I'm using the Azure SDK for Python to query a log Analytics workspace.
I have 2 workspaces I'd like to query, but I was wondering if there is a way to union the data inside the query instead of querying both workspaces and combining the result objects within my Python program.
Something like this -
from azure.monitor.query import LogsQueryClient
client = LogsQueryClient(creds)
query = """
TableName // Table from the current workspace
| union ExteralTableName // Table from a different workspace
"""
client.query_workspace("<current_workspace_id>", query, timespan="...")
The identity that executes this query will have permissions to query both workspaces separately, and I have their URLs.
I couldn't find this option in the Log Analytics documentation, so I'm wondering if anyone else has done this before, or if I must process the data after It's sent back to me.
Thanks in advance!
I did some further digging of the SDK source and found this nice example which does exactly what I want.
If you end up using this, it seems that the result is a union of the results from both of the workspaces - the results are not separated to different result tables.