[英]How to run an Azure Log Analytics query from a Powershell script non interactively?
Given:鉴于:
I would like to query these metrics from a PowerShell script.我想从 PowerShell 脚本中查询这些指标。
I did try to find a solution by googling for it - no success.我确实尝试通过谷歌搜索找到解决方案 - 没有成功。 Not that there is no posts about the subject - I am just unable to make it work following these posts.
并不是说没有关于这个主题的帖子——我只是无法在这些帖子之后让它发挥作用。
The gist of the problem is how to do it without user interaction.问题的要点是如何在没有用户交互的情况下做到这一点。
$WorkspaceName = 'weu-co-law-security-01'
$ResourceGroupName = 'aaa-co-rsg-security-01'
$Workspace = Get-AzOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $WorkspaceName
$QueryResults = Invoke-AzOperationalInsightsQuery -Workspace $Workspace -Query 'AuditLogs | where OperationName == "Add member to group" | project TargetResources[0].displayName'
$QueryResults.Results
You can do this with the application-insights extension to az cli. 您可以使用az cli的application-insights扩展来完成此操作。
az extension add -n application-insights
az monitor app-insights query --apps "$my-app-name" --resource-group "$my-resource-group" --offset 24H --analytics-query 'requests | summarize count() by bin(timestamp, 1h)'
Here is a powershell script that can run a kusto query from a file in a given application insight instance and resource group and return the data as a powershell table: 这是一个powershell脚本,可以从给定应用程序洞察实例和资源组中的文件运行kusto查询,并将数据作为powershell表返回:
<#
.SYNOPSIS
Run query in application insights and return Powershell table
.PARAMETER filename
File name of kusto query
.PARAMETER app
Application Insights instance name
.PARAMETER rg
Resource group name
.EXAMPLE
Search-AppInsights -filename file.kusto -app my-app-name -rg my-resource-group-name
#>
param([string] $filename, [string]$app, [string]$rg)
$query = Get-Content $filename
$data = az monitor app-insights query --apps "$app" --resource-group "$rg" --offset 48H --analytics-query "$query" | ConvertFrom-Json
$cols = $data.tables.columns | % { $_.name }
$data.tables.rows | % {
$obj = New-Object -TypeName psobject
for ($i=0; $i -lt $cols.Length; $i++) {
$obj | Add-Member -MemberType NoteProperty -Name $cols[$i] -Value $_[$i]
}
$obj
}
You can use Azure Application Insights REST API to get these metrics. 您可以使用Azure Application Insights REST API来获取这些指标。
Steps as below: 步骤如下:
step 1: Get the Application ID and an API key. 第1步:获取应用程序ID和API密钥。
Nav to your application insights -> API Access, see the screenshot(Please remember, when the api key is generated, write it down): 导航到您的应用程序见解 - > API Access,请参阅屏幕截图(请记住,生成api密钥时,请将其写下来):
step 2: In powershell, input the following cmdlet(the example code for fetching customEvents count): 步骤2:在powershell中,输入以下cmdlet(用于获取customEvents计数的示例代码):
Invoke-WebRequest -Uri https://api.applicationinsights.io/v1/apps/your_application_id/metrics/customEvents/cou
nt?timespan=P20D -Headers @{"accept"="application/json"; "x-api-key"="your_api_key"}
To have it in one go: given you have $appInsResourceGroupName
and $appInsName
pointing to your Application Insights instance.将它放在一个 go 中:假定您有
$appInsResourceGroupName
和$appInsName
指向您的 Application Insights 实例。
$component = Get-AzApplicationInsights -ResourceGroupName $appInsResourceGroupName -Name $appInsName
$apiKey = New-AzApplicationInsightsApiKey -ApplicationInsightsComponent $component -Permissions ReadTelemetry -Description "Collector"
$query = "requests | limit 5"
(Invoke-WebRequest -Method POST -Uri https://api.applicationinsights.io/v1/apps/$($component.AppId)/query -ContentType application/json -Body $('{"query":"' + $query + '"}') -Headers @{"X-Api-Key"=$apiKey.ApiKey}).Content
to clean up / remove unused API keys清理/删除未使用的 API 键
Get-AzApplicationInsightsApiKey -ApplicationInsightsComponent $component | ?{$_.Description -eq "Collector"} | %{Remove-AzApplicationInsightsApiKey -ApplicationInsightsComponent $component -ApiKeyId $_.Id}
if you're using any domestic clouds you need to account for that;
如果您使用的是任何国内云,则需要考虑这一点; eg for China you need to change the URL to
api.applicationinsights.azure.cn
例如,对于中国,您需要将 URL 更改为
api.applicationinsights.azure.cn
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.