powershell and rest api

15 Topics

How to export Azure Alert Rules (Log Analytics)
Hi, I am trying to export all rules (Enabled/Disabled) from Azure Portal using Get-AzureRMALertRule cmdlet, however, it is returning blank output. I have more than 10 Rules configured. Some are enabled and some are disabled. FYR:Please find attached of screenshot of PowerShell. Somewhere, i read that this cmdlet pulls the data for App-Insight rules only. is this true? Appreciate, if someone could help me to understand the issue and export the requested data. Regards, Ravi
Ravi Gupta
Jul 06, 2018 Place Azure Observability
32KViews
0likes
11Comments
Microsoft Graph and PowerShell - extracting the data into csv
Hey all, Hoping someone can point me in the right direction please? I'm messing about connecting up PowerShell (using PnP) to the Microsoft Graph API with a view of returning the data into a csv format. All I'm wanting to achieve is to retrieve the table header information and the results, is there a way to extrapolate that data out and output to a csv file? Many thanks, Steve
Solved
Deleted
Nov 09, 2018 Place Windows PowerShell
20KViews
0likes
2Comments
With Graph API we are only getting 1000 devices
HI Team, We are using the below PowerShell script to change the Primary user of a device by checking the last logged in userid. Below is the github repo link which holds this PowerShell script and also the link of an article about the explanation of this script - https://raw.githubusercontent.com/svdbusse/IntuneScripts/master/PrimaryUser/Set-PrimaryUserfromLastLogIn.ps1 https://svdbusse.github.io/SemiAnnualChat/2020/03/21/Changing-Intune-Primary-User-To-Last-Logged-On-User.html The problem now is that we are only able to get 1000 devices in the $Devices variable in the above mentioned script and we have around 2000 devices so 1000 more devices are not getting fetched by this script. Also this script always get the device in the same pattern i.e.. if I run the script today and tomorrow then the devices will show the same pattern that is also the reason the rest 1000 devices are not getting fetched. Any solution to this issue will be a great help for me. Regards, Ashish Arya
Solved
Ashish_Arya
Aug 25, 2021 Place Windows PowerShell
9.5KViews
0likes
10Comments
log analytics API returning empty Table collection
I'm using Client Credentials to query Office 365 Audit data stored in Log Analytics. The AppID principal has Log Analytics Reader permissions to both the Log Analytics workspace and the Office 365 Audit Solution through IAM. (As detailed here: https://dev.loganalytics.io/documentation/1-Tutorials/Direct-API) When I Invoke a rest request against the endpoint, I get an HTTP 200 response, so authentication is working fine, bu the Content payload is empty and just returns {"tables":[]}, without any results. This happens regardless of query, all of which work fine when testing the query through the Log Explorer interface in the workspace. I thought this might be permissions related, but still no change despite adding the App permissions to both workspace and solution. Any thoughts welcome as my Bing-fu hasn't helped. Paul.
Solved
Paul Hunt - Cimares
Jul 04, 2019 Place Azure Observability
6.9KViews
0likes
4Comments
How to install oms extension on Linux VMs using CLI
Hi There, I want to install OMS extension on Linux VMs using Azure CLI and for this I am using below code. But not sure why there are two values with workspaceKey and omskey as well as workspaceId and omsid. are they referring any two different key and IDs? az vm extension set \ --resource-group myResourceGroup \ --vm-name myVM \ --name OmsAgentForLinux \ --publisher Microsoft.EnterpriseCloud.Monitoring \ --version 1.7 --protected-settings '{"workspaceKey": "omskey"}' \ --settings '{"workspaceId": "omsid"}'
GouravIN
Nov 17, 2018 Place Azure Observability
4.8KViews
0likes
6Comments
Invoke-LogAnalyticsQuery only returns Tables JSON Array and not Results Array
I'm trying to use the new PowerShell based API (Invoke-LogAnalyticsQuery - see below) and the return payload only includes the Tables array and not the Results array as documented.. import-module .\LogAnalyticsQuery.psm1 $queryString = 'search * | where Type == "Heartbeat" | take 10' $workspaceName = "xxxx" $resourceGroupName = "xxxx" $subscriptionID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" $response = invoke-loganalyticsquery -WorkspaceName $workspaceName -ResourceGroup $resourceGroupName -Query $queryString -SubscriptionId $subscriptionID -IncludeTabularView
Solved
Brady Evans
Jan 12, 2018 Place Azure Observability
4.6KViews
0likes
8Comments
