cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure - PowerShell script to change the Table Retention in Azure Log Analytics Workspaces

Fabrice Romelard
Steel Contributor

‎May 15 2024 09:30 AM - edited ‎May 15 2024 09:38 AM

‎May 15 2024 09:30 AM - edited ‎May 15 2024 09:38 AM

Azure - PowerShell script to change the Table Retention in Azure Log Analytics Workspaces

With large scale implementation of Azure, the Log Analytics Workspace volume could increase and the default value for retention is quite long if you are not changing it.

This PowerShell script will help you to reset the 2 retention values applied in Workspace Tables (Live and Total).

I applied a selection criteria based in name as we are using a naming convention with status (prod, vs nonprod), you can anyway adapt this part with your context.

 

 

 

#Install-Module -Name Az -Repository PSGallery -Force
Import-module Az
Connect-AzAccount

$RetentionDays = 30
$TotalRetentionDays = 30

$AzureRetentionDays = 90
$AzureTotalRetentionDays = 90

$namecriteria = "nonprod"

$All_Az_Subscriptions = Get-AzSubscription

Foreach ($Az_Subscription in $All_Az_Subscriptions)
{
	###################################################
    #Set the context
    Write-Host "Working on subscription ""$($Az_Subscription.Name)"""
    Set-AzContext -SubscriptionObject $Az_Subscription | Out-Null
	$AllWorkspaces = Get-AzOperationalInsightsWorkspace

	foreach ($myWorkspace in $AllWorkspaces)
	{
		Write-Host "  ---------------", $myWorkspace.Name ,"----------------  " -foregroundcolor "gray"
		if ($myWorkspace.Name -match $namecriteria)
		{
			Write-Host "   >>> WORKSPACE TO APPLY RETENTION ADJUSTMENT:", $myWorkspace.Name  -foregroundcolor "green"
			if ($myWorkspace.retentionInDays -gt $RetentionDays)
			{
				Write-Host "   >>> APPLYING DEFAULT RETENTION PERIOD:", $RetentionDays  -foregroundcolor "yellow"
				Set-AzOperationalInsightsWorkspace -ResourceGroupName $myWorkspace.ResourceGroupName -Name $myWorkspace.Name -RetentionInDays $RetentionDays
			}
			$GetAllTables = Get-AzOperationalInsightsTable -ResourceGroupName $myWorkspace.ResourceGroupName -WorkspaceName $myWorkspace.Name
			foreach ($MyTable in $GetAllTables)
			{
				if (($MyTable.Name -eq "AzureActivity") -or ($MyTable.Name -eq "Usage"))
				{
					if (($MyTable.RetentionInDays -gt $AzureRetentionDays) -or ($MyTable.TotalRetentionInDays -gt $AzureTotalRetentionDays))
					{
						Write-Host "     >>> APPLYING SPECIFIC RETENTION PERIOD:", $AzureRetentionDays, "- TABLE:", $MyTable.Name  -foregroundcolor "yellow"
						Update-AzOperationalInsightsTable -ResourceGroupName $MyTable.ResourceGroupName -WorkspaceName $MyTable.WorkspaceName -TableName $MyTable.Name -RetentionInDays $AzureRetentionDays -TotalRetentionInDays $AzureTotalRetentionDays
					}
					else
					{
						Write-Host "   >>> NO CHANGE FOR RETENTION PERIOD FOR TABLE:", $MyTable.Name  -foregroundcolor "green"
					}
				}
				else
				{
					if (($MyTable.RetentionInDays -gt $RetentionDays) -or ($MyTable.TotalRetentionInDays -gt $RetentionDays))
					{
						Write-Host "     >>> APPLYING NEW RETENTION PERIOD:", $RetentionDays, "- TABLE:", $MyTable.Name  -foregroundcolor "yellow"
						Update-AzOperationalInsightsTable -ResourceGroupName $MyTable.ResourceGroupName -WorkspaceName $MyTable.WorkspaceName -TableName $MyTable.Name -RetentionInDays $RetentionDays -TotalRetentionInDays $TotalRetentionDays
					}
					else
					{
						Write-Host "   >>> NO CHANGE FOR RETENTION PERIOD FOR TABLE:", $MyTable.Name  -foregroundcolor "green"
					}
				}
			}
		}
		else
		{
			Write-Host "   >>> WORKSPACE NOT CONCERNED BY THIS CHANGE:", $myWorkspace.Name  -foregroundcolor "green"
		}
	}
}

 

 

 

With this script, we reduced the Workspace cost for non prod drastically maintaining only the last 30 days live without any archive.

 

The material used for this script is:

Fabrice Romelard

Labels:
144 Views
0 Likes
1 Reply
Reply
1 Reply
Fabrice Romelard

‎May 15 2024 09:51 AM

‎May 15 2024 09:51 AM

Re: Azure - PowerShell script to change the Table Retention in Azure Log Analytics Workspaces

After this script I also used this solution to force the purge of the biggest tables
- https://smsagent.blog/2022/01/06/purging-table-data-from-a-log-analytics-workspace/

I used the command because the API was not really working in my case:
- https://learn.microsoft.com/en-us/powershell/module/az.operationalinsights/new-azoperationalinsights...

The script executed was :
-----
Import-module Az
Connect-AzAccount

# Az parameters
$TenantId = "qqqqqq-zzzz-wwww-yyyy-xxxxxxxxxxxx"
$Subscription = "MySubscriptionName"
$subscriptionId = "uuuuu-zzzz-wwww-yyyy-xxxxxxxxxxxx"
$ResourceGroupName = "MyResourceGroupName"
$WorkspaceName = "MyloganalyticsWorkspaceName"

# Purge parameters
$table = "ContainerLog"
$column = "TimeGenerated"
$operator = "<"
$values = "2024-01-30"

$Response = New-AzOperationalInsightsPurgeWorkspace -ResourceGroupName $ResourceGroupName -WorkspaceName $WorkspaceName -Column $column -OperatorProperty $operator -Value $values -Table $table #-key "Key"
$operationId = $Response.OperationId
----

After this you have to get the PurgeID task to execute this command and monitor the cleanup:
$Params = @{
ResourceGroupName = $ResourceGroupName
WorkspaceName = $WorkspaceName
purgeId = "purge-xxxxx-qqqq-zzzz-oooo-kkkkkkkkk" #$operationId
}
Get-AzOperationalInsightsPurgeWorkspaceStatus @params
-------

Fabrice Romelard
0 Likes
Reply