Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
2481 lines (2118 sloc) 85 KB
Function Get-AADToken {
<#
.SYNOPSIS
Get token from Azure AD so you can use the other cmdlets.
.DESCRIPTION
Get token from Azure AD so you can use the other cmdlets.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER TenantADName
Valid Azure AD Tenant name.
Example: stanoutlook.onmicrosoft.com
.PARAMETER TenantID
Valid Azure Tenant ID.
Example: eeb91fce-4be2-4a30-aad8-39e05fefde0
.PARAMETER Credential
Valid user credentials to Azure AD. The Azure AD user must
have at least user rights in OMS and administrator and
Contributor rights on the Azure resource group where
the OMS workspace is located.
.EXAMPLE
$token = Get-AADToken -TenantADName 'stanoutlook.onmicrosoft.com' -Credential $creds
Description
-----------
Grabs token from Azure AD by Tenant AD Name
Example Variables
-----------------
$creds = Get-Credetnial
.EXAMPLE
$token = Get-AADToken -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0' -Credential $creds
Description
-----------
Grabs token from Azure AD by Tenant ID
Example Variables
-----------------
$creds = Get-Credetnial
.EXAMPLE
$Token = Get-AADToken -OMSConnection $OMSCon
Description
-----------
Grabs token from Azure AD by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'stasoutlook'
.OUTPUTS
System.String. Returns token from Azure AD.
#>
[CmdletBinding(DefaultParameterSetName='LoginbyTenantADName')]
[OutputType([string])]
PARAM (
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='LoginbyTenantADName',Position=0,Mandatory=$true)]
[Alias('t')]
[String]$TenantADName,
[Parameter(ParameterSetName='LoginByTenantID',Position=0,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[Alias('tID')]
[String]$TenantID,
[Parameter(ParameterSetName='LoginbyTenantADName',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='LoginByTenantID',Position=1,Mandatory=$true)]
[Alias('cred')]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
$Credential
)
Try
{
If ($OMSConnection)
{
$Username = $OMSConnection.Username
$Password = $OMSConnection.Password
If ($OMSConnection.TenantID)
{
$TenantID = $OMSConnection.TenantID
}
Else
{
$TenantADName = $OMSConnection.TenantADName
}
}
Else
{
$Username = $Credential.Username
$Password = $Credential.Password
}
# Set well-known client ID for Azure PowerShell
$clientId = '1950a258-227b-4e31-a9cf-717495945fc2'
# Set Resource URI to Azure Service Management API
$resourceAppIdURI = 'https://management.azure.com/'
# Set Authority to Azure AD Tenant
If ($TenantID)
{
$authority = 'https://login.microsoftonline.com/common/' + $TenantID
}
Else
{
$authority = 'https://login.microsoftonline.com/' + $TenantADName
}
$AADcredential = New-Object `
-TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential' `
-ArgumentList $Username,$Password
# Create AuthenticationContext tied to Azure AD Tenant
$authContext = New-Object `
-TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' `
-ArgumentList $authority
$authResult = $authContext.AcquireToken($resourceAppIdURI,$clientId,$AADcredential)
$Token = $authResult.CreateAuthorizationHeader()
}
Catch
{
$ErrorMessage = 'Failed to aquire Azure AD token.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
Return $Token
}
Function Get-OMSWorkspace {
<#
.SYNOPSIS
Get OMS Workspaces from Azure Subscription.
.DESCRIPTION
Get OMS Workspaces from Azure Subscription.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Get-OMSWorkspace -SubscriptionId $Subscriptionid -Token $Token
Description
-----------
Gets all workspaces under Azure subscription by using Subscription ID
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$SubscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$Token = Get-AADToken -OMSConnection $OMSCon
.EXAMPLE
Get-OMSWorkspace -SubscriptionId $Subscriptionid -Token $Token -APIVersion '2015-03-20'
Description
-----------
Gets all workspaces under Azure subscription by using Subscription ID
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$SubscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$Token = Get-AADToken -OMSConnection $OMSCon
.EXAMPLE
Get-OMSWorkspace -OMSConnection $OMSCon -Token $Token
Description
-----------
Gets all workspaces under Azure subscription by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
.EXAMPLE
Get-OMSWorkspace -OMSConnection $OMSCon -Token $Token -APIVersion '2015-03-20'
Description
-----------
Gets all workspaces under Azure subscription by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
.OUTPUTS
System.Object. Returns array of objects. Each object
is OMS workspace information.
