LogAnalytics Client for .NET Core

⚠️ DEPRECATED — This package is no longer maintained.

The underlying Azure Monitor HTTP Data Collector API has been deprecated by Microsoft and will stop functioning on 2026-09-14.

Migrate to Azure.Monitor.Ingestion (LogsIngestionClient), which is the official replacement. See the Migration Guide below.

Version 6.2.4 is the final release of this package.

The easiest way to send logs to Azure Log Analytics from your apps. Construct a custom object and send it to Log Analytics. It will be represented as a log entry in the logs. This helps make logging easy in your applications, and you can focus on more important business logic.

Build Status

NuGet

The LogAnalytics.Client is available on NuGet.

Note: This package is deprecated. The final release is version 6.2.4.

Support for .NET 6

The LogAnalytics.Client project has been upgraded to .NET 6, and bumped the major version to 6.x.

LogAnalytics.Client currently support the below versions of .NET.

| Version | Supported | | ------- | ------------------ | | .NET 6.x | :white_check_mark: | | .NET 5.x | :white_check_mark: | | .NET Core 3.x | :white_check_mark: |

How to use the LogAnalytics Client

Installing the package

Install with the dotnet CLI

dotnet add package LogAnalytics.Client

Install with NuGet Package Manager

Install-Package LogAnalytics.Client

Install by adding a PackageReference to csproj

<PackageReference Include="LogAnalytics.Client" Version="6.2.3" />

Install using Paket CLI

paket add LogAnalytics.Client

Initialize the LogAnalyticsClient

Initialize a new LogAnalyticsClient object with a Workspace Id and a Key:

LogAnalyticsClient logger = new LogAnalyticsClient(
                workspaceId: "LAW ID",
                sharedKey: "LAW KEY");

Send a single log entry

Synchronous execution (non-HTTP applications):

logger.SendLogEntry(new TestEntity
{
    Category = GetCategory(),
    TestString = $"String Test",
    TestBoolean = true,
    TestDateTime = DateTime.UtcNow,
    TestDouble = 2.1,
    TestGuid = Guid.NewGuid()
}, "demolog").Wait();

Asynchronous execution (HTTP-based applications):

await logger.SendLogEntry(new TestEntity
{
    Category = GetCategory(),
    TestString = $"String Test",
    TestBoolean = true,
    TestDateTime = DateTime.UtcNow,
    TestDouble = 2.1,
    TestGuid = Guid.NewGuid()
}, "demolog")
.ConfigureAwait(false); // Optionally add ConfigureAwait(false) here, depending on your scenario

Send a batch of log entries with one request

If you need to send a lot of log entries at once, it makes better sense to send them as a batch/collection instead of sending them one by one. This saves on requests, resources and eventually costs.

// Example: Wiring up 5000 entities into an "entities" collection.
List<DemoEntity> entities = new List<DemoEntity>();
for (int ii = 0; ii < 5000; ii++)
{
    entities.Add(new DemoEntity
    {
        Criticality = GetCriticality(),
        Message = "lorem ipsum dolor sit amet",
        SystemSource = GetSystemSource()
    });
}

// Send all 5000 log entries at once, in a single request.
await logger.SendLogEntries(entities, "demolog").ConfigureAwait(false);

Ship logs to another Azure Sovereign Cloud

To send logs to another Azure Sovereign Cloud, for example the Government cloud, you can specify an enum value for the the optional parameter azureSovereignCloud.

Here's an example:

LogAnalyticsClient logger = new LogAnalyticsClient(
                workspaceId: "LAW ID",
                sharedKey: "LAW KEY",
                EndPointOverride: "ods.opinsights.azure.us"); // Use Azure Government instead of the (default) Azure Public cloud.

The available sovereign clouds are currently:

• Azure Public Cloud (Commercial): ods.opinsights.azure.com
• Azure Government: ods.opinsights.azure.us
• Azure China: ods.opinsights.azure.cn

Development

If you want to develop the project locally and enhance it with your custom logic, or want to contribute to the GitHub repository with a PR, it's a good idea to verify that the code works and tests are flying.

Configure Tests secrets

If you want to develop and run local tests, it is a good idea to set up your custom Log Analytics Workspace Id and Key in the project. This can be done using user secrets.

