a LogsQueryClient
client = LogsQueryClient(credential)

# Define a Kusto Query Language (KQL) query
query = """
AzureActivity
| summarize count() by ResourceGroup
| limit 5
"""

try:
    # Execute the query for data from the last 1 day
    response = client.query_workspace(
        LOGS_WORKSPACE_ID,
        query,
        timespan=timedelta(days=1)
    )

    # Process and print the results
    if response.tables:
        for table in response.tables:
            print(f"\nTable: {table.name}")
            print(f"Columns: {[col.name for col in table.columns]}")
            for row in table.rows:
                print(row)
    else:
        print("No results found for the query.")
except Exception as e:
    print(f"An error occurred: {e}")

view raw JSON →