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=2,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
}
$URIManagement = 'https://management.azure.com'
$UriProvider = 'providers/microsoft.operationalinsights'
$OMSApiAction = 'workspaces'
$uri = '{0}/subscriptions/{1}/{2}/{3}?api-version={4}' `
-f $URIManagement,$SubscriptionID,$UriProvider,$OMSApiAction,$APIVersion
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Type','application/json')
$result = Invoke-WebRequest `
-Method Get `
-Uri $uri `
-Headers $headers `
-UseBasicParsing `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to query OMS API. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
#endregion
if($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if($null -ne $result.Content)
{
$json = ConvertFrom-Json `
-InputObject $result.Content `
-ErrorAction Stop
if($null -ne $json)
{
$return = $json
if($null -ne $json.value)
{
$return = $json.value
}
Else
{
$return = $null
}
}
Else
{
$return = $null
}
}
}
Else
{
$ErrorMessage = 'Failed to get OMS Workspace. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
return $return
}
Function Get-OMSResourceGroup {
<#
.SYNOPSIS
Get Azure Resource Group where there is OMS
workspace resource.
The cmdlet assumes that your OMS resource Groups
has 'OI-Default-' in its name. This cmdlet is
scheduled to be depricated.
.DESCRIPTION
Get Azure Resource Group where there is OMS
workspace resource. The cmdlet assumes that your OMS resource Groups
has 'OI-Default-' in its name.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
Token must be aquired with account that has
access to all resource groups in the Azure
subscription.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER APIVersion
Api version for Azure subscriptions provider.
.EXAMPLE
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$SubscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$Token = Get-AADToken -OMSConnection $OMSCon
Get-OMSResourceGroup -SubscriptionId $Subscriptionid -Token $Token
.EXAMPLE
$SubscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$Token = Get-AADToken -OMSConnection $OMSCon
Get-OMSResourceGroup -SubscriptionId $Subscriptionid -Token $Token -APIVersion '2014-04-01'
.EXAMPLE
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
Get-OMSResourceGroup -OMSConnection $OMSCon -Token $Token
.EXAMPLE
$Token = Get-AADToken -OMSConnection $OMSCon
Get-OMSResourceGroup -OMSConnection $OMSCon -Token $Token -APIVersion '2014-04-01'
.OUTPUTS
System.Object. Returns array of objects. Each object
is OMS resoure group information.
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([object[]])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=2,Mandatory=$false)]
[String]$APIVersion='2014-04-01'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
}
#region Warning
$WarningMessage = 'This cmdlet returns OMS resource groups that have OI-Default- in its name. This cmdlet is scheduled to be depricated.'
Write-Warning `
-Message $WarningMessage
#endregion
$URIManagement = 'https://management.azure.com'
$OMSApiAction = 'resourceGroups'
$uri = '{0}/subscriptions/{1}/{2}?api-version={3}' `
-f $URIManagement,$SubscriptionID,$OMSApiAction,$APIVersion
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Type','application/json')
$result = Invoke-WebRequest `
-Method Get `
-Uri $uri `
-Headers $headers `
-UseBasicParsing `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to query Azure Resource Manager API. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
#endergion
if($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if($null -ne $result.Content)
{
$json = ConvertFrom-Json `
-InputObject $result.Content `
-ErrorAction Stop
if($null -ne $json)
{
$return = $json
if($null -ne $json.value)
{
$return = $json.value
}
Else
{
$return = $null
}
}
Else
{
$return = $null
}
}
}
Else
{
$ErrorMessage = 'Failed to get OMS Resource Group. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#Filter out all none OMS resource groups
$arrOMSResourceGroups = @()
If ($null -ne $return)
{
Foreach ($resourceGroup in $return)
{
if ($resourceGroup.name -imatch '^OI-Default-')
{
$arrOMSResourceGroups += $resourceGroup
}
}
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + 'Total OMS resource groups found: ' + $arrOMSResourceGroups.count
Write-Verbose `
-Message $VerboseMessage
#endergion
return $arrOMSResourceGroups
}
Function Get-OMSSavedSearch {
<#
.SYNOPSIS
Gets Saved Searches from OMS workspace
.DESCRIPTION
Gets Saved Searches from OMS workspace
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER QueryName
Specify the full name of OMS Saved Search to get
only specific query. Array of saved search names
can be specified as well.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
$OMSSS=Get-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token
Description
-----------
Gets Saved Searches from OMS
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
Example Output
--------------
$OMSSS[0].ID
$OMSSS[0].etag
$OMSSS[0].properties
$OMSSS[0].properties.Category
$OMSSS[0].properties.DisplayName
$OMSSS[0].properties.Query
$OMSSS[0].properties.Version
.EXAMPLE
$OMSSS=Get-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -APIVersion '2015-03-20'
Description
-----------
Gets Saved Searches from OMS.
