34 lines
1.6 KiB
PowerShell
34 lines
1.6 KiB
PowerShell
$TenantId = 'zz0z00z0-00zz-0z0z-z000-zz000z000000'
|
|
$loggingClientID = '000zzzzz-zz0z-0000-0z00-zzz00z00z000'
|
|
$loggingSecret = 'z000Z~0ZZ-0zzZZzzzZzz0zzzzzzzZzz00ZZZzZZ'
|
|
$logAnalyticsWorkspace = '00z0zz00-0000-0z00-z000-000000zz0000'
|
|
$customLogName = "ELEMENT"
|
|
|
|
$lastEntry = $null
|
|
|
|
# Get Access Token for Log Analytics to allow KQL Queries to get last ingested events in Custom Logs
|
|
$loginURL = "https://login.microsoftonline.com/$TenantId/oauth2/token"
|
|
$resource = "https://api.loganalytics.io"
|
|
$authbody = @{grant_type = "client_credentials"; resource = $resource; client_id = $loggingClientID; client_secret = $loggingSecret }
|
|
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL -Body $authbody
|
|
$headerParams = @{'Authorization' = "$($oauth.token_type) $($oauth.access_token)" }
|
|
$logAnalyticsBaseURI = "https://api.loganalytics.io/v1/workspaces"
|
|
|
|
# Get last 2 records from Log Analytics Data ourAppCustomLogs
|
|
$result = invoke-RestMethod -method Get -uri "$($logAnalyticsBaseURI)/$($logAnalyticsWorkspace)/query?query=$($customLogName) | take 10×pan=PT12H" -Headers $headerParams
|
|
|
|
# Format Result to PSObject
|
|
$headerRow = $null
|
|
$headerRow = $result.tables.columns | Select-Object name
|
|
$columnsCount = $headerRow.Count
|
|
$logData = @()
|
|
|
|
Foreach ($row in $result.tables.rows) {
|
|
$data = new-object PSObject
|
|
For ($i = 0; $i -lt $columnsCount; $i++) {
|
|
$data | add-member -membertype NoteProperty -name $headerRow[$i].name -value $row[$i]
|
|
}
|
|
$logData += $data
|
|
$data = $null
|
|
}
|
|
[string]$lastEntry = $logData[0] |