luismarinoc/skills/azure-monitor-ingestion-py
skills/azure-monitor-ingestion-py/SKILL.md
--- name: azure-monitor-ingestion-py description: "|" Azure Monitor Ingestion SDK for Python. Use for sending custom logs to Log Analytics workspace via Logs Ingestion API. Triggers: "azure-monitor-ingestion", "LogsIngestionClient", "custom logs", "DCR", "data collection rule", "Log Analytics". package: azure-monitor-ingestion risk: unknown source: community --- # Azure Monitor Ingestion SDK for Python Send custom logs to Azure Monitor Log Analytics workspace using the Logs Ingestion API.
tools
Updated Apr 7, 2026
$ install --global
skillsauthnpx skillsauth add luismarinoc/antigravity-awesome-skills skills/azure-monitor-ingestion-pyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:54 AM10.0s1 file scanned
SKILL.md
- name:
- azure-monitor-ingestion-py
- description:
- |
- Triggers:
- azure-monitor-ingestion", "LogsIngestionClient", "custom logs", "DCR", "data collection rule", "Log Analytics".
- package:
- azure-monitor-ingestion
- risk:
- unknown
- source:
- community
Azure Monitor Ingestion SDK for Python
Send custom logs to Azure Monitor Log Analytics workspace using the Logs Ingestion API.
Installation
pip install azure-monitor-ingestion
pip install azure-identity
Environment Variables
# Data Collection Endpoint (DCE)
AZURE_DCE_ENDPOINT=https://<dce-name>.<region>.ingest.monitor.azure.com
# Data Collection Rule (DCR) immutable ID
AZURE_DCR_RULE_ID=dcr-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Stream name from DCR
AZURE_DCR_STREAM_NAME=Custom-MyTable_CL
Prerequisites
Before using this SDK, you need:
- Log Analytics Workspace — Target for your logs
- Data Collection Endpoint (DCE) — Ingestion endpoint
- Data Collection Rule (DCR) — Defines schema and destination
- Custom Table — In Log Analytics (created via DCR or manually)
Authentication
from azure.monitor.ingestion import LogsIngestionClient
from azure.identity import DefaultAzureCredential
import os
client = LogsIngestionClient(
endpoint=os.environ["AZURE_DCE_ENDPOINT"],
credential=DefaultAzureCredential()
)
Upload Custom Logs
from azure.monitor.ingestion import LogsIngestionClient
from azure.identity import DefaultAzureCredential
import os
client = LogsIngestionClient(
endpoint=os.environ["AZURE_DCE_ENDPOINT"],
credential=DefaultAzureCredential()
)
rule_id = os.environ["AZURE_DCR_RULE_ID"]
stream_name = os.environ["AZURE_DCR_STREAM_NAME"]
logs = [
{"TimeGenerated": "2024-01-15T10:00:00Z", "Computer": "server1", "Message": "Application started"},
{"TimeGenerated": "2024-01-15T10:01:00Z", "Computer": "server1", "Message": "Processing request"},
{"TimeGenerated": "2024-01-15T10:02:00Z", "Computer": "server2", "Message": "Connection established"}
]
client.upload(rule_id=rule_id, stream_name=stream_name, logs=logs)
Upload from JSON File
import json
with open("logs.json", "r") as f:
logs = json.load(f)
client.upload(rule_id=rule_id, stream_name=stream_name, logs=logs)
Custom Error Handling
Handle partial failures with a callback:
failed_logs = []
def on_error(error):
print(f"Upload failed: {error.error}")
failed_logs.extend(error.failed_logs)
client.upload(
rule_id=rule_id,
stream_name=stream_name,
logs=logs,
on_error=on_error
)
# Retry failed logs
if failed_logs:
print(f"Retrying {len(failed_logs)} failed logs...")
client.upload(rule_id=rule_id, stream_name=stream_name, logs=failed_logs)
Ignore Errors
def ignore_errors(error):
pass # Silently ignore upload failures
client.upload(
rule_id=rule_id,
stream_name=stream_name,
logs=logs,
on_error=ignore_errors
)
Async Client
import asyncio
from azure.monitor.ingestion.aio import LogsIngestionClient
from azure.identity.aio import DefaultAzureCredential
async def upload_logs():
async with LogsIngestionClient(
endpoint=endpoint,
credential=DefaultAzureCredential()
) as client:
await client.upload(
rule_id=rule_id,
stream_name=stream_name,
logs=logs
)
asyncio.run(upload_logs())
Sovereign Clouds
from azure.identity import AzureAuthorityHosts, DefaultAzureCredential
from azure.monitor.ingestion import LogsIngestionClient
# Azure Government
credential = DefaultAzureCredential(authority=AzureAuthorityHosts.AZURE_GOVERNMENT)
client = LogsIngestionClient(
endpoint="https://example.ingest.monitor.azure.us",
credential=credential,
credential_scopes=["https://monitor.azure.us/.default"]
)
Batching Behavior
The SDK automatically:
- Splits logs into chunks of 1MB or less
- Compresses each chunk with gzip
- Uploads chunks in parallel
No manual batching needed for large log sets.
Client Types
| Client | Purpose |
|--------|---------|
| LogsIngestionClient | Sync client for uploading logs |
| LogsIngestionClient (aio) | Async client for uploading logs |
Key Concepts
| Concept | Description |
|---------|-------------|
| DCE | Data Collection Endpoint — ingestion URL |
| DCR | Data Collection Rule — defines schema, transformations, destination |
| Stream | Named data flow within a DCR |
| Custom Table | Target table in Log Analytics (ends with _CL) |
DCR Stream Name Format
Stream names follow patterns:
Custom-<TableName>_CL— For custom tablesMicrosoft-<TableName>— For built-in tables
Best Practices
- Use DefaultAzureCredential for authentication
- Handle errors gracefully — use
on_errorcallback for partial failures - Include TimeGenerated — Required field for all logs
- Match DCR schema — Log fields must match DCR column definitions
- Use async client for high-throughput scenarios
- Batch uploads — SDK handles batching, but send reasonable chunks
- Monitor ingestion — Check Log Analytics for ingestion status
- Use context manager — Ensures proper client cleanup
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
luismarinoc/cloud-penetration-testing
testing
VerifiedTrustedCommunity
This skill should be used when the user asks to "perform cloud penetration testing", "assess Azure or AWS or GCP security", "enumerate cloud resources", "exploit cloud misconfiguratio...
SKILL.mdUpdated Apr 7, 2026
luismarinoc/skills/cloud-architect
testing
VerifiedTrustedCommunity
--- name: cloud-architect description: "Expert cloud architect specializing in AWS/Azure/GCP multi-cloud" infrastructure design, advanced IaC (Terraform/OpenTofu/CDK), FinOps cost optimization, and modern architectural patterns. Masters serverless, microservices, security, compliance, and disaster recovery. Use PROACTIVELY for cloud architecture, cost optimization, migration planning, or multi-cloud strategies. metadata: model: opus risk: unknown source: community --- ## Use this sk
SKILL.mdUpdated Apr 7, 2026
luismarinoc/close-automation
tools
VerifiedTrustedCommunity
Automate Close CRM tasks via Rube MCP (Composio): create leads, manage calls/SMS, handle tasks, and track notes. Always search tools first for current schemas.
SKILL.mdUpdated Apr 7, 2026
luismarinoc/clickup-automation
tools
VerifiedTrustedCommunity
Automate ClickUp project management including tasks, spaces, folders, lists, comments, and team operations via Rube MCP (Composio). Always search tools first for current schemas.
SKILL.mdUpdated Apr 7, 2026