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
Example Output
--------------
$OMSSS[0].ID
$OMSSS[0].etag
$OMSSS[0].properties
$OMSSS[0].properties.Category
$OMSSS[0].properties.DisplayName
$OMSSS[0].properties.Query
$OMSSS[0].properties.Version
.EXAMPLE
$OMSSS = Get-OMSSavedSearch -OMSConnection $OMSCon -Token $Token
Description
-----------
Gets Saved Searches from OMS by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
Example Output
--------------
$OMSSS[0].ID
$OMSSS[0].etag
$OMSSS[0].properties
$OMSSS[0].properties.Category
$OMSSS[0].properties.DisplayName
$OMSSS[0].properties.Query
$OMSSS[0].properties.Version
.EXAMPLE
$OMSSS = Get-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName'
Description
-----------
Gets specific Saved Search from OMS by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
Example Output
--------------
$OMSSS[0].ID
$OMSSS[0].etag
$OMSSS[0].properties
$OMSSS[0].properties.Category
$OMSSS[0].properties.DisplayName
$OMSSS[0].properties.Query
$OMSSS[0].properties.Version
.EXAMPLE
$OMSSS = Get-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName1','SavedQueryName2'
Description
-----------
Gets specific Saved Searches from OMS by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
Example Output
--------------
$OMSSS[0].ID
$OMSSS[0].etag
$OMSSS[0].properties
$OMSSS[0].properties.Category
$OMSSS[0].properties.DisplayName
$OMSSS[0].properties.Query
$OMSSS[0].properties.Version
.OUTPUTS
System.Object. Returns array of objects. Each object
is saved search query. If no saved searches are found
error is returned.
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='OMSConnection',Position=2,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$false)]
[String[]]$QueryName=$null,
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$URIManagement = 'https://management.azure.com'
$UriProvider = 'providers/microsoft.operationalinsights'
$OMSApiAction = 'savedSearches'
$uri = '{0}/subscriptions/{1}/resourcegroups/{2}/{3}/workspaces/{4}/{5}?api-version={6}' `
-f $URIManagement,$SubscriptionID, $ResourceGroupName, $UriProvider, $OMSWorkspaceName,$OMSApiAction, $APIVersion
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Type','application/json')
$result = Invoke-WebRequest `
-Method Get `
-Uri $uri `
-Headers $headers `
-UseBasicParsing `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to query OMS API.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
#endregion
if ($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if ($null -ne $result.Content)
{
$json = ConvertFrom-Json `
-InputObject $result.Content `
-ErrorAction Stop
if ($null -ne $json)
{
$OMSSavedSearches = $json
$return = $json
if ($null -ne $json.value)
{
$OMSSavedSearches = $json.value
$return = $json.value
}
Else
{
$ErrorMessage = 'There are no OMS Saved Searches.'
$ErrorMessage += " `n"
$ErrorMessage += 'Returned results: '
$ErrorMessage += $json
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
}
Else
{
$ErrorMessage = 'There are no OMS Saved Searches.'
$ErrorMessage += " `n"
$ErrorMessage += 'Returned results: '
$ErrorMessage += $json
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
}
}
Else
{
$ErrorMessage = 'Failed to get OMS Saved Searches.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
# If Name parameter specified
If ($QueryName)
{
$match = $false
$QueriesArray = @()
foreach ($qName in $QueryName)
{
foreach($q in $OMSSavedSearches)
{
if ($q.properties.displayname.Tostring() -eq $qName)
{
$QueriesArray += $q
$match=$true;break;
}
}
if(! $match)
{
$ErrorMessage = 'Failed to find query with Name: ' + $qName
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
return $null
}
else
{
$return = $QueriesArray
}
}
}
return $return
}
Function Remove-OMSSavedSearch {
<#
.SYNOPSIS
Deletes OMS Saved Search.
.DESCRIPTION
Deletes OMS Saved Search. Deleted saved search
does not immediately dissappears from OMS portal.
It may take a couple of minutes until it dissappears.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER QueryName
Specify the full name of OMS Saved Search to get
only specific query.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Remove-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -QueryName 'SavedQueryName'
Description
-----------
Removes specific Saved Search by name from OMS
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.EXAMPLE
Remove-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -QueryName 'SavedQueryName' -APIVersion '2015-03-20'
Description
-----------
Removes specific Saved Search by name from OMS
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.EXAMPLE
Remove-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName'
Description
-----------
Removes specific Saved Search by name from OMS by using information from asset of type connection in OMS Automation
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
.EXAMPLE
Remove-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName' -APIVersion '2015-03-20'
Description
-----------
Removes specific Saved Search by name from OMS by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
.OUTPUTS
No Output.
]
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$true)]
[String]$QueryName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=5,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$savedSearch = Get-OMSSavedSearch `
-SubscriptionID $SubscriptionID `
-ResourceGroupName $ResourceGroupName `
-OMSWorkspaceName $OMSWorkspaceName `
-QueryName $QueryName `
-Token $token `
-APIVersion $APIVersion `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to find Saved Search. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Details: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$URIManagement = 'https://management.azure.com'
$UriProvider = 'providers/microsoft.operationalinsights'
$OMSApiAction = 'savedSearches'
$SavedSearchID = $savedSearch[0].id.Split('/')[-1]
$uri = '{0}/subscriptions/{1}/resourcegroups/{2}/{3}/workspaces/{4}/{5}/{6}?api-version={7}' `
-f $URIManagement,$SubscriptionID, $ResourceGroupName, $UriProvider, $OMSWorkspaceName,$OMSApiAction, $SavedSearchID, $APIVersion
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Type','application/json')
$result = Invoke-WebRequest `
-Method Delete `
-Uri $uri `
-Headers $headers `
-UseBasicParsing `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to query OMS API.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
Write-Verbose $result
#endregion
if ($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if ($null -ne $result.Content)
{
$return = $null
}
}
Else
{
$ErrorMessage = 'Failed to deleted OMS Saved Searches.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
return $return
}
Function New-OMSSavedSearch {
<#
.SYNOPSIS
Creates new saved search in OMS workspace.
