Share via

How do I ingest 3rd party data (via Vendor's API) in Azure Log Analytics

Anchal Singh 5 Reputation points
2025-10-24T13:10:34.35+00:00

My CI/CD vendor Harness provides a REST API POST request to send its audit logs to any SIEM.

https://apidocs.harness.io/audit/getauditeventlistv2

How do i call this API and store its logs in Log analytics? All the microsoft documentation mentioning use of Log ingest API and DCR make are extremely confusing. Where do I enter Harness API URL and provide its API key and parameters to receive daily logs?

Please help this has turned out to be such a nightmare.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Divyesh Govaerdhanan 9,430 Reputation points
    2025-10-25T00:21:32.92+00:00

    Hello,

    Welcome to Microsoft Q&A,

    1. Prepare Log Analytics to receive Harness logs
    1. Create a custom table (e.g., Harness_Audit_CL) in your workspace via the portal. This wizard also creates a Data Collection Rule (DCR) for you.
      1. https://free.blessedness.top/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-portal
    2. Note the ingestion endpoint and stream from the DCR. The request URL format is:
      1. https://<your-dce-or-dcr-endpoint>.ingest.monitor.azure.com/dataCollectionRules/dcr-xxxx/streams/Custom-Harness_Audit?api-version=2023-01-01
    3. Give your sender identity permission on the DCR (IAM ➜ Monitoring Metrics Publisher is commonly used in the official tutorial)
      1. https://docs.azure.cn/en-us/azure-monitor/logs/tutorial-logs-ingestion-api?tabs=dcr
    1. Build the Logic App workflow (Consumption or Standard)

    Trigger: Recurrence (e.g., every 10 minutes). Actions:

    Get ‘since’ window (variables or a key/value store) so you only pull deltas.

    1. HTTP (to Harness): call …/audit/getauditeventlistv2 with query params for startTime/endTime (and paging). Add Harness headers with your API key/secret; keep them in Azure Key Vault.

    Transform the response JSON to the schema your DCR expects (you can also keep it raw and transform in the DCR).

    1. HTTP (to Azure Monitor Logs Ingestion):

    Method: POST

    URL: your DCR/DCE ingestion URL (above)

    Headers: Content-Type: application/json; charset=utf-8

    • Auth: Managed Identity for the Logic App with Audience https://monitor.azure.com/ (supported in the HTTP action).
    - [https://free.blessedness.top/en-us/azure/logic-apps/authenticate-with-managed-identity?tabs=consumption](https://free.blessedness.top/en-us/azure/logic-apps/authenticate-with-managed-identity?tabs=consumption)

    The records show up in Harness_Audit_CL within seconds. The official Logs Ingestion API docs + tutorial have end-to-end samples and the exact endpoint/fields.

    https://free.blessedness.top/en-us/azure/azure-monitor/logs/tutorial-logs-ingestion-portal

    https://free.blessedness.top/en-us/azure/azure-monitor/data-collection/data-collection-rule-overview?

    Please Upvote and accept the answer if it helps!!

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.