Concept: Azure Log Analytics to an alert dashboard in PowerApps

After reviewing the Azure Log Analytics connector and working a lot with Azure Log Analytics, I have chosen to create a concept to use Kusto queries and displaying the results on a dashboard in a power app. This concept has not been implemented in production and is merely an example of how to combine Azure connectors with Flow and PowerApps.

When looking at the design, three big components are used:

When looking at the design, three big components are used:

>> PowerApps – dashboard – Trigger for the flows

>> Microsoft Flow – Connection between Azure Log Analytics workspace and the Power App.

>> The “Log Analytics” workspace that contains logs of Azure resources.

In this example, a virtual machine that points to a Log Analytics workspace and collects all of the performances and security parameters of the virtual machine.

Before building the power app and flows, homework needs to be done in Azure. In this case, all the connectors in Flow will use a service principal to connect to the Azure Tenant and use the lowest privilege access rules.

In the Azure Portal, go to Azure AD and select “App registrations” in this blade click “New registration“. Creating an app registration for the Log Analytics access in  Azure.

App registrations

Give a name for the app application service principal name.

When the app registration has been performed a secret need to be created. Select and click “Certificates & secrets” and click “New client secret“. Make note of the password that has been created.

The Client ID, Client Secret, and Tenant ID will be used to authenticate the Azure Log Analytics connector in Flow to the Azure tenant. When this has been completed the development will proceed towards the power app. 
For the API permissions for Log Analytics and the tenant, permissions need to set.

For Log Analytics API, admin consent is required and need to be enabled. Log Analytics workspace and Azure VM’s that have diagnostics settings enabled. 

The power app contains a simple gallery that displays the result of each Kusto query. Using a control timer, that function as a trigger for the Flow to get the results from the Log Analytics workspace. The flow will be triggered as the timer starts, and the timer is starting automatically and restarts every time the refresh time runs out.

Two screens have been created to display alerts for high CPU levels and Windows Updates for the virtual machine. This is how the screens are looking in the power app editor:

Alerts dashboard
Windows updates dashboard

Within the timer property value “OnTimerStart” following code has been added: 

  • ClearCollect(Alerts,LogAnalyticsCPU.Run()) >> Gallery will be connected to the collection “Alerts
  • ClearCollect(WindowsUpdates,’LogAnalyticsWU’.Run()) >> Gallery will be connected to the collection “WindowsUpdates

One of the Flows that will be triggered from out of the power app, is “Log Analytics CPU” The Flow is triggered by the power app, the action “Run query and list results” from the Azure Log Analytics connector will run the Kusto query. 

Authentication of the Azure Log Analytics connector will be done by an app application service principal that has been created in one of the previous steps: 

Entering the correct client ID, tenant ID and client secret and clicking “Create” will connect the action to the given tenant and subscription, resource group and log analytics workspace can be selected.

In the next two steps a filter will select only the information that we need to send back to the power app. 
Because of the array, “Response HTTP” is used to send the information back towards the power app.

This is the JSON schema used to send the information:

{
    "type": "array",
    "items": {
        "type": "object",
        "properties": {
            "HostName": {
                "type": "string"
            },
            "AvgCPU": {
                "type": "number"
            }
        },
        "required": [
            "HostName",
            "AvgCPU"
        ]
    }
} 

I did not manage to send the information back with the action “Respond to PowerApps”. But using the HTTP response did the trick. 

The same flow has been used for Windows Updates, but with a different Kusto query. See flow below:

Screenshot of the Windows update result for the virtual machine:

This will be the same for alerts when the CPU is higher than 75%.
Hope you like (Like me/Share) this and when questions put them here below.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.