.DESCRIPTION
Creates new saved search in OMS workspace.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER Query
Query to be saved in OMS.
Example: * EventID=406
.PARAMETER QueryName
Query name for the saved search.
.PARAMETER Category
Category of the saved search.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
New-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Query $Query -QueryName 'Restarted Servers' -Category 'Windows Server' -Token $Token -APIVersion '2015-03-20'
Description
-----------
Creates new saved search query
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
.EXAMPLE
New-OMSSavedSearch -OMSConnection $OMSCon -Query $Query -QueryName 'Restarted Servers' -Category 'Windows Server' -Token $Token
Description
-----------
Creates new saved search query by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
.OUTPUTS
No Output.
#>
[CmdletBinding(
DefaultParameterSetName='DefaultParameterSet',
SupportsShouldProcess=$true,
ConfirmImpact='Low')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$true)]
[String]$QueryName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=5,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=5,Mandatory=$true)]
[String]$Query,
[Parameter(ParameterSetName='DefaultParameterSet',Position=6,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=6,Mandatory=$true)]
[string]$Category,
[Parameter(ParameterSetName='DefaultParameterSet',Position=7,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=7,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$URIManagement = 'https://management.azure.com'
$UriProvider = 'providers/microsoft.operationalinsights'
$OMSApiAction = 'savedSearches'
$SavedSearchID = $Category + '|' + $QueryName
$uri = '{0}/subscriptions/{1}/resourcegroups/{2}/{3}/workspaces/{4}/{5}/{6}?api-version={7}' `
-f $URIManagement,$SubscriptionID, $ResourceGroupName, $UriProvider, $OMSWorkspaceName,$OMSApiAction,$SavedSearchID, $APIVersion
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Type','application/json')
$QueryVersion = 1
$QProperties = `
[pscustomobject]@{'Category' = $Category ;
'DisplayName' = $QueryName;
'Query' = $Query;
'Version' = $QueryVersion;
}
$QDate = (get-date -Format 'yyyy-MM-ddTHH mm ss.fffffffZ').Replace(' ','%3A')
$etag = "W/`"datetime`'" + $QDate + "`'`""
$QObj = `
[pscustomobject]@{'etag' = $etag;
'properties' = $QProperties}
$body = $QObj | Convertto-Json `
-ErrorAction Stop
If ($PSCmdlet.ShouldProcess("Query: $QueryName"))
{
$result = Invoke-WebRequest `
-Method Put `
-Uri $uri `
-Headers $headers `
-Body $body `
-UseBasicParsing `
-ErrorAction Stop
}
}
Catch
{
$ErrorMessage = 'Failed to query OMS API.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
#endregion
if ($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if ($null -ne $result.Content)
{
$json = ConvertFrom-Json `
-InputObject $result.Content `
-ErrorAction Stop
if ($null -ne $json)
{
$return = $json
if ($null -ne $json.value)
{
$return = $json.value
}
}
}
}
Else
{
$ErrorMessage = 'Failed to save OMS search query.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
}
Function Invoke-OMSSavedSearch {
<#
.SYNOPSIS
Return the results from a named saved search.
.DESCRIPTION
Gets results from Saved Search.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER QueryName
Specify the full name of OMS Saved Search to get
only specific query.
.PARAMETER Top
Maximum number of restults to be returned
from the query. If not specified 10 results
will be returned.
Example: 200
.PARAMETER Start
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T08:33:55.864Z
.PARAMETER End
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T14:34:16.953Z
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Invoke-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -QueryName 'SavedQueryName'
Description
-----------
Executes Saved Search against OMS
Returns results from the saved search
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.EXAMPLE
Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -QueryName 'SavedQueryName' -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes Saved Search against OMS
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the saved search
Example Variables
-----------------
# Gets Saved Searches from OMS. Returns results.
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.EXAMPLE
Invoke-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Token $Token -QueryName 'SavedQueryName' -APIVersion '2015-03-20'
Description
-----------
Executes Saved Search against OMS
Uses specific version of Operational Insights API
Returns results from the saved search
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.EXAMPLE
Invoke-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName'
Description
-----------
Executes Saved Search against OMS by using information from asset of type connection in OMS Automation
Returns results from the saved search
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
Invoke-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName'
.EXAMPLE
Invoke-OMSSearchQuery -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName' -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes Saved Search against OMS by using information from asset of type connection in OMS Automation
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the saved search
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.EXAMPLE
Invoke-OMSSavedSearch -OMSConnection $OMSCon -Token $Token -QueryName 'SavedQueryName' -APIVersion '2015-03-20'
Description
-----------
Executes Saved Search against OMS by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Returns results from the saved search
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
.OUTPUTS
System.Object. Returns array of objects. Each object
is result from the query executed. Properties of each
object depend on the type of data returned.
