Created
July 29, 2021 06:04
-
-
Save caseymullineaux/ba29dea112cf938e74ef64f39548a562 to your computer and use it in GitHub Desktop.
Send-LogAnalyticsData
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $TableName, | |
| [Parameter(Mandatory)] | |
| [string] | |
| $JsonData, | |
| [Parameter(Mandatory)] | |
| [string] | |
| $WorkspaceId, | |
| [Parameter(Mandatory)] | |
| [string] | |
| $WorkspaceKey | |
| ) | |
| Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource) { | |
| # Required Function to build the Authorization signature for the Azure Log Analytics Data Collector API. Reference: https://docs.microsoft.com/azure/azure-monitor/platform/data-collector-api | |
| $xHeaders = "x-ms-date:" + $date | |
| $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource | |
| $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) | |
| $keyBytes = [Convert]::FromBase64String($sharedKey) | |
| $sha256 = New-Object System.Security.Cryptography.HMACSHA256 | |
| $sha256.Key = $keyBytes | |
| $calculatedHash = $sha256.ComputeHash($bytesToHash) | |
| $encodedHash = [Convert]::ToBase64String($calculatedHash) | |
| $authorization = 'SharedKey {0}:{1}' -f $customerId, $encodedHash | |
| # Dispose SHA256 from heap before return. | |
| $sha256.Dispose() | |
| return $authorization | |
| } | |
| Function Send-LogAnalyticsData($customerId, $sharedKey, $body, $logType) { | |
| # Required Function to create and invoke an API POST request to the Azure Log Analytics Data Collector API. References: https://docs.microsoft.com/azure/azure-monitor/platform/data-collector-api and https://docs.microsoft.com/azure/azure-functions/functions-reference-powershell#environment-variables | |
| $method = "POST" | |
| $contentType = "application/json" | |
| $resource = "/api/logs" | |
| $rfc1123date = [DateTime]::UtcNow.ToString("r") | |
| $contentLength = $body.Length | |
| $signature = Build-Signature ` | |
| -customerId $customerId ` | |
| -sharedKey $sharedKey ` | |
| -date $rfc1123date ` | |
| -contentLength $contentLength ` | |
| -method $method ` | |
| -contentType $contentType ` | |
| -resource $resource | |
| $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" | |
| $headers = @{ | |
| "Authorization" = $signature; | |
| "Log-Type" = $logType; | |
| "x-ms-date" = $rfc1123date; | |
| "time-generated-field" = $TimeStampField; | |
| } | |
| $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing | |
| return $response.StatusCode | |
| } | |
| Send-LogAnalyticsData -customerId $workspaceId -sharedKey $workspaceKey -Body ([System.Text.Encoding]::UTF8.GetBytes($jsonData)) -LogType $TableName | Out-Null | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment