Category: Log Analytics
-
PowerShell DCR Log Analytics: Part 2.10 – Queries & Workbooks
In this section, we will take a look at some basic KQL queries and how those are then put into a workbook. While the Sample Collector is rather basic as again, it’s just to demo how this whole thing works, there are still some simple queries we can make which do provide real value. In…
-
PowerShell DCR Log Analytics: Part 2.9 – Modifying the Collection Script to Ingest New Data
In the last part of this series, we took a look at how the collection script works. In this part, we will look at how you can modify it to collect a new piece of data. While I would prefer you to simply follow along, the final result script created in this guide will be SampleCollectionScriptV4.ps1 which…
-
PowerShell DCR Log Analytics: Part 2.8 – How the Collection Script Works
This post will cover how the data collection script works with a focus on the sections you would want to change in order to modify it. An example of how to modify it, along with the necessary corresponding DCR and table changes, will come later as I am trying to keep these posts less monstrously…
-
PowerShell DCR Log Analytics: Part 2.7 – Deploying Data Collection Scripts
The last several parts of this series have been rather large so, I am going to keep this one nice and short. This will cover only the deployment of the script via Proactive Remediations as well as some simple queries to watch as new devices check in. Discussion regarding how the script works and how…
-
PowerShell DCR Log Analytics: Part 2.6 – Troubleshooting Upload Failures
This is something I didn’t write before that I really should have. This article will cover how to troubleshoot an upload failure. This is applicable to ANY log client script, not just the sample collection. Critical: If you (recently) altered/alter ANY of the Function App permissions either via the guide or by following the steps…
-
PowerShell DCR Log Analytics: Part 2.5 – Sample Script, DCR & Table Creation, DCR Permission, First Ingestion
Yes, this part is going to cover a lot. But, by the end of this you will actually have sample data being ingested to Log Analytics! Unfortunately, this process is one of those things that makes a lot more sense to do and then explain. This information is all based on this article from Microsoft, and…
-
PowerShell DCR Log Analytics: Part 2.4 – Function App
Welcome to part four, this is where things start to get serious and lengthy. In this section we will be going over the deployment of the Function App. I am covering this early on because it is a universal component which will/can be used by any data collection script. By the end of this article, you will…
-
PowerShell DCR Log Analytics: Part 2.3 – Log Analytics Workspace and DCE
Welcome to part three of the second generation of PowerShell DCR Log Analytics. In this blog we will finally be getting into actual setup and creation! However, we will be keeping things simple and knocking out some easy targets. Note: There is no functional changes in this article from part 3 of the original series.…
-
PowerShell DCR Log Analytics: Part 2.2 – Cost
This is probably the single most important question to anyone who is considering following this series of guides. If it’s not cost effective, what’s the point? Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need to consult with…
-
PowerShell DCR Log Analytics: Part 2.1 – Overview
Welcome! This is part one of the second generation of the Log Analytics learning series. Here we will cover… Why a Second Generation? To those familiar with the first generation of this series, you may be wondering why I would go back and re-do so much documentation. Well, in short, a lot has changed. Simply…
Azure to the Max 