Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AzureRM.OperationalInsights Bug #4163

Closed
Hoppy7 opened this Issue Jun 20, 2017 · 4 comments

Comments

Projects
None yet
8 participants
@Hoppy7
Copy link

Hoppy7 commented Jun 20, 2017

Cmdlet(s)

Get-AzureRmOperationalInsightsSearchResults

PowerShell Version

5.1.15063.413

Module Version

AzureRM.OperationalInsights - 3.1.0

OS Version

Major Minor Build Revision


10 0 15063 413

Description

The Get-AzureRmOperationalInsightsSearchResults cmdlet is not returning JSON formatted data as it did in previous builds of the AzureRM.OperationalInsights module. I currently have version 3.1.0 of the AzureRM.OperationalInsights module installed on my local machine, and version 2.8.0 installed on a VM. Version 2.8.0 returns the search results in the expected JSON format and version 3.1.0 does not.

Version 2.8.0 returns the expected JSON formatted data:

{
"MaliciousIP": "xx.xxx.xx.xx"
}
{
"MaliciousIP": "xx.xxx.xx.xxx"
}

Version 3.1.0 returns what appears to be properties of the JSON object, but doesn't contain any useful data:

HasValues : False
Type : String
Parent : {}
Root : {MaliciousIP}
Next :
Previous :
Path : MaliciousIP
First :
Last :
LineNumber : 0
LinePosition : 0

Debug Output

N/A - Get-AzureRmOperationalInsightsSearchResults does not return any errors. It returns data in the wrong format.

Script/Steps for Reproduction

Note
Any Log Search query can be used. The returned search results will not be formatted properly regardless of the query.

Define OMS Variables

$ResourceGroupName = '<Resource_Group_Name>'
$omsWorkspaceName = '<OMS_Workspace_Name>'

$LogSearchQuery = 'MaliciousIP=* AND (RemoteIPCountry=* OR MaliciousIPCountry=*) AND (((Type=WireData AND Direction=Outbound) OR (Type=WindowsFirewall AND CommunicationDirection=SEND) OR (Type=CommonSecurityLog AND CommunicationDirection=Outbound)) OR (Type=W3CIISLog OR Type=DnsEvents OR (Type = WireData AND Direction!= Outbound) OR (Type=WindowsFirewall AND CommunicationDirection!=SEND) OR (Type = CommonSecurityLog AND CommunicationDirection!= Outbound))) TimeGenerated > NOW-60MINUTES | Distinct MaliciousIP'

Query OMS

$Results = Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName $ResourceGroupName -WorkspaceName $omsWorkspaceName -Top 1000000 -Query $LogSearchQuery
$Results.Value

@cormacpayne

This comment has been minimized.

Copy link
Member

cormacpayne commented Jun 20, 2017

@xizhamsft Hey Xiaofang, would you mind taking a look at this issue?

@alexverboon

This comment has been minimized.

Copy link

alexverboon commented Jul 2, 2017

I can confirm this being an issue, just been baning my head , until i found this bug report. Works nicely with 3.0.1

@ColdHarbour

This comment has been minimized.

Copy link

ColdHarbour commented Jul 17, 2017

I didn't see this bug report, raised my own a few days ago: #4256

Thanks for confirming versions

@haitch

This comment has been minimized.

Copy link
Member

haitch commented Aug 1, 2017

fixed and wait for next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.