{"id":219,"date":"2021-10-06T21:00:43","date_gmt":"2021-10-06T19:00:43","guid":{"rendered":"https:\/\/www.panahy.nl\/?p=219"},"modified":"2021-10-06T21:30:21","modified_gmt":"2021-10-06T19:30:21","slug":"purge-old-azure-log-analytics-ingested-data","status":"publish","type":"post","link":"http:\/\/panahy.nl\/index.php\/2021\/10\/06\/purge-old-azure-log-analytics-ingested-data\/","title":{"rendered":"Purge Old Azure Log Analytics Ingested Data"},"content":{"rendered":"\n<p>This article is based on <a href=\"https:\/\/docs.microsoft.com\/en-us\/rest\/api\/loganalytics\/workspace-purge\/purge\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft document<\/a>: <\/p>\n\n\n\n<p>Assuming you have a Log Analytics workspace in a resource group, you can call the API url:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>POST https:\/\/management.azure.com\/subscriptions\/your-subsc-ription-id\/resourceGroups\/yor-resource-group-rg\/providers\/Microsoft.OperationalInsights\/workspaces\/your-log-analytics-name\/purge?api-version=2020-08-01<\/code><\/pre>\n\n\n\n<p>You need to pass <strong>Authorization<\/strong> as Bearer token in the header.<\/p>\n\n\n\n<p>The body of the POST request will contain a filter and a table like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n  \"table\": \"Heartbeat\",\n  \"filters\": &#91;\n    {\n      \"column\": \"TimeGenerated\",\n      \"operator\": \"&lt;\",\n      \"value\": \"2021-10-09T00:00:00\"\n    }\n  ]\n}\n<\/code><\/pre>\n\n\n\n<p>The response will have a header like <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>x-ms-status-location: https:\/\/management.azure.com\/subscriptions\/{subscriptioId}\/resourceGroups\/{resourceGroupName}\/providers\/microsoft.operationalinsights\/workspaces\/{workspaceName}\/operations\/purge-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?api-version=2017-01-01-preview<\/code><\/pre>\n\n\n\n<p>This is a GET url to send and see the status of the operation. This Url is also given as the body of the first POST request.<\/p>\n\n\n\n<p>The status will be something like:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>{\n    \"status\": \"pending\"\n}<\/code><\/pre>\n\n\n\n<p><strong>Tip: <\/strong>You can find the records to delete using a simple query like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>W3CIISLog \r\n| where TimeGenerated > ago(32d)\r\n| summarize count() by bin(TimeGenerated, 1d)\r\n\r\n\r\nHeartbeat \r\n| where TimeGenerated > ago(32d)\r\n| summarize count() by bin(TimeGenerated, 1d)\r\n\r<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>This article is based on Microsoft document: Assuming you have a Log Analytics workspace in a resource group, you can call the API url: You need to pass Authorization as Bearer token in the header. The body of the POST request will contain a filter and a table like this: The response will have a &hellip; <a href=\"http:\/\/panahy.nl\/index.php\/2021\/10\/06\/purge-old-azure-log-analytics-ingested-data\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Purge Old Azure Log Analytics Ingested Data&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,73,59],"tags":[105],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"Pouya Panahy","author_link":"http:\/\/panahy.nl\/index.php\/author\/pouya\/"},"uagb_comment_info":0,"uagb_excerpt":"This article is based on Microsoft document: Assuming you have a Log Analytics workspace in a resource group, you can call the API url: You need to pass Authorization as Bearer token in the header. The body of the POST request will contain a filter and a table like this: The response will have a&hellip;","_links":{"self":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/219"}],"collection":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/comments?post=219"}],"version-history":[{"count":3,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/219\/revisions"}],"predecessor-version":[{"id":222,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/219\/revisions\/222"}],"wp:attachment":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/media?parent=219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/categories?post=219"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/tags?post=219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}