New Resource Reporting

by | Feb 24, 2021 | Technology | 0 comments

This article is contributed. See the original author and article here.

Intro


One of the common ask I get from customers is to alert on new resources when they are created. I typically hesitate to alert every time a single resource is created because I think the better approach is to generate a report of new resource on a schedule. So, for this blog I want to walk you through utilizing Azure Logic Apps along with Azure Log Analytics to generate a useful report that you can schedule. 


Sneek Peak 


Before we jump into implementation let’s look at what the Logic Apps looks like 


bwatts670_0-1613761551232.png


 


As you can see this is a simple Logic App. We only have 3 steps in this process: 



  • Schedule: simple scheduler to kick off the workflow 

  • Query for New Resources: Query Log Analytics Workspace using the KQL language to find new resources. 

  • Email HTML Report: Send the results of the KQL query via email as a HTML attachment. 


Below is an example of the HTML Report: 


bwatts670_1-1613761551237.png


Prerequisites 


If you’re interested in implementing this Logic App you need to be aware of a few requirements: 


 


1. You need to send you’re Azure Activity Logs to a Log Analytics Workspace in order for the Log Analytics query to come back with any results. 


 


Azure Activity log – Azure Monitor | Microsoft Docs 


 


2. For the example below I use the connector to Office365. So you either need an Office365 account or you need to use a different action for the email. 


Implementing 


Hopefully, everyone is still interested and wants to look at this in your environment. Well let’s walk through importing the Logic App! 


Step 1: Create a Logic App 


You can follow the below document to create a Logic App if you’ve never created one before: 


 


Quickstart – Create your first Logic Apps workflow – Azure portal – Azure Logic Apps | Microsoft Docs 


 


You can name you’re Logic App whatever you like. I chose to name mine “NewResourcesReport” 


Step 2: Customize the Logic App 


When you create the Logic App it will bring you to the Template page. You can choose “Recurrence” to get started with the Logic App. 


bwatts670_2-1613761551244.png


 


I typically like to rename my steps before I do anything. So whenever I mention renaming a step you simply click on the “…” for the step and choose rename: 


bwatts670_3-1613761551248.png


 


Complete the following for the “Recurrence” step: 



  • Rename to “Schedule” 



  • Set to whatever interval you wish. I’m choosing to run mine once a week. 


bwatts670_4-1613761551253.png


 


Click on “+ New Step”search for “Azure Monitor”, and choose “Azure Monitor Logs” 


bwatts670_5-1613761551259.png


 


This will bring up the actions available for “Azure Monitor Logs” and we will use the “Run query and visualize results” 


bwatts670_6-1613761551263.png


 


Rename the action to “Query for New Resources” 


 


Enter the following values to connect to the Log Analytics Workspace where your “Azure Activity Logs” are being sent. 



  • Subscription: Azure Subscription where the Log Analytics Workspace is located 



  • Resource Group: Azure Resource Group where the Log Analytics Workspace is located 

  • Resource Type: Log Analytics Workspace 

  • Resource Name: Log Analytics Workspace where the Azure Activity Logs are being sent 

  • Query: 

let ResourceCreation=AzureActivity 
| where OperationNameValue =~ 'MICROSOFT.RESOURCES/DEPLOYMENTS/WRITE'; 
ResourceCreation 
| summarize arg_max(TimeGenerated, *) by CorrelationId 
| where ActivityStatusValue =~ 'Success' 
| project CorrelationId 
| join kind=inner (ResourceCreation  
| summarize arg_min(TimeGenerated, *) by CorrelationId) on CorrelationId 
| project TimeGenerated, Caller, CallerIpAddress, ResourceGroup, ResourceId 

 



  • Time Range: Should match with you Schedule Activity. For example, my schedule is for once a week so I chose “Last 7 days” 



  • Chart Type: Html Table 


bwatts670_7-1613761551268.png


 


 


Click on “+ New Step” below this activity, search for “send an email (v2)”, and choose the Office 365 Outlook action named “Send an email (V2)” 


bwatts670_8-1613761551286.png


 


Rename the Action to “Email HTML Report” and fill out the following: 



  • Body: Whatever you wish for the Body of the email 

  • Subject: Whatever you wish for the Subject of the email 

  • To: Fill out the emails you wish to receive the report 

  • Click on “Add new parameter” and choose “Attachment” 



  • Attachment Content: from the “Dynamic content” choose “Attachment Content” under “Query for New Resources” 

  • Attachment Name: Something like “Resources.html” 


bwatts670_9-1613761551293.png


That’s it for the Logic App. You should now click on “Save” and once the Logic App is saved click on “Run” 


bwatts670_10-1613761551280.png


 


Summary 


With the help of Azure Log Analytics and the Kusto query language we are able to create a simple 3 step Logic App that will generate a HTML report that is emailed out on a recurring basis. This is a great example of how Azure Logic Apps can be a great tool to utilize as an Azure Administrator. 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Submit a Comment