Using azapi to configure Intune platform logs / diagnostic settings to a log analytics workspace #684
Labels
example
Example request
Comments
|
Hi @lableoel , Thank you for taking time to report this issue. It seems that the Here's an example, hope it could help you: resource "azapi_resource" "diagnosticSetting" {
type = "Microsoft.Intune/diagnosticSettings@2017-04-01-preview"
name = "testAPI"
body = {
properties = {
logs = [
{
category = "AuditLogs"
categoryGroup = null
enabled = true
retentionPolicy = {
days = 0
enabled = false
}
},
{
category = "OperationalLogs"
categoryGroup = null
enabled = false
retentionPolicy = {
days = 0
enabled = false
}
},
{
category = "DeviceComplianceOrg"
categoryGroup = null
enabled = false
retentionPolicy = {
days = 0
enabled = false
}
},
{
category = "Devices"
categoryGroup = null
enabled = false
retentionPolicy = {
days = 0
enabled = false
}
},
{
category = "Windows365AuditLogs"
categoryGroup = null
enabled = false
retentionPolicy = {
days = 0
enabled = false
}
}
]
metrics = []
workspaceId = "/subscriptions/My-Subscription-ID9/resourceGroups/myresource/providers/Microsoft.OperationalInsights/workspaces/MyResourceName-LogAnalytics-TransverseMonitoring"
logAnalyticsDestinationType = null
}
}
}
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
I am trying to forward Intune logs to Azure Log Analytics Workspace with this terraform provider but cannot get it to work.
Basically:
Issue:
Return
Working case with powershell
#Connect-Azaccount
$tokenInfo = Get-AzAccessToken -ResourceUrl "https://management.azure.com"
$authHeader = @{
Authorization = "{0} {1}" -f $tokenInfo.Type, $tokenInfo.Token
ContentType = "application/json"
}
$subscriptionId = "My-Subscription-ID"
$url = "https://management.azure.com/providers/microsoft.intune/diagnosticSettings/testAPI?api-version=2017-04-01-preview"
$body = '{"properties":{"logs":[{"category":"AuditLogs","categoryGroup":null,"enabled":true,"retentionPolicy":{"days":0,"enabled":false}},{"category":"OperationalLogs","categoryGroup":null,"enabled":false,"retentionPolicy":{"days":0,"enabled":false}},{"category":"DeviceComplianceOrg","categoryGroup":null,"enabled":false,"retentionPolicy":{"days":0,"enabled":false}},{"category":"Devices","categoryGroup":null,"enabled":false,"retentionPolicy":{"days":0,"enabled":false}},{"category":"Windows365AuditLogs","categoryGroup":null,"enabled":false,"retentionPolicy":{"days":0,"enabled":false}}],"metrics":[],"workspaceId":"/subscriptions/My-Subscription-ID9/resourceGroups/myresource/providers/Microsoft.OperationalInsights/workspaces/MyResourceName-LogAnalytics-TransverseMonitoring","logAnalyticsDestinationType":null}}'
$diagParam = @{
URI = $url
Method = "PUT"
Headers = $authHeader
Body = $($body)
}
$diagnostics = Invoke-RestMethod @diagParam -ContentType "application/json"
$diagnostics
Environment/question
Has anyone tried this before ? what am I doing wrong ? can it be done ?
The text was updated successfully, but these errors were encountered: