In [0]:
%pip install azure-monitor-query
%pip install azure-identity
dbutils.library.restartPython()

In [0]:
config_path = "dbfs:/configs/config.json"
config = spark.read.option("multiline", "true").json(config_path)
first_row = config.first()
env = first_row["env"].strip().lower()
lz_key = first_row["lz_key"].strip().lower()
keyvault_name = f"ingest{lz_key}-meta002-{env}"
client_secret = dbutils.secrets.get(scope=keyvault_name, key='SERVICE-PRINCIPLE-CLIENT-SECRET')
tenant_id = dbutils.secrets.get(scope=keyvault_name, key='SERVICE-PRINCIPLE-TENANT-ID')
client_id = dbutils.secrets.get(scope=keyvault_name, key='SERVICE-PRINCIPLE-CLIENT-ID')
    

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# First, let's see which tables have data in the last 5 hours
query = """
search *
| where TimeGenerated > ago(1d)
| summarize count() by $table
| sort by count_ desc
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=24)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    print("Tables with data in the last 3 days:\n")
    for table in response.tables:
        for row in table.rows:
            print(f"Table: {row[0]}, Count: {row[1]}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Search AppTraces for your specific message
query = """
AppTraces
| where TimeGenerated > ago(1d)
| project TimeGenerated, Message
| order by TimeGenerated desc
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=24)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        print(f"Found {len(table.rows)} matching messages\n")
        
        for i, row in enumerate(table.rows[:100]):
            timestamp = row[0]
            message = row[1]
            print(f"\nMessage {i+1}")
            print(f"Time: {timestamp}")
            print(f"Message: {message}")
else:
    print(f"Query failed: {response.status}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Search AppTraces for your specific message
query = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message contains "Validate posting payload"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 100
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=0.5)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        print(f"Found {len(table.rows)} matching messages\n")
        
        for i, row in enumerate(table.rows[:100]):
            timestamp = row[0]
            message = row[1]
            print(f"\nMessage {i+1}")
            print(f"Time: {timestamp}")
            print(f"Message: {message}")
else:
    print(f"Query failed: {response.status}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Search AppTraces for your specific message
query = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message contains "Validate response for"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 100
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=0.5)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        print(f"Found {len(table.rows)} matching messages\n")
        
        for i, row in enumerate(table.rows[:100]):
            timestamp = row[0]
            message = row[1]
            print(f"\nMessage {i+1}")
            print(f"Time: {timestamp}")
            print(f"Message: {message}")
else:
    print(f"Query failed: {response.status}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Search AppTraces for your specific message
query = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message contains "Submit payload for"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 100
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=0.5)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        print(f"Found {len(table.rows)} matching messages\n")
        
        for i, row in enumerate(table.rows[:100]):
            timestamp = row[0]
            message = row[1]
            print(f"\nMessage {i+1}")
            print(f"Time: {timestamp}")
            print(f"Message: {message}")
else:
    print(f"Query failed: {response.status}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Search AppTraces for your specific message
query = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message contains "Submit response status for"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 100
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=0.5)

response = client.query_workspace(
    workspace_id,
    query,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        print(f"Found {len(table.rows)} matching messages\n")
        
        for i, row in enumerate(table.rows[:100]):
            timestamp = row[0]
            message = row[1]
            print(f"\nMessage {i+1}")
            print(f"Time: {timestamp}")
            print(f"Message: {message}")
else:
    print(f"Query failed: {response.status}")

In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta
import pandas as pd

# Azure credentials
credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

# Query payload logs
query_validate = """
AppTraces
| where TimeGenerated > ago(1d)  // expand time window
| where Message startswith "ðŸ”¢ Validate posting payload"
| project TimeGenerated, Message
| order by TimeGenerated desc
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=1)  # 1-day window

response = client.query_workspace(
    workspace_id,
    query_validate,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        df_validate = pd.DataFrame(
            table.rows,
            columns=table.columns  # Use directly, do not access .name
        )
else:
    print(f"Query failed: {response.status}")
    df_validate = pd.DataFrame()

# Extract CaseNo consistently
case_no_pattern = r'for\s+([A-Z]{2}/\d{5}/\d{4})'
df_validate['CaseNo'] = df_validate['Message'].str.extract(case_no_pattern)
df_validate['payload_validation'] = df_validate['Message'].str.split("json = ", n=1).str[1]
df_validate = df_validate.rename(columns={'TimeGenerated': 'payload_validation_time'})
df_validate = df_validate[['CaseNo', 'payload_validation', 'payload_validation_time', 'Message']]

df_validate.display()