For example result from Perf Type can look like this:
Key Value
--- -----
Computer CENTOS7
ObjectName Processor
CounterName % Processor Time
InstanceName _Total
Min 0,0
Max 1,0
SampleCount 45
TimeGenerated 2016-01-11T21:13:52Z
BucketStartTime 2016-01-11T21:05:39Z
BucketEndTime 2016-01-11T21:13:52Z
SourceSystem OpsManager
CounterPath \\CENTOS7\Processor(_Total)\% Processor Time
StandardDeviation 0,339934634239519
MG 00000000-0000-0000-0000-000000000002
id 8530a411-23bd-e980-04ae-b5dc6fffa365
Type Perf
CounterValue 0,866666666666667
__metadata {[Type, Perf], [TimeGenerated, 2016-01-11T21:13:52Z]}
#>
[CmdletBinding(DefaultParameterSetName='NoDateTime')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='NoDateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='NoDateTime',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='NoDateTime',Position=2,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='NoDateTime',Position=3,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='NoDateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=4,Mandatory=$true)]
[String]$QueryName,
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='NoDateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='DateTime',Position=5,Mandatory=$false)]
[int]$Top=10,
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=6,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=6,Mandatory=$true)]
[ValidatePattern('\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z')]
[string]$Start,
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=7,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=7,Mandatory=$true)]
[ValidatePattern('\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z')]
[string]$End,
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='NoDateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='DateTime',Position=8,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$savedSearch = Get-OMSSavedSearch `
-SubscriptionID $SubscriptionID `
-ResourceGroupName $ResourceGroupName `
-OMSWorkspaceName $OMSWorkspaceName `
-QueryName $QueryName `
-Token $token `
-APIVersion $APIVersion `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to find Saved Search. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Details: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
If ($savedSearch[0].properties.Query.Count -eq 1)
{
$OMSParams = @{
SubscriptionID = $SubscriptionID
ResourceGroupName = $ResourceGroupName
OMSWorkspaceName = $OMSWorkspaceName
Token = $token
Query = $savedSearch[0].properties.Query
APIVersion = $APIVersion
}
if($top)
{
$OMSParams.add('Top', $top)
}
if($start)
{
$OMSParams.add('Start', $start)
}
if($End)
{
$OMSParams.add('End', $End)
}
$results = Invoke-OMSSearchQuery @OMSParams
}
Else
{
$ErrorMessage = 'Failed to find Saved Search. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Details: '
$ErrorMessage += $savedSearch
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
return $results
}
Function Invoke-OMSSearchQuery {
<#
.SYNOPSIS
Executes Search Query against OMS
.DESCRIPTION
Executes Search Query against OMS
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER Query
Query to be executed against OMS API.
Example: * EventID=406
.PARAMETER Top
Maximum number of restults to be returned
from the query. If not specified 10 results
will be returned.
Example: 200
.PARAMETER Start
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T08:33:55.864Z
.PARAMETER End
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T14:34:16.953Z
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime -APIVersion '2015-03-20'
Description
-----------
Executes query against OMS
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.EXAMPLE
Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token
Description
-----------
Executes query against OMS
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
.EXAMPLE
Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes query against OMS
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.EXAMPLE
Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime -APIVersion '2015-03-20'
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.EXAMPLE
Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
.EXAMPLE
Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
.OUTPUTS
System.Object. Returns array of objects. Each object
is result from the query executed. Properties of each
object depend on the type of data returned.
