Searching OMS Using the New Search Language (Kusto) REST API in PowerShell

Currently Microsoft is in the process of upgrading all OMS Log Analytics workspaces to the new query language (named Kusto). Once your workspace has been upgraded, you will no longer able to invoke search queries using the Get-AzureRmOperationalInsightsSearchResults cmdlet from the AzureRM.OperationalInsights PowerShell module. Kusto comes with a new set of REST APIs, you can find the documentation site here: https://dev.int.loganalytics.io. According to the documentation, this REST API has the following limitations: Queries cannot return more than 500,000 rows Queries cannot return more than 64,000,000 bytes (~61 MiB total data) Quries cannot run longer than 10 minutes by default. From

New PowerShell Module For Azure Automation: AzureServicePrincipalAccount

I’m currently working on a project where there has been a lot of discussion on how to use Azure AD Service Principals in Azure Automation and other solutions that involves any automated processes (i.e. VSTS pipelines). When signing in to Azure using a Service Principal, you can use either a key (password) or a certificate associated to the Service Principal. When using the Add-AzureRMAccount cmdlet, you can use one of the following parameter set: Key (password) based: Azure AD Tenant ID Azure Subscription Name or ID PS Credential object User name: Azure AD Application ID Password: Service Principal key Certificate

AzureTableEntity PowerShell Module Updated

I have updated the AzureTableEntity PowerShell module few days ago. The latest version is 1.0.3.0 and it is published at: PowerShell Gallery: https://www.powershellgallery.com/packages/AzureTableEntity/1.0.3.0 GitHub: https://github.com/tyconsulting/AzureTableEntity-PowerShell-Module/releases What’s changed? New function Merge-AzureTableEntity Merge one or more entities in a Azure table. Please make sure you understand the difference between Azure table merge and update operations: Update: replace entity fields with the the fields specified in the update operation Merge: update the value of existing fields specified in the merge operation If you want to update the value of an existing field and having the rest of the fields unchanged, make sure you

Deploying PowerShell Module from GitHub to a MyGet Feed using VSTS CI/CD Pipeline

Introduction Lately I have been playing with VSTS and its CI/CD capabilities. Since I have been writing a lot of PowerShell modules and I’m using GitHub and MyGet in this kind of projects, I thought a good scenario to build is to use VSTS CI/CD pipeline to automatically deploy the module from GitHub to my MyGet feed whenever I commit to the master branch for the particular PS module. In summary, this is the process: I commit code changes to master branch VSTS starts the build process (CI) fetch the artefact run pester test making sure the module can be

Programmatically Creating Azure Automation Runbook Webhooks Targeting Hybrid Worker Groups

In Azure Automation, you can create a webhook for a runbook and target it to a Hybrid Worker group (as opposed to run on Azure). In the Azure portal, it is pretty easy to configure this ‘RunOn’ property when you are creating the webhook. However, at the time of writing this blog post, it is STILL not possible to specify where the webhook should target when creating it using the Azure Automation PowerShell module AzureRM.Automation (version 3.1.0 at the time of writing). The cmdlet New-AzureRMAutomationWebhook does not provide a parameter where you can specify the webhook “RunOn” target: there are

PowerShell Function to Get Azure AD Token

When making Azure Resource Manager REST API calls, you will firstly need to obtain an Azure AD authorization token and use it to construct the authorization header for your HTTP requests. My good friend Stanislav Zhelyazkov (@StanZhelyazkov) has written a PowerShell function call Get-AADToken as part of the OMSSearch PowerShell module for this purpose. You can find it in the OMSSearch project’s GitHub repo: https://github.com/slavizh/OMSSearch/blob/master/OMSSearch.psm1 I have been using this functions in many projects in the past and it served me well. However, the limitation for Stan’s function is that it only works with user principals – you can only generate

SharePointSDK Module Updated to v2.1.5

I’ve just released SharePointSDK module version 2.1.5 with a minor bug fix within the New-SPListDateTimeField function. In the old versions, the New-SPListDateTimeField function would fail if the parameter ‘UseTodayAsDefaultValue’ is set to $false. This bug is fixed in v2.1.5. You can find version 2.1.5 at: PowerShell Gallery: https://www.powershellgallery.com/packages/SharePointSDK/2.1.5 GitHub: https://github.com/tyconsulting/SharePointSDK_PowerShellModule/releases/tag/v2.1.5

Programmatically Performing OMS Log Search Against a Large Result Set

When performing OMS log search programmatically, you will encounter an API limitation that will prevent you from getting all the logs from the result set. Currently, if the search does not include an aggregation command, the API call will return maxium 5000 records. This limitation applies to both the OMS PowerShell module (AzureRM.OperationalInsights) and searching directly via the Log Search API. The return response you get from either the Get-AzureRmOperationalInsightsSearchResults cmdlet or the Log Search API, you will get the total number of logs contained in the result set from the response metadata (as shown below), but you will only

Using Azure Key Vault as the Password Repository For You and Your Team

Over the past decade, I have used several password management applications such as Password Safe, KeePass and LastPass. Out of these products, only LastPass is cloud based. I have been hesitate to use LastPass over the last few years and stayed with KeePass because of the LastPass data breach back in 2015. Few months ago, my friend Alex Verkinderen finally convinced me to start using LastPass again. But this time, in order to be more secure and being able to use Multi-Factor Authentication (MFA), I have purchased a premium account and also purchased a YubiKey Neo for MFA. I understand

Managing Azure Automation Module Assets Using MyGet

Background Managing the life cycle of PowerShell module assets in your Azure Automation accounts can be challenging. If  you are currently using Azure Automation, you may have already noticed the following behaviours when managing the module assets: 1. It is difficult to automate the module asset deployment process. If you want to automate the module deployment to your Automation Account (i.e. using the PowerShell cmdlet New-AzureRmAutomationModule), you must ensure the module that you are trying to import is zipped into a zip file and located on a public location where Azure Automation can read via HTTP (i.e. Azure Blob storage).

%d bloggers like this: