Last active
February 24, 2024 21:09
-
-
Save andrewmatveychuk/3c79a5a94a8254b43a185b05cd93d5a9 to your computer and use it in GitHub Desktop.
A sample PowerShell function to push logs to a Log Analytics workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function New-LogEntry { | |
<# | |
.SYNOPSIS | |
Push a new log entry(s) to a Data Collection Endpoint | |
.DESCRIPTION | |
The New-LogEntry cmdlet sends provided JSON payload to the target Data Collection Endpoint | |
to be processed by Data Collection Rule and logged to an underlying Log Analytics workspace | |
.PARAMETER DceEndpoint | |
Data collection endpoint (DCE) to send collected data for processing and ingestion into Azure Monitor | |
.PARAMETER DcrImmutableId | |
ImmutableID of a data collection rule (DCR) used to process the input data | |
.PARAMETER StreamName | |
Name of the data collection transformation stream in the target DCR | |
.PARAMETER Token | |
Bearer token as a SecureString to authenticate to the target DCE | |
.PARAMETER JsonPayload | |
Log entries to create as a JSON array (https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview#body) | |
Item structure must match the format expected by the stream in the DCR | |
.EXAMPLE | |
New-LogEntry -DceEndpoint $dceEndpoint -DcrImmutableId $drImmutableId -StreamName $streamName -Token $bearerTokenAsSecureString -JsonPayload $payload | |
Accept input data from the parameter | |
.EXAMPLE | |
$payload | New-LogEntry -DceEndpoint $dceEndpoint -DcrImmutableId $drImmutableId -StreamName $streamName -Token $bearerTokenAsSecureString | |
Accept payload input from the pipeline | |
.INPUTS | |
System.String | |
.OUTPUTS | |
System.Object | |
#> | |
[CmdletBinding(PositionalBinding = $true, SupportsShouldProcess = $true)] | |
[OutputType([System.Object])] | |
param ( | |
[Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $false)] | |
[ValidateNotNullOrEmpty()] | |
[string]$DceEndpoint, | |
[Parameter(Mandatory = $true, Position = 1, ValueFromPipeline = $false)] | |
[ValidateNotNullOrEmpty()] | |
[string]$DcrImmutableId, | |
[Parameter(Mandatory = $true, Position = 2, ValueFromPipeline = $false)] | |
[ValidateNotNullOrEmpty()] | |
[string]$StreamName, | |
[Parameter(Mandatory = $true, Position = 4, ValueFromPipeline = $false)] | |
[ValidateNotNullOrEmpty()] | |
[securestring]$Token, | |
[Parameter(Mandatory = $true, Position = 5, ValueFromPipeline = $true)] | |
[ValidateScript({ $_ | ConvertFrom-Json })] # Validate if the input string is a valid JSON-formatted string. Need to use ConvertFrom-Json instead of Test-Json due to errors in PowerShell 7.2 (https://github.com/PowerShell/PowerShell/issues/11384) | |
[string]$JsonPayload | |
) | |
begin { | |
Write-Debug "Setting up the connection properties..." | |
$headers = @{"Content-Type" = "application/json" } | |
$uri = "$DceEndpoint/dataCollectionRules/$DcrImmutableId/streams/$($StreamName)?api-version=2023-01-01" | |
} | |
process { | |
Write-Debug "Sending log entries to the Logs Ingestion API in Azure Monitor..." | |
if ($PSCmdlet.ShouldProcess($uri, 'Post' )) { | |
Write-Verbose "Posting the provided JSON payload to : $uri" | |
Invoke-RestMethod -Uri $uri -Method Post -Headers $headers -Body $JsonPayload -StatusCodeVariable 'responseStatusCode' -ResponseHeadersVariable 'responseHeaders' -Authentication Bearer -Token $Token | |
} | |
Write-Debug "Generating operation result..." | |
$result = [PSCustomObject]@{ | |
ResponseStatusCode = $responseStatusCode | |
ResponseHeaders = $responseHeaders | |
} | |
Write-Output $result | |
} | |
end { } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment