Invoke-AzOperationalInsightsQuery
Returns search results based on the specified parameters.
Syntax
ByWorkspaceId (Default)
Invoke-AzOperationalInsightsQuery
-WorkspaceId <String>
-Query <String>
[-Timespan <TimeSpan>]
[-Wait <Int32>]
[-IncludeRender]
[-IncludeStatistics]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByWorkspaceObject
Invoke