cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Computer group created through PowerShell cmdlet not working

Mayank Bansal
Microsoft

‎Oct 02 2019 04:21 PM - last edited on ‎Apr 08 2022 10:08 AM by

‎Oct 02 2019 04:21 PM - last edited on ‎Apr 08 2022 10:08 AM by

Computer group created through PowerShell cmdlet not working

I created computer group using powershell cmdlet New-AzOperationalInsightsComputerGroup

-------

$Query  = "Heartbeat | where Computer in ('myserver.adx.com') | distinct Computer"
New-AzOperationalInsightsComputerGroup -ResourceGroupName "MyRG" -WorkspaceName "My WN" -SavedSearchId "id12345" -DisplayName "MyDN" -Category "MyCategory" -Query $Query -Version 1

-------

To confirm group is created successfully
--------------------
(Get-AzOperationalInsightsSavedSearch -ResourceGroupName "MyRG" -WorkspaceName "My WN").Value.Properties | ?{$_.category -eq "MyCategory"  -and $_.DisplayName -eq "MyDN"}
Category    : MyCategory
DisplayName : MyDN
Query       : Heartbeat | where Computer in ('myserver.adx.com') | distinct Computer
Version     : 2
Tags        : {Group}
--------------------
Now I go to log analytics and run
--------------------
MyDN
| project Computer
MyDN
| distinct Computer
--------------------
Both commands fail with “Syntax Error” 'distinct' operator: Failed to resolve table or column expression named 'MyDN'
 
i reached out to support and was told that i need a "function" to use groups in query and "New-AzOperationalInsightsComputerGroup" does not create a function.
 
is there a way i can create function/computergroup through powershell ?
873 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Oct 03 2019 08:11 AM

‎Oct 03 2019 08:11 AM

Solution

Re: Computer group created through PowerShell cmdlet not working

Hi@Mayank Bansal You can use PowerShell to do ARM template deployment. The resource part in your case will look like this:

{
      "name": "[concat(parameters('logAnalyticsWorkspaceName'), '/', 'id12345' )]",
      "type": "Microsoft.OperationalInsights/workspaces/savedSearches",
      "apiVersion": "2017-03-15-preview",
      "tags": {
      },
      "properties": {
        "query": "Heartbeat | where Computer in ('myserver.adx.com') | distinct Computer",
        "displayName": "MyDN",
        "category": "MyCategory",
        "FunctionAlias" : "MyDN",
        "Version": 2,
        "ETag": "*",
        "Tags": [
            {
                "Name": "Group",
                "Value": "Computer"
            }
        ]
      }
    }

The tags part with name Group and value Computer basically makes the function also Computer group.

1 Like
Reply
Mayank Bansal

‎Oct 11 2019 01:14 PM

‎Oct 11 2019 01:14 PM

Re: Computer group created through PowerShell cmdlet not working

Thanks this helped.
0 Likes
Reply
robwesterby

‎Dec 04 2020 08:04 AM

‎Dec 04 2020 08:04 AM

Re: Computer group created through PowerShell cmdlet not working

To assist anyone else arriving from Google/Bing, I'd suggest using the more fully-featured cmdlet New-AzOperationalInsightsSavedSearch to create usable computer groups.

 

A computer group saved query (e.g. used to target Azure Update Management deployments) needs to be saved both as a Function, and also have a tag of 'Group' with value of 'Computer'.
 
New-AzOperationalInsightsComputerGroup with -Debug shows it creates the tag, but forgets to add the necessary functionAlias parameter.

$Query = "ComputerGroup | where GroupSource == 'ActiveDirectory' and Group == '$ADGroupName' | distinct Computer"
$Tag = @{
    Group = 'Computer'
}
New-AzOperationalInsightsSavedSearch -ResourceGroupName "MyRG" -WorkspaceName "MyWN" -SavedSearchId "id12345" -DisplayName "MyDN" -Category "MyCategory" -Query $Query -FunctionAlias "my_ad_group_name" -Tag $Tag
1 Like
Reply