Hello
I have created a Data Collection Endpoint and a Data Collection Rule with An Azure Policy Event
My goal is to send the data to a custom log table in a log analytics workspace
Everything is created
I am using an user assigned managed identity ([Monitoring Metrics Publisher](https://portal.azure.com/#"Monitoring Metrics Publisher")) role on the subscription where the DCE and DCR and LAW and function are
I have no error
but data are not populated in Custom Log Table
Thanks for the help in advance
param($EventGridEvent, $TriggerMetaData)
############### BEGIN USER SPECIFIED VARIABLES ###############
############### Please fill in values for all Variables in this section. ###############
$ClientId = 'XXXXX'
# Specify the name of the LAW Table that you will be sending data to
$Table = "zzzz"
# Specify the Immutable ID of the DCR
$DcrImmutableId = "yyyyy"
# Specify the URI of the DCE
$DceURI = "zzzzzz"
# Login to Azure as the Azure FUnction Managed Identity and Grab the Secret from the Keyvault
Connect-AzAccount -Identity -AccountId $ClientId
## Obtain a bearer token used to authenticate against the data collection endpoint
#Method 1 with Resource URI and MSI Azure Function Endpoint
$resourceURI = "https://monitor.azure.com/"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&client_id=$ClientId&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$bearerToken = $tokenResponse.access_token
#Method 2 with Get-AzAccessToken
#$bearerToken2 = Get-AzAccessToken -ResourceUrl "https://monitor.azure.com/"
############### END USER SPECIFIED VARIABLES ###############
# JSON Value
#$json = @"
#[{ "id": "$($EventGridEvent.id)",
# "topic": "$($EventGridEvent.topic)",
# "subject": "$($EventGridEvent.subject)",
# "eventTime": "$($EventGridEvent.eventTime)",
# "eventType": "$($EventGridEvent.eventType)",
# "compliancestate": "$($EventGridEvent.data.complianceState)",
# "compliancereasoncode": "$($EventGridEvent.data.complianceReasonCode)",
# "policydefinitionid": "$($EventGridEvent.data.policyDefinitionId)",
# "policyassignmentid": "$($EventGridEvent.data.policyAssignmentId)",
# "subscriptionid": "$($EventGridEvent.data.subscriptionId)",
# "timestamp": "$($EventGridEvent.data.timestamp)"
#}]
#"@
$json = @"
[{ "topic": "$($EventGridEvent.topic)",
"id": "$($EventGridEvent.id)",
"eventType": "$($EventGridEvent.eventType)",
"subject": "$($EventGridEvent.subject)",
"data": "$($EventGridEvent.data)",
"dataVersion": "$($EventGridEvent.dataVersion)",
"metadataVersion": "$($EventGridEvent.metadataVersion)",
"eventTime": "$($EventGridEvent.eventTime)"
}]
"@
# Sending the data to Log Analytics via the DCR!
#$body = $json
#$body = $EventGridEvent
$EventGridEvent | Out-String | W
$headers = @{"Authorization" = "Bearer $bearerToken"; "Content-Type" = "application/json" };
$uri = "$DceURI/dataCollectionRules/$DcrImmutableId/streams/Custom-$Table"+"?api-version=2023-01-01";
try
{
$Result = Invoke-RestMethod -Uri $uri -Method "POST" -Body $EventGridEvent -Headers $headers
$Result.all | Out-String | Write-Host
}
catch
{
Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
Write-Host "Message:" $_.ErrorDetails.Message
}
#$uploadResponse =
#$uploadResponse | Out-String | Write-Host
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 80%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
