Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AzureRM.OperationalInsights Bug #4163

Hoppy7 opened this Issue Jun 20, 2017 · 4 comments


None yet
8 participants
Copy link

Hoppy7 commented Jun 20, 2017



PowerShell Version


Module Version

AzureRM.OperationalInsights - 3.1.0

OS Version

Major Minor Build Revision

10 0 15063 413


The Get-AzureRmOperationalInsightsSearchResults cmdlet is not returning JSON formatted data as it did in previous builds of the AzureRM.OperationalInsights module. I currently have version 3.1.0 of the AzureRM.OperationalInsights module installed on my local machine, and version 2.8.0 installed on a VM. Version 2.8.0 returns the search results in the expected JSON format and version 3.1.0 does not.

Version 2.8.0 returns the expected JSON formatted data:

"MaliciousIP": ""
"MaliciousIP": ""

Version 3.1.0 returns what appears to be properties of the JSON object, but doesn't contain any useful data:

HasValues : False
Type : String
Parent : {}
Root : {MaliciousIP}
Next :
Previous :
Path : MaliciousIP
First :
Last :
LineNumber : 0
LinePosition : 0

Debug Output

N/A - Get-AzureRmOperationalInsightsSearchResults does not return any errors. It returns data in the wrong format.

Script/Steps for Reproduction

Any Log Search query can be used. The returned search results will not be formatted properly regardless of the query.

Define OMS Variables

$ResourceGroupName = '<Resource_Group_Name>'
$omsWorkspaceName = '<OMS_Workspace_Name>'

$LogSearchQuery = 'MaliciousIP=* AND (RemoteIPCountry=* OR MaliciousIPCountry=*) AND (((Type=WireData AND Direction=Outbound) OR (Type=WindowsFirewall AND CommunicationDirection=SEND) OR (Type=CommonSecurityLog AND CommunicationDirection=Outbound)) OR (Type=W3CIISLog OR Type=DnsEvents OR (Type = WireData AND Direction!= Outbound) OR (Type=WindowsFirewall AND CommunicationDirection!=SEND) OR (Type = CommonSecurityLog AND CommunicationDirection!= Outbound))) TimeGenerated > NOW-60MINUTES | Distinct MaliciousIP'

Query OMS

$Results = Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName $ResourceGroupName -WorkspaceName $omsWorkspaceName -Top 1000000 -Query $LogSearchQuery


This comment has been minimized.

Copy link

cormacpayne commented Jun 20, 2017

@xizhamsft Hey Xiaofang, would you mind taking a look at this issue?


This comment has been minimized.

Copy link

alexverboon commented Jul 2, 2017

I can confirm this being an issue, just been baning my head , until i found this bug report. Works nicely with 3.0.1


This comment has been minimized.

Copy link

ColdHarbour commented Jul 17, 2017

I didn't see this bug report, raised my own a few days ago: #4256

Thanks for confirming versions


This comment has been minimized.

Copy link

haitch commented Aug 1, 2017

fixed and wait for next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.