Injecting Event Log Export from .evtx Files to OMS Log Analytics

Over the last few days, I had an requirement injecting events from .evtx files into OMS Log Analytics. A typical .evtx file that I need to process contains over 140,000 events. Since the Azure Automation runbook have the maximum execution time of 3 hours, in order to make the runbook more efficient, I also had to update my OMSDataInjection PowerShell module to support bulk insert (http://blog.tyang.org/2016/12/05/omsdatainjection-powershell-module-updated/). I have publish the runbook on GitHub Gist: View the code on Gist. Note: In order to use this runbook, you MUST use the latest OMSDataInjection module (version 1.1.1) because of the bulk insert.

OMSDataInjection PowerShell Module Updated

I’ve updated the OMSDataInjection PowerShell module to version 1.1.1. I have added support for bulk insert into OMS. Now you can pass in an array of PSObject or plain JSON payload with multiple log entries. The module will check for the payload size and make sure it is below the supported limit of 30MB before inserting into OMS. You can get the new version from both PowerShell Gallery and GitHub: PowerShell Gallery: https://www.powershellgallery.com/packages/OMSDataInjection/1.1.1 GitHub: https://github.com/tyconsulting/OMSDataInjection-PSModule/releases/tag/1.1.1

%d bloggers like this: