RunBook and Log Analytics

%3CLINGO-SUB%20id%3D%22lingo-sub-364080%22%20slang%3D%22en-US%22%3ERunBook%20and%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364080%22%20slang%3D%22en-US%22%3E%3CP%3EI%20Have%20a%20query%20to%20run%20against%20Log%20Analytics%20.%20This%20query%20I%20need%20to%20run%20Via%20RunBook.%20SO%20please%20suggest%20how%20to%20run%20a%20query%20in%20Log%20Analytics%20using%20RunBook.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENext%20question%20is%20the%20results%20fetched%20from%20above%20query%20need%20to%20be%20exported%20into%20Blob.%20How%20can%20we%20export%20requery%20from%20Log%20Analytics%20into%20Blob.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-364080%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-369274%22%20slang%3D%22en-US%22%3ERe%3A%20RunBook%20and%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369274%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22lia-message-author-avatar%20lia-component-author-avatar%22%3E%0A%3CDIV%20class%3D%22UserAvatarWrapper%22%3E%0A%3CDIV%20class%3D%22UserAvatar%20lia-user-avatar%20lia-component-common-widget-user-avatar%20Occasional%20Visitor%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CDIV%20class%3D%22user-login%22%3Eabovethekloud%26nbsp%3B%20is%20correct.%20Also%20there%20is%20official%20PowerShell%20module%20for%20Log%20Analytics%20with%20which%20you%20can%20execute%20queries%3A%3C%2FDIV%3E%0A%3CDIV%20class%3D%22user-login%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fazurerm.operationalinsights%2Finvoke-azurermoperationalinsightsquery%3Fview%3Dazurermps-6.13.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fazurerm.operationalinsights%2Finvoke-azurermoperationalinsightsquery%3Fview%3Dazurermps-6.13.0%3C%2FA%3E%3C%2FDIV%3E%0A%3CDIV%20class%3D%22user-login%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-364628%22%20slang%3D%22en-US%22%3ERe%3A%20RunBook%20and%20Log%20Analytics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364628%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20should%20be%20able%20to%20run%20queries%20via%20PowerShell%20using%20the%20REST%20API.%20See%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fdev.loganalytics.io%2Fdocumentation%2FTools%2FPowerShell-Cmdlets%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CFONT%3Ehttps%3A%2F%2Fdev.loganalytics.io%2Fdocumentation%2FTools%2FPowerShell-Cmdlets%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3CP%3Eor%20the%20following%20blog%20from%20tao%20yan%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblog.tyang.org%2F2017%2F11%2F14%2Fsearching-oms-using-the-new-search-language-kusto-rest-api-in-powershell%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CFONT%3Ehttps%3A%2F%2Fblog.tyang.org%2F2017%2F11%2F14%2Fsearching-oms-using-the-new-search-language-kusto-rest-api-in-powershell%2F%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegarding%20the%20export%2C%20wouldn't%20it%20be%20a%20option%20to%20create%20an%20alert%20that%20launches%20a%20runbook%20so%20you%20can%20use%20powershell%20%2F%20scripting%20again%20to%20write%20the%20data%20back%20to%20the%20blob%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I Have a query to run against Log Analytics . This query I need to run Via RunBook. SO please suggest how to run a query in Log Analytics using RunBook.

 

Next question is the results fetched from above query need to be exported into Blob. How can we export requery from Log Analytics into Blob.

2 Replies

You should be able to run queries via PowerShell using the REST API. See  https://dev.loganalytics.io/documentation/Tools/PowerShell-Cmdlets

or the following blog from tao yan

https://blog.tyang.org/2017/11/14/searching-oms-using-the-new-search-language-kusto-rest-api-in-powe...

 

Regarding the export, wouldn't it be a option to create an alert that launches a runbook so you can use powershell / scripting again to write the data back to the blob?