How do I connect Azure Activity Logs to a Log Analytics workspace using an ARM template? I can connect it via the portal:
Or using powershell.
But I've searched far and wide and can't find documentation on how to do this with an ARM template (or whether it's currently possible).
I've also tried creating the connection and viewing the resource structure in the azure resource explorer (and by fetching the resource in powershell), but there's no difference in the json before and after making the connection
UPDATE:
I tried an arm template deployment based on this documentation, which I applied like this:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"name": "my-loganalytics-workspace-name/AzureActivityLog",
"type": "Microsoft.OperationalInsights/workspaces/dataSources",
"apiVersion": "2015-11-01-preview",
"tags": {},
"properties": {},
"kind": "AzureActivityLog"
}
]
}
But it the deployment doesn't complete (has been running for 30 minutes) and has a vague error:
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxx/resourceGroups/my-resource-group/providers/Microsoft.Resources/deployments/template/operations/A886A53AFF9B2E6C",
"operationId": "A886A53AFF9B2E6C",
"properties": {
"provisioningOperation": "Create",
"provisioningState": "Running",
"timestamp": "2019-03-25T13:54:32.2320046Z",
"duration": "PT21M58.8224235S",
"trackingId": "47915902-f795-482a-a408-de408cd78a30",
"serviceRequestId": "8c153090-c33d-4819-b9c4-8226df6a861e",
"statusCode": "InternalServerError",
"statusMessage": {
"Message": "An error has occurred."
},
"targetResource": {
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxx/resourceGroups/my-resource-group/providers/Microsoft.OperationalInsights/workspaces/my-log-analytics-workspace/dataSources/AzureActivityLog",
"resourceType": "Microsoft.OperationalInsights/workspaces/dataSources",
"resourceName": "my-log-analytics-workspace/AzureActivityLog"
}
}
}