In [0]:
# Query response logs
query_validate_response = """
AppTraces
| where TimeGenerated > ago(1d)  // same window
| where Message contains "ðŸ”¢ Validate Response for"
| project TimeGenerated, Message
| order by TimeGenerated desc
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=1)

response = client.query_workspace(
    workspace_id,
    query_validate_response,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        df_validate_response = pd.DataFrame(table.rows, columns=table.columns)
else:
    print(f"Query failed: {response.status}")
    df_validate_response = pd.DataFrame()

# Extract CaseNo and response status consistently
df_validate_response['CaseNo'] = df_validate_response['Message'].str.extract(case_no_pattern)
df_validate_response['validate_response_status'] = df_validate_response['Message'].str.extract(r'=\s*(\d{3})\b', expand=False)
df_validate_response = df_validate_response.rename(columns={'TimeGenerated': 'payload_validation_response_time', 'Message': 'payload_validation_response'})
df_validate_response = df_validate_response[['CaseNo', 'payload_validation_response', 'payload_validation_response_time', 'validate_response_status']]

df_validate_response.display()


In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta
import pandas as pd
import re

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

query_submit = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message startswith "ðŸ”¢ Submit payload for"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 1400
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=1)

response = client.query_workspace(
    workspace_id,
    query_submit,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        # Convert to DataFrame
        df_submit = pd.DataFrame(
            data=table.rows,
            columns=table.columns
        )
        
else:
    print(f"Query failed: {response.status}")
    df_submit = pd.DataFrame()

df_submit['payload_submission'] = df_submit['Message'].str.split("json = ", n=1).str[1]
df_submit['payload_submission'] = df_submit['payload_submission'].str.split("'event_token'", n=1).str[0]
df_submit['CaseNo'] = df_submit['Message'].str.extract(r'for\s+([^:]+):')
df_submit = df_submit.rename(columns={'TimeGenerated': 'payload_submission_time'})
df_submit = df_submit[['CaseNo', 'payload_submission', 'payload_submission_time']]

df_submit.display()



In [0]:
from azure.identity import ClientSecretCredential
from azure.monitor.query import LogsQueryClient, LogsQueryStatus
from datetime import datetime, timedelta
import pandas as pd
import re

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = LogsQueryClient(credential)
workspace_id = "9db45d41-bfe4-49dd-9a3b-5da0ab1a95d0" if lz_key == '00' else '53fbba72-88e5-479c-abb5-ead8d6dbb2f5'

query_submit = """
AppTraces
| where TimeGenerated > ago(1d)
| where Message startswith "ðŸ”¢ Submit response status for"
| project TimeGenerated, Message
| order by TimeGenerated desc
| take 1400
"""

end_time = datetime.utcnow()
start_time = end_time - timedelta(hours=1) 

response = client.query_workspace(
    workspace_id,
    query_submit,
    timespan=(start_time, end_time)
)

if response.status == LogsQueryStatus.SUCCESS:
    for table in response.tables:
        # Convert to DataFrame
        df_response = pd.DataFrame(
            data=table.rows,
            columns=table.columns
        )
        
        df_response['CaseNo'] = df_response['Message'].str.extract(r'for\s+([^:]+):')
        
        df_response['submission_response_status'] = df_response['Message'].str.extract(r':\s*(\d{3})', expand=False)
        df_response = df_response.rename(columns={'TimeGenerated' : 'payload_submission_response_time', 'Message' : 'payload_submission'})
        
        df_response = df_response[['CaseNo', 'submission_response_status', 'payload_submission_response_time', 'payload_submission']]
        
else:
    print(f"Query failed: {response.status}")
    df_response = pd.DataFrame()

df_validate.display()
df_submit.display()
df_response.display()

df_final = pd.merge(df_validate, df_response, on="CaseNo", how="left"
            ).merge(df_submit, on="CaseNo", how="left"
            ).merge(df_validate_response, on = "CaseNo", how = "left")

df_final = df_final[['CaseNo',
                    'payload_validation', 'payload_validation_time', 
                    'payload_validation_response', 'validate_response_status', 'payload_validation_response_time', 
                    'payload_submission_y',
                    'payload_submission_x', 'submission_response_status', 'payload_submission_response_time']]

df_final = df_final.rename(columns={'payload_submission_y' : 'payload_submission', 'payload_submission_x' : 'payload_submission_response'})

df_final.display()