Azure Monitor Log Analytics API errors

This section contains a non-exhaustive list of known common errors, their causes, and possible solutions. It also contains successful responses, which often indicate an issue with the request (such as a missing header) or otherwise unexpected behavior.

Query syntax error

400 response:

    {
        "error": {
            "message": "The request had some invalid properties",
            "code": "BadArgumentError",
            "innererror": {
                "code": "SyntaxError",
                "message": "Syntax Error"
            }
        }
    }

The query string is malformed. Check for extra spaces, punctuation, or spelling errors.

No authentication provided

401 response:

    {
        "error": {
            "code": "AuthenticationFailed",
            "message": "Authentication failed. The 'Authorization' header is missing."
        }
    }

Include a form of authentication with your request, such as the header "Authorization: Bearer \<token\>".

Invalid authentication token

403 response:

    {
        "error": {
            "code": "InvalidAuthenticationToken",
            "message": "The access token is invalid."
        }
    }

The token is malformed or otherwise invalid. This error can occur if you manually copy and paste the token and add or cut characters to the payload. Verify that the token is exactly as received from Microsoft Entra ID.

Invalid token audience

403 response:

    {
        "error": {
            "code": "InvalidAuthenticationTokenAudience",
            "message": "The access token has been obtained from wrong audience or resource 'https://api.loganalytics.io'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.chinacloudapi.cn/','https://management.chinacloudapi.cn/'."
        }
    }

This error occurs if you try to use the client credentials OAuth2 flow to obtain a token for the API and then use that token via the Azure Resource Manager endpoint. Use one of the indicated URLs as the resource in your token request if you want to use the Azure Resource Manager endpoint. Alternatively, you can use the direct API endpoint with a different OAuth2 flow for authorization.

Client credentials to direct API

403 response:

    {
        "error": {
            "message": "The provided credentials have insufficient access to perform the requested operation",
            "code": "InsufficientAccessError",
            "innererror": {
                "code": "UnauthorizedClient",
                "message": "The service principal does not have sufficient permissions to access this resource: 997631f8-3a55-4bb2-81b2-c0972b222260"
            }
        }
    }

This error can occur if you try to use client credentials via the direct API endpoint. If you're using the direct API endpoint, use a different OAuth2 flow for authorization. If you must use client credentials, use the Azure Resource Manager API endpoint.

Insufficient permissions

403 response:

    {
        "error": {
            "message": "The provided credentials have insufficient access to perform the requested operation",
            "code": "InsufficientAccessError"
        }
    }

The token you've presented for authorization belongs to a user who doesn't have sufficient access to this privilege. Verify that your workspace GUID and your token request are correct. If necessary, grant IAM privileges in your workspace to the Microsoft Entra application you created as Contributor.

Note

When you use Microsoft Entra authentication, it might take up to 60 minutes for the Application Insights REST API to recognize new role-based access control permissions. While permissions are propagating, REST API calls might fail with error code 403.

Bad authorization code

403 response:

    {
        "error": "invalid_grant",
        "error_description": "AADSTS70002: Error validating credentials. AADSTS70008: The provided authorization code or refresh token is expired. Send a new interactive authorization request for this user and resource.",
        "error_codes": [
            70002,
            70008
        ]
    }

The authorization code submitted in the token request was either stale or previously used. Reauthorize via the Microsoft Entra authorize endpoint to get a new code.

Path not found

404 response:

    {
        "error": {
            "message": "The requested path does not exist",
            "code": "PathNotFoundError"
        }
    }

The requested query path doesn't exist. Verify the URL spelling of the endpoint you're hitting and that you're using a supported HTTP verb.

Missing JSON or Content-Type

200 response: Empty body

If you send a POST request that's missing either JSON body or the "Content-Type: application/json" header, we return an empty 200 response.

No data in workspace

204 response: Empty body

If a workspace has no data in it, we return 204 No Content.