For example result from Perf Type can look like this:
Key Value
--- -----
Computer CENTOS7
ObjectName Processor
CounterName % Processor Time
InstanceName _Total
Min 0,0
Max 1,0
SampleCount 45
TimeGenerated 2016-01-11T21:13:52Z
BucketStartTime 2016-01-11T21:05:39Z
BucketEndTime 2016-01-11T21:13:52Z
SourceSystem OpsManager
CounterPath \\CENTOS7\Processor(_Total)\% Processor Time
StandardDeviation 0,339934634239519
MG 00000000-0000-0000-0000-000000000002
id 8530a411-23bd-e980-04ae-b5dc6fffa365
Type Perf
CounterValue 0,866666666666667
__metadata {[Type, Perf], [TimeGenerated, 2016-01-11T21:13:52Z]}
#>
[CmdletBinding(DefaultParameterSetName='NoDateTime')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='NoDateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='NoDateTime',Position=1,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='NoDateTime',Position=2,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='NoDateTime',Position=3,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='NoDateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='DateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=4,Mandatory=$true)]
[String]$Query,
[Parameter(ParameterSetName='NoDateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='DateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=5,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=5,Mandatory=$false)]
[int]$Top=10,
[Parameter(ParameterSetName='DateTime',Position=6,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=6,Mandatory=$true)]
[ValidatePattern('\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z')]
[string]$Start,
[Parameter(ParameterSetName='DateTime',Position=7,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=7,Mandatory=$true)]
[ValidatePattern('\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z')]
[string]$End,
[Parameter(ParameterSetName='NoDateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='DateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-NoDateTime',Position=8,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection-DateTime',Position=8,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$URIManagement = 'https://management.azure.com'
$UriProvider = 'providers/microsoft.operationalinsights'
$OMSApiAction = 'search'
$uri = '{0}/subscriptions/{1}/resourcegroups/{2}/{3}/workspaces/{4}/{5}?api-version={6}' `
-f $URIManagement,$SubscriptionID, $ResourceGroupName, $UriProvider, $OMSWorkspaceName,$OMSApiAction, $APIVersion
$QueryArray = @{Query=$Query}
if ($Start -and $End)
{
$QueryArray+= @{Start=$Start}
$QueryArray+= @{End=$End}
}
if ($Top)
{
$QueryArray+= @{Top=$Top}
}
$enc = New-Object 'System.Text.ASCIIEncoding'
$body = ConvertTo-Json `
-InputObject $QueryArray `
-ErrorAction Stop
$byteArray = $enc.GetBytes($body)
$contentLength = $byteArray.Length
$headers = @{'Authorization'=$Token;'Accept'='application/json'}
$headers.Add('Content-Length',$contentLength)
$headers.Add('Content-Type','application/json')
$result = Invoke-WebRequest `
-Method Post `
-Uri $uri `
-Headers $headers `
-Body $body `
-UseBasicParsing `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to query OMS API. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Web Request Status code: ' + $result.StatusCode
Write-Verbose `
-Message $VerboseMessage
#endregion
if($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
{
if($null -ne $result.Content)
{
[void][System.Reflection.Assembly]::LoadWithPartialName('System.Web.Extensions')
$jsonserial= New-Object `
-TypeName System.Web.Script.Serialization.JavaScriptSerializer `
-ErrorAction Stop
$jsonserial.MaxJsonLength = [int]::MaxValue
$json = $jsonserial.DeserializeObject($result.Content)
if($null -ne $json)
{
$return = $json
if($null -ne $json.value)
{
$return = $json.value
}
Else
{
$return = $null
}
#region Verbose
$VerboseMessage = (Get-Date -Format HH:mm:ss).ToString() + ' - Number of records returned from search: ' + $return.count
Write-Verbose `
-Message $VerboseMessage
#endergion
}
Else
{
$return = $null
}
}
}
else
{
$ErrorMessage = 'Failed to execute query. Check parameters.'
$ErrorMessage += " `n"
$ErrorMessage += 'Web request Error: '
$ErrorMessage += $result
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
return $return
}
Function Export-OMSSavedSearch {
<#
.SYNOPSIS
Exports saved searches from OMS workspace to
file in json format.
.DESCRIPTION
Exports saved searches from OMS workspace to
file in json format.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER FileName
The name of the file to which the saved
searches will be exported.
.PARAMETER OutputPath
The location to the folder where the
exported saved search will saved.
.PARAMETER QueryName
Query name/names of the saved searches
to be exported.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Export-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -QueryName 'Restarted Servers','All_alerts' -FileName MySavedSearches -OutputPath 'D:\OMS\' -Token $Token -APIVersion '2015-03-20'
Description
-----------
Exports two saved searches into file MySavedSearches.json located in D:\OMS\
Uses specific version of Operational Insights API
Example Variables
-----------------
$Token = Get-AADToken -Credential (Get-Credential) -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0'
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.EXAMPLE
Export-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -FileName MySavedSearches -OutputPath 'D:\OMS\' -Token $Token
Description
-----------
Exports all saved searches from OMS workspace
Saved searches are exported to file MySavedSearches.json in folder D:\OMS\
Example Variables
-----------------
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Token = Get-AADToken -Credential (Get-Credential) -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0'
.OUTPUTS
System.Object. Returns object with the location
of the file where the exported saved searches are
saved.