Using the dotnet CLI from the LogAnalyticsClient.Tests project directory:

dotnet user-secrets set "LawConfiguration:LawId" "YOUR LOG ANALYTICS INSTANCE ID"
dotnet user-secrets set "LawConfiguration:LawKey" "YOUR LOG ANALYTICS WORKSPACE KEY"
dotnet user-secrets set "LawServicePrincipalCredentials:ClientId" "CLIENT ID HERE"
dotnet user-secrets set "LawServicePrincipalCredentials:ClientSecret" "CLIENT SECRET HERE"
dotnet user-secrets set "LawServicePrincipalCredentials:Domain" "TENANT NAME OR DOMAIN ID HERE"

You should now have a secrets.json file in your local project, with contents similar to this:

{
  "LawConfiguration": {
    "LawId": "YOUR LOG ANALYTICS INSTANCE ID",
    "LawKey": "YOUR LOG ANALYTICS WORKSPACE KEY"
  },
  "LawServicePrincipalCredentials": {
    "ClientId": "Principal Client ID Here",
    "ClientSecret": "Principal Client Secret Here",
    "Domain": "Your tenant guid here, or tenant name"
  }
}

Where can I get the credentials?

To add the secrets with the correct values, you need to add the Workspace Id (LawId), and the Key. You can find these from the Log Analytics Workspace in the Azure Portal, for example.

To add the Service Principal secrets, you should create a new service principal and add a secret, then grant it reader access on the Log Analytics resource. There are steps outlines for that part here: https://zimmergren.net/retrieve-logs-from-application-insights-programmatically-with-net-core-c/ - refer to "Step 1".

Read more about configuring user secrets in .NET Core projects: https://docs.microsoft.com/aspnet/core/security/app-secrets

Additional notes

This project is a spin-off from code samples. The examples and usage grew over time, and an interest was shown of a wrapper or client for Log Analytics.

Related blog posts:

• https://zimmergren.net/building-custom-data-collectors-for-azure-log-analytics/
• https://zimmergren.net/log-custom-application-security-events-log-analytics-ingested-in-azure-sentinel/

Keeping it simple.

---

Migration Guide

The HTTP Data Collector API that LogAnalytics.Client wraps is deprecated and will be retired on 2026-09-14. The replacement is the Logs Ingestion API, with an official .NET SDK: Azure.Monitor.Ingestion.

What changed

| | LogAnalytics.Client (old) | Azure.Monitor.Ingestion (new) | |---|---|---| | Auth | Workspace Shared Key (HMAC) | Microsoft Entra ID (OAuth2 / DefaultAzureCredential) | | Endpoint | {workspaceId}.ods.opinsights.azure.com | Data Collection Rule endpoint or DCE | | Config | Workspace ID + Shared Key | DCR ID + Stream Name + Endpoint URI | | Table targeting | Log-Type header | DCR stream declarations |

Prerequisites

Before migrating your code, you need to set up Azure-side resources:

1. Create a custom table (or use a supported Azure table) in your Log Analytics workspace.
2. Create a Data Collection Rule (DCR) that maps your incoming data to the target table.
3. Register an app in Microsoft Entra ID (or use a managed identity) and grant it the Monitoring Metrics Publisher role on the DCR.

See the full walkthrough: Tutorial: Send data to Azure Monitor Logs with Logs ingestion API.

Before (LogAnalytics.Client)

using LogAnalytics.Client;

var logger = new LogAnalyticsClient(
    workspaceId: "your-workspace-id",
    sharedKey: "your-shared-key");

await logger.SendLogEntry(new MyEntity
{
    Message = "Hello",
    Severity = "Info"
}, "MyCustomLog");

After (Azure.Monitor.Ingestion)

using Azure.Identity;
using Azure.Monitor.Ingestion;

var endpoint = new Uri("https://<your-dce>.ingest.monitor.azure.com");
var client = new LogsIngestionClient(endpoint, new DefaultAzureCredential());

var entries = new[]
{
    new { TimeGenerated = DateTime.UtcNow, Message = "Hello", Severity = "Info" }
};

await client.UploadAsync(
    ruleId: "<dcr-immutable-id>",
    streamName: "Custom-MyCustomLog",
    entries);

Install the new packages

dotnet add package Azure.Monitor.Ingestion
dotnet add package Azure.Identity

Further reading

• Logs Ingestion API overview
• [Azure.Monitor.Ingestion SDK reference](https://learn.microsoft.com/dotnet/api/ove