First published on TECHNET on Oct 11, 2017
Hi there,
I am back writing a blog post about how I used the HTTP Data Collector API to fulfill a specific customer request.
Background:
My customer requested to create a computer group in OMS, whose membership was based on an attribute different from the computer name.
There was hence the need for a new custom attribute to be populated in OMS and to be later used in the Log Analytics to create a Computer Group .
Implementation:
Since the official documentation can be found on the HTTP Data Collector API TechNet page, I'll focus on the method I used to retrieve the data I need. Analyzing the PowerShell example on the TechNet page , I recognized 3 specific areas:
Because I need to query my data to create records with different dynamic values (coming from the query results) and it is not possible to use variables with the syntax used in the sample script (which is using fixed values), how do I convert into Json something that is using variables?
The solution I implemented, which consist in a small change of the original sample script, is using the following methods ( add members , ConvertTo-Json ) and is made of the following steps:
So, in the sample script below (attachments link in the bottom), you can see my script doing the following:
Running the above script manually, will upload a record with the following format:
This is just a prototype of the script I left to the customer. Hence, it must be considered as an example to explain how to retrieve a registry key to be used as part of a Computer Group Log Search Query like this one:
RegistryKey_CL | where (Value_s == "BR1-Role") | distinct Computer
Lesson learned:
Just for the purpose of demonstrating that you can really change just the body part, I am also attaching another sample script which gets the OU Attribute for the local computer (if joined to AD).
That's all folks, for now. I will cover how to make the data submission automatic in another post.
Thanks,
Bruno.
HTTPApiCollectorActiveDirectoryOU.zip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.