Azure Log Analytics

Name: Azure Log Analytics API
Brand: Azure Log Analytics
Availability: InStock

★ Only Publicly Available OpenAPI DocumentAnalyticsBusiness Intelligenceoauth26 EndpointsREST

For Agents

Provision and manage dedicated Azure Log Analytics Clusters, including capacity sizing, customer-managed key attachment, and cluster-level operations across resource groups and subscriptions.

Quickstart

Get started with Azure Log Analytics in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create an Azure Log Analytics cluster"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Azure Log Analytics API.

Provision a Microsoft.OperationalInsights cluster with a specified capacity reservation SKU

List Log Analytics clusters scoped to a subscription or resource group

Update a cluster to attach a customer-managed key from Azure Key Vault

Resize a cluster's capacity reservation in 1,000 GB-per-day units

GET STARTED

Start building with Azure Log Analytics API

Explore with Jentic

View OpenAPI Document

Jentic publishes the only available OpenAPI document for Azure Log Analytics, keeping it validated and agent-ready.

Jentic publishes the only available OpenAPI specification for Azure Log Analytics, keeping it validated and agent-ready. The Azure Log Analytics API in this version manages dedicated Log Analytics Clusters within the Microsoft.OperationalInsights namespace. It lets operators provision a cluster, scale capacity reservations, attach customer-managed keys for encryption, and link workspaces into the cluster for cross-workspace querying. All requests go through Azure Resource Manager and authenticate with Azure AD OAuth 2.0.

Use Cases

Patterns agents use Azure Log Analytics API for, with concrete tasks.

★ Dedicated Cluster Provisioning for High-Volume Logging

Customers ingesting more than 1 TB of telemetry per day move from per-workspace pricing to a dedicated Log Analytics cluster for cost predictability and customer-managed encryption. The PUT call on the clusters resource accepts a capacity reservation SKU expressed in GB-per-day commitments and returns the cluster record with provisioning state. A single cluster can later host multiple linked workspaces.

Create a Log Analytics cluster named 'la-cluster-prod' in resource group 'rg-observability' in East US with capacity reservation SKU 'CapacityReservation' at 1000 GB/day.

Customer-Managed Key Attachment

Compliance teams require log data to be encrypted with a key under their control. The PATCH endpoint on a cluster updates the keyVaultProperties to point at a Key Vault key URI; once Azure validates that the cluster's managed identity has wrap and unwrap permissions, the cluster re-encrypts data with the new key. This satisfies BYOK requirements without redeploying workspaces.

Patch cluster 'la-cluster-prod' in 'rg-observability' to set keyVaultProperties.keyVaultUri to 'https://kv-logs.vault.azure.net' and keyName to 'la-cmk' at version '7d1b'.

Cluster Capacity Right-Sizing

Ingestion volumes drift over time, so platform teams periodically resize Log Analytics clusters up or down. The cluster PATCH operation updates the SKU capacity in 1,000 GB-per-day increments, and the change takes effect against future ingestion without disrupting linked workspaces. Lower commitments must satisfy the minimum 31-day reservation window.

Update the SKU capacity on cluster 'la-cluster-prod' from 1000 to 2000 GB/day and confirm the new provisioning state.

Agent-Driven Cluster Inventory

An AI agent through Jentic can enumerate Log Analytics clusters across subscriptions, identify clusters using platform-managed keys instead of customer-managed keys, and queue PATCH calls to bring them into compliance. Jentic returns the operation schema for each step, so the agent does not need to interpret the OperationalInsights provider docs.

List clusters in subscription '00000000-0000-0000-0000-000000000000', report any with no keyVaultProperties set, and patch each to attach the customer-managed key at 'https://kv-logs.vault.azure.net/keys/la-cmk'.

Key Endpoints

6 endpoints — jentic publishes the only available openapi specification for azure log analytics, keeping it validated and agent-ready.

METHOD

PATH

DESCRIPTION

PUT

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Create or update a Log Analytics cluster

PATCH

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Update SKU or key vault properties

GET

/subscriptions/{subscriptionId}/providers/Microsoft.OperationalInsights/clusters

List clusters across a subscription

GET

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters

List clusters in a resource group

GET

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Get a specific cluster

DELETE

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Delete a cluster

PUT

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Create or update a Log Analytics cluster

PATCH

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Update SKU or key vault properties

GET

/subscriptions/{subscriptionId}/providers/Microsoft.OperationalInsights/clusters

List clusters across a subscription

GET

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters

List clusters in a resource group

GET

/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Azure AD service principal credentials are stored encrypted in the Jentic vault. Agents receive short-lived Bearer tokens scoped to https://management.azure.com/ — client secrets never enter the agent context.

Intent-based discovery

Agents search by intent (e.g., 'create a Log Analytics cluster' or 'attach a CMK to a cluster') and Jentic returns the matching Microsoft.OperationalInsights operation with its parameter schema.

Time to first call

Direct integration: 1-2 days for Azure AD app setup, ARM polling, and async operation handling. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Azure Log Analytics Query Packs

Manage saved KQL queries inside Query Packs that target workspaces hosted on this cluster.

Use after provisioning a cluster to organise reusable KQL queries against the linked workspaces.

Complementary

Azure Log Analytics - Operations Management

Install Operations Management solutions on Log Analytics workspaces backed by this cluster.

Use to add monitoring solutions like Updates or AzureActivity onto workspaces inside the cluster.

Alternative

Azure Monitor Management Client

Manages metrics, alerts, and diagnostic settings — a wider Monitor surface than just OperationalInsights clusters.

Choose when you need to configure alert rules or diagnostic routing rather than cluster provisioning.

FAQs

Specific to using Azure Log Analytics API through Jentic.

Why is there no official OpenAPI spec for Azure Log Analytics?

Microsoft Azure does not publish a single consolidated OpenAPI specification for the OperationalInsights cluster control plane. Jentic generates and maintains this spec so that AI agents and developers can call Azure Log Analytics via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.

What authentication does the Azure Log Analytics API use?

The API uses Azure Active Directory OAuth 2.0; agents acquire a token for the https://management.azure.com/ resource and pass it as a Bearer token. Jentic stores the service principal credentials in its vault and injects scoped tokens at call time, so client secrets never enter the agent context.

Can I run KQL queries against a workspace through this API?

No. This spec is the OperationalInsights cluster control plane — it provisions and manages dedicated clusters and their SKUs. To execute KQL queries you call the Log Analytics Query API at api.loganalytics.io/v1/workspaces/{workspaceId}/query, which is a separate data-plane endpoint.

How do I provision a Log Analytics cluster through Jentic?

Search Jentic for 'create a Log Analytics cluster', load the resulting PUT operation on /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/clusters/{clusterName}, then execute it with the cluster name, location, and SKU capacity. Install with pip install jentic and run the async search-load-execute flow.

What is the minimum capacity reservation for a Log Analytics cluster?

Dedicated clusters require a minimum commitment tier of 1,000 GB per day, set via sku.capacity in the PUT or PATCH body. Capacity must be increased in 1,000 GB-per-day increments and is subject to a 31-day minimum reservation period.

What are the rate limits for this API?

Azure Resource Manager applies subscription-level throttling rather than per-endpoint limits — typically 12,000 reads and 1,200 writes per hour per subscription. Cluster operations are long-running and return 202 Accepted with an Azure-AsyncOperation header to poll.