powershell script to retrieve logs from applications insights

Question

https://api.applicationinsights.io/v1/query I am using above endpoint to send a post request in powershell script and getting errors in below script.

# Set the ID of the Application Insights resource you want to query
$appId = "app id"

# Set the access token for the Application Insights resource
$accessToken = "access token"

# Encode the access token as a URL-safe string
$accessToken = [System.Uri]::EscapeDataString($accessToken)

# Set the query you want to execute
$query = "customEvents"

# Construct the request body for the Application Insights query endpoint
$requestBody = @{
    appId = $appId
    query = $query
} | ConvertTo-Json

# Execute the query and retrieve the results
$queryResponse = Invoke-WebRequest -Method POST -Uri "https://api.applicationinsights.io/v1/query" -Headers @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
} -Body $requestBody

# Extract the results from the response
$results = $queryResponse.Content | ConvertFrom-Json

# Print the results
$results

ERROR :

Invoke-WebRequest : {"error":{"message":"The requested path does not exist","code":"PathNotFoundError","correlationId":"1e33e5cd-43a4-4108-b28d-0b0ef4c3942c"}}
At line:26 char:18
+ ... yResponse = Invoke-WebRequest -Method POST -Uri "https://api.applicat ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

The access token i am generating through postman for testing purpose and it is correct. Query is just customevents, not sure what is the issue here.

Edit: 9 Jan 2023

Granted read permission like this api permission but getting below error Invoke-WebRequest : {"error":{"message":"The provided credentials have insufficient access to perform the requested operation","code":"InsufficientAccessError","correlationId":

Answer 1

I tried to reproduce the same in my environment and got below results:

I registered one Azure AD application and granted API permissions like below:

Now I generated the access token via Postman with below parameters:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id: <appID>
client_secret: <secret>
scope: https://api.applicationinsights.io/.default

Response:

I got the ID of the Application Insights resource from here:

When I ran the same code by including above details, I got same error as below:

# Set the ID of the Application Insights resource you want to query
$appId = "xxxxxxxxxxxxxxxx"

# Set the access token for the Application Insights resource
$accessToken = "xxxxxxxxxxxxxxxxxxx"

# Encode the access token as a URL-safe string
$accessToken = [System.Uri]::EscapeDataString($accessToken)

# Set the query you want to execute
$query = "customEvents"

# Construct the request body for the Application Insights query endpoint
$requestBody = @{
    appId = $appId
    query = $query
} | ConvertTo-Json

# Execute the query and retrieve the results
$queryResponse = Invoke-WebRequest -Method POST -Uri "https://api.applicationinsights.io/v1/query" -Headers @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
} -Body $requestBody

# Extract the results from the response
$results = $queryResponse.Content | ConvertFrom-Json

# Print the results
$results

Response:

To resolve the error, modify your code by changing the request URI like below:

# Set the ID of the Application Insights resource you want to query
$appId = "ID"

# Set the access token for the Application Insights resource
$accessToken = "token"

# Encode the access token as a URL-safe string
$accessToken = [System.Uri]::EscapeDataString($accessToken)

# Set the query you want to execute
$query = "customEvents"

# Construct the request body for the Application Insights query endpoint
$requestBody = @{
    query = $query
} | ConvertTo-Json

# Execute the query by giving right URI and retrieve the results
$queryResponse = Invoke-WebRequest -Method POST -Uri "https://api.applicationinsights.io/v1/apps/$appID/query" -Headers @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
} -Body $requestBody

# Extract the results from the response
$results = $queryResponse.Content | ConvertFrom-Json 

# Print the results
$results

Response:

When I ran $queryResponse, I got the results of the query successfully like below:

Reference: Query - Execute - REST API (Azure Application Insights)

UPDATE:

You are getting InsufficientAccessError as Data.Read permission is removed like below:

If API permissions are removed, they will appear under Other permissions granted for tenant till their admin consent is revoked.

To resolve the error, make sure to add Data.Read permission again and grant admin consent to it.