Skip to main content
Version: edge



The azure_monitor_ingest_writer makes it possible to write events to Microsoft Azure Monitor Logs Ingestion API data collection rule DCR endpoints.


authThe client credentials authentication parameters required to authenticate with Azure
dce_base_urlThe data collection endpoint base URL
dcrThe immutable data collection rule id of the form dcr-<uuid> used as part of the ingest request
streamRefers to the stream name according to the data collection rule referenced
api_versionThe API version this ingest request conforms to based on the data collection rule and monitor log table configuration
concurrencyThe number of concurrent requests to make to the Azure Monitor API. Default is 4
timeoutThe timeout in milliseconds for the Azure Monitor API requests. Default is unset


client_idThe client ID of the Azure AD application used to authenticate with the Azure Monitor API
client_secretThe client secret of the Azure AD application used to authenticate with the Azure Monitor API
tenant_idThe tenant ID of the Azure AD application used to authenticate with the Azure Monitor API
scopeThe scope of the Azure AD application used to authenticate with the Azure Monitor API


 define connector ingest from azure_monitor_ingest_writer
config = {
"auth": {
# We need this for client_credentials auth to get a bearer token
"client_id": "abcd1234-abcd-4444-1234-abcd1234abcd",
"client_secret": "BLOOQ~ZEEETZFN0RKWH1RL-CIRCLing-Splorq9",
"tenant_id": "abcd1234-4567-4321-beef-f00df00dcafe",

# We need this for the actual ingest api post request
"dce_base_url": "",
"dcr": "dcr-f9f9c999edfdab77b444444444444549",
"stream": "Custom-StreamName_CL",
"api_version": "2023-01-01",

Special considerations

Note. Unlike the HTTP connectors, the Azure Monitor Ingestion connector does not use the HTTP authentication configuration but instead uses a separate auth configuration object to provide the necessary credentials to authenticate with the Azure Monitor API. Please raise an issue if you would like to see other Azure REST APIs supported.

The data collection endpoint will always return a 204 No Content response, even if the request is malformed or the data is not accepted by the data collection rule. The responsibility for ensuring the data is correctly formatted and accepted by the data collection rule lies with the user. The connector will indicate a successful write if a 204 No Content response is received.

We recommend checking the data collection endpoint metrics to ensure data is being received and checking the monitor logs table to ensure the data is being correctly ingested and processed through the rule and into the target monitor log table.


To configure the Azure Monitor log collection API the following steps are required:

  1. Create a Microsoft Entra application to authenticate to the API.
  2. Create a Data Collection Endpoint (DCE) to receive data.
  3. Create a custom table in a Log Analytics workspace . This is the table you are sending data to.
  • It should also be possible to use a builtin table although an endopint and rule are still required for ingestion.
  1. Create a data collection rule (DCR) to route the data to the target table.
  2. Grant the Microsoft Entra application access to the DCR.

Curl, Postman, or other REST clients can be used to test the authentication and ingestion process before configuring and testing the connector. An example using a curl compatible Hurl script is shown below:

Content-Type: application/x-www-form-urlencoded
HTTP 200
token: jsonpath "$['access_token']"

POST https://<dce-name><dcr-immutable-id>/streams/<dcr-stream-name>?api-version=2023-01-01
Content-Type: application/json
Authorization: Bearer {{token}}
[ { "TimeGenerated": "2024-06-05T16:55:44.6038417Z", "Kind": "manual", "Message": "Snot badger, hello form tremor", "TenantId": "<tenant-id>" } ]
HTTP 204