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([object])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$true)]
[String]$FileName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=5,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=5,Mandatory=$true)]
[ValidateScript({Test-Path -Path $_ -PathType Container})]
[String]$OutputPath,
[Parameter(ParameterSetName='DefaultParameterSet',Position=6,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=6,Mandatory=$false)]
[string[]]$QueryName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=7,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=7,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
Try
{
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
$OMSSavedSearcParams = @{}
$OMSSavedSearcParams.Add('Token', $Token)
$OMSSavedSearcParams.Add('SubscriptionID', $SubscriptionID)
$OMSSavedSearcParams.Add('ResourceGroupName', $ResourceGroupName)
$OMSSavedSearcParams.Add('OMSWorkspaceName', $OMSWorkspaceName)
$OMSSavedSearcParams.Add('APIVersion', $APIVersion)
If ([string]::IsNullOrEmpty($QueryName) -eq $false)
{
$OMSSavedSearcParams.Add('QueryName', $QueryName)
}
}
Catch
{
$ErrorMessage = 'Failed to construct parameters for Get-OMSSavedSearch.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
$SavedSearchObj = Get-OMSSavedSearch `
@OMSSavedSearcParams `
-ErrorAction Stop
Try
{
$savedSearchArray = @()
foreach ($SavedSearch in $SavedSearchObj)
{
$SavedSearchCustObj = `
[pscustomobject]@{'QueryName' = $SavedSearch.properties.DisplayName;
'Category' = $SavedSearch.properties.Category;
'Query' = $SavedSearch.properties.Query }
$savedSearchArray += $SavedSearchCustObj
}
}
Catch
{
$ErrorMessage = 'Failed to create custom object.'
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
Try
{
$OutputPath = $OutputPath.TrimEnd('\')
$FilePath = $OutputPath + '\' + $FileName + '.json'
$savedSearchArray | ConvertTo-Json `
-Depth 3 `
-ErrorAction Stop | `
Out-File `
-FilePath $FilePath `
-Encoding utf8 `
-Force `
-ErrorAction Stop | Out-Null
$OutputResult = `
[pscustomobject]@{'File' = $FilePath}
}
Catch
{
$ErrorMessage = 'Failed to convert and save file: ' + $FilePath
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
return $OutputResult
}
Function Import-OMSSavedSearch {
<#
.SYNOPSIS
Imports saved searches to OMS workspace
from json file.
.DESCRIPTION
Imports saved searches to OMS workspace
from json file.
.PARAMETER Token
Token aquired from Get-AADToken cmdlet.
.PARAMETER SubscriptionID
Azure Subscription ID where the OMS workspace
is located.
.PARAMETER ResourceGroupName
Azure Resource Group Name where the OMS
workspace is located.
.PARAMETER OMSWorkspaceName
Name of the OMS workspace.
.PARAMETER OMSConnection
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
.PARAMETER FilePath
Full location to the json file that holds
saved searches.
.PARAMETER APIVersion
Api version for microsoft.operationalinsights
Azure Resource provider.
.EXAMPLE
Import-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName $OMSWorkspace -FilePath 'D:\OMS\MySavedSearches.json' -Token $Token -APIVersion '2015-03-20'
Description
-----------
Imports saved searches to OMS workspace from json file
Uses specific version of Operational Insights API
Example Variables
-----------------
$Token = Get-AADToken -Credential (Get-Credential) -TenantID 'eeb91fce-4be2-4a30-aad8-39e05fefde0'
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
.OUTPUTS
System.String. Outputs information for every successfully
imported saved search.
#>
[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
[OutputType([string])]
PARAM (
[Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
[Parameter(ParameterSetName='OMSConnection',Position=0,Mandatory=$true)]
[String]$Token,
[Parameter(ParameterSetName='OMSConnection',Position=1,Mandatory=$true)]
[Alias('Connection','c')]
[Object]$OMSConnection,
[Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$true)]
[ValidateScript({
try
{
[System.Guid]::Parse($_) | Out-Null
$true
}
catch
{
$false
}
})]
[string]$SubscriptionID,
[Parameter(ParameterSetName='DefaultParameterSet',Position=2,Mandatory=$true)]
[String]$ResourceGroupName,
[Parameter(ParameterSetName='DefaultParameterSet',Position=3,Mandatory=$true)]
[String]$OMSWorkspaceName,
[Parameter(ParameterSetName='OMSConnection',Position=4,Mandatory=$true)]
[Parameter(ParameterSetName='DefaultParameterSet',Position=4,Mandatory=$true)]
[ValidateScript({Test-Path -Path $_ -PathType Leaf})]
[String]$FilePath,
[Parameter(ParameterSetName='DefaultParameterSet',Position=7,Mandatory=$false)]
[Parameter(ParameterSetName='OMSConnection',Position=7,Mandatory=$false)]
[String]$APIVersion='2015-03-20'
)
If ($OMSConnection)
{
$SubscriptionID = $OMSConnection.SubscriptionID
$ResourceGroupName = $OMSConnection.ResourceGroupName
$OMSWorkspaceName = $OMSConnection.WorkSpaceName
}
Try
{
$SavedSearchObj = Get-Content `
-Path $FilePath `
-Force `
-ErrorAction Stop `
-Encoding UTF8 | `
ConvertFrom-Json `
-ErrorAction Stop
}
Catch
{
$ErrorMessage = 'Failed to read and convert from json file: ' + $FilePath
$ErrorMessage += " `n"
$ErrorMessage += 'Error: '
$ErrorMessage += $_
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
foreach ($SavedSearch in $SavedSearchObj)
{
If ([string]::IsNullOrEmpty($SavedSearch.QueryName) -eq $false)
{
$QueryName = $SavedSearch.QueryName
}
Else
{
$ErrorMessage = 'Property QueryName is empty or does not exist.'