ARM Template for KQL Query Alert
Hi All, I want to configure Log Analytics alert using ARM templates so just following given link:-https://docs.microsoft.com/en-in/azure/azure-monitor/insights/solutions-resources-searches-alerts#sample But problem is, I am working on a requirement to create CPU, Memory and Disk alert. And for this I need to write 3 different ARM with different KQL. Could anyone please help me to edit this given template to achieve my requirement to generate all alert using single ARM. If I will create 3 different template then the major problem is I will have 3 solution under my Log Analytics as this template is creating solution for each alert. So just looking for a way to edit this template in such a way to configure multiple alert using single template. Looking forward from your side. Elaborating more about question:- Why I want to create multiple alert using one template:- • As it is creating solution for every alert so if I will use new template for every single alert then I will have lots of solution under Azure. • And creation of multiple template will create a mess too. Now suppose I need to create a new alert of Disk then I need to edit below fields in template (highlighted in Brown for Disk Alert). This will create a new solution for alert but I want to create multiple alerts under this one solution. "SolutionName": "SolutionTest2", "SolutionVersion": "1.0", "SolutionPublisher": "SolutionTesters", "ProductName": "SolutionTest2", "LogAnalyticsApiVersion": "2017-03-03-preview", "MySearch": { "displayName": "Disk over 70%", "query": 'Perf | where ObjectName=="LogicalDisk" and CounterName=="% Free Space" and CounterValue>70 ', "category": "Samples", "name": "Samples-Count of Disk Data" }, "MyAlert": { "Name": "[toLower(concat('myalert-',uniqueString(resourceGroup().id, deployment().name)))]", "DisplayName": "Disk over 70%", "Description": "Disk alert. Fires when 3 error records found over hour interval.", "Severity": "critical", "ThresholdOperator": "gt", "ThresholdValue": 70, "Schedule": { "Name": "[toLower(concat('myschedule-',uniqueString(resourceGroup().id, deployment().name)))]", "Interval": 15, "TimeSpan": 60 }, "MetricsTrigger": { "TriggerCondition": "Consecutive", "Operator": "gt", "Value": 3 }, "ThrottleMinutes": 60, "AzNsNotification": { "GroupIds": [ "[parameters('actiongroup')]" ], And I also got to know the API used in given link are deprecated however still working. So we need to create template https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-multiple-instances?tabs=azure-cli APIs.
Solved
GouravIN
Jan 31, 2019 Place Azure Observability
4.1KViews
0likes
4Comments
Log analytics API
Hey - i have built up a collection of saved searches in Azure log analytics, mainly searching the SecurityAlerts, SignInLogs and OfficeActivity tables. When i get a security alert notification from Microsoft, I run my searches then export to CSV to search for indicators of compromise bla bla. This is great, somewhat quick and easy.. But is there a programmatic way of doing this? Using the Security Graph API i can see the signIn resource type, so thats great, but i do not see exchange mailbox audit log resource, so i cannot see how to retrieve audit logs via an API.. Can i query the Log Analytics data directly through an API or is there another way to access this data programatically? I looked at using the Azure Cloud Console, but even this didn't seem to be able to access the data..
Solved
AndrewX
Apr 01, 2019 Place Azure Observability
3.5KViews
0likes
1Comment
Log Analytics Data Collector API PowerShell Function
I created a function that takes the input of time, log type and a hashtable and writes it to Log Analytics. This was intended to be a “universal” log writer for Log Analytics. I use it in an Azure Automation Module so I can pass log data from any runbook to Log Analytics but it could be used in any PowerShell Script. Function is on GitHub. https://github.com/tsrob50/LogAnalyticsAPIFunction Links to Resources and overview video here: http://www.ciraltos.com/azure-oms-log-analytics-step-by-step-data-collector-api/
TravisRoberts
Jul 20, 2018 Place Azure Observability
3.1KViews
0likes
0Comments
Fetch Log Analytics workspace alerts types configured in a csv using powershell
Hello, I want to create a Powershell script to find the current configured alerts in a Azure subscription and save the data in a csv file. I am interested to get the "Alert Types" in my results for all the VM's for which Alerts are configured using Log Analytics workspac
SarthakChatterjee
Aug 10, 2019 Place Azure Observability
2.8KViews
0likes
6Comments