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
If ([string]::IsNullOrEmpty($SavedSearch.Category) -eq $false)
{
$Category = $SavedSearch.Category
}
Else
{
$ErrorMessage = 'Property Category is empty or does not exist.'
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
If ([string]::IsNullOrEmpty($SavedSearch.Query) -eq $false)
{
$Query = $SavedSearch.Query
}
Else
{
$ErrorMessage = 'Property Query is empty or does not exist.'
Write-Error -Message $ErrorMessage `
-ErrorAction Stop
}
New-OMSSavedSearch `
-Token $Token `
-SubscriptionID $SubscriptionID `
-ResourceGroupName $ResourceGroupName `
-OMSWorkspaceName $OMSWorkspaceName `
-QueryName $QueryName `
-Category $Category `
-Query $Query `
-APIVersion $APIVersion `
-ErrorAction Stop | Out-Null
$OutputMessage = 'Successfully imported query: ' + $QueryName
Write-Output -InputObject $OutputMessage
}
}
#Load Load Active Directory Authentication Library (ADAL) Assemblies
If (!([AppDomain]::CurrentDomain.GetAssemblies() |Where-Object { $_.FullName -eq 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.14.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'}))
{
Write-verbose 'Microsoft.IdentityModel.Clients.ActiveDirectory...'
Try {
$ADALDllFilePath = Join-Path $PSScriptRoot 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
Add-Type -path $ADALDllFilePath
} Catch {
Throw "Unable to load $ADALDllFilePath. Please verify if the DLLs exist in this location!"
}
}
New-Alias -Name Execute-OMSSearchQuery -Value Invoke-OMSSearchQuery -Scope Global
#backward compatibility
New-Alias -Name Get-OMSSavedSearches -Value Get-OMSSavedSearch -Scope Global
Export-ModuleMember -Alias Execute-OMSSearchQuery
Export-ModuleMember -Function *
#region Deprecated Get-ARMAzureSubscription
#Function Get-ARMAzureSubscription {
#<#
# .SYNOPSIS
# Get Azure Subscriptions for current identity.
#
# .DESCRIPTION
# Get Azure Subscriptions for current identity.
#
# .PARAMETER Token
# Token aquired from Get-AADToken cmdlet.
#
# .PARAMETER APIVersion
# Api version for Azure subscriptions provider.
#
# .EXAMPLE
# $OMSCon = Get-AutomationConnection -Name 'OMSCon'
# $Token = Get-AADToken -OMSConnection $OMSCon
# $subscriptions = Get-AzureSubscription -Token $Token
#
# .EXAMPLE
# $OMSCon = Get-AutomationConnection -Name 'OMSCon'
# $Token = Get-AADToken -OMSConnection $OMSCon
# $subscriptions = Get-AzureSubscription -Token $Token -APIVersion '2015-03-20'
#
# .OUTPUTS
# System.Object. Returns array of objects. Each object
# is Azure subscription information.
#
##>
#[CmdletBinding(DefaultParameterSetName='DefaultParameterSet')]
#[OutputType([object])]
#PARAM (
# [Parameter(ParameterSetName='DefaultParameterSet',Position=0,Mandatory=$true)]
# [String]$Token,
#
# [Parameter(ParameterSetName='DefaultParameterSet',Position=1,Mandatory=$false)]
# [String]$APIVersion='2015-03-20'
# )
#
# #'2015-01-01'
# Try
# {
# $URI = 'https://management.azure.com/subscriptions?api-version={0}' -f $APIVersion
#
# $headers = @{'Authorization'=$Token;'Accept'='application/json'}
# $headers.Add('Content-Type','application/json')
#
# $result = Invoke-WebRequest `
# -Method Get `
# -Uri $uri `
# -Headers $headers `
# -UseBasicParsing `
# -ErrorAction Stop
#
#
# }
# Catch
# {
# $ErrorMessage = 'Failed to query Azure Resource Manager API. Check parameters.'
# $ErrorMessage += " `n"
# $ErrorMessage += 'Error: '
# $ErrorMessage += $_
# Write-Error -Message $ErrorMessage `
# -ErrorAction Stop
# }
#
# $json=$null
# if($result.StatusCode -ge 200 -and $result.StatusCode -le 399)
# {
# if($null -ne $result.Content)
# {
# $json = ConvertFrom-Json `
# -InputObject $result.Content `
# -ErrorAction Stop
# }
# }
# Else
# {
# $ErrorMessage = 'Failed to get Azure Subscription. Check parameters.'
# $ErrorMessage += " `n"
# $ErrorMessage += 'Web request Error: '
# $ErrorMessage += $result
# Write-Error -Message $ErrorMessage `
# -ErrorAction Stop
# }
#
# return $json
#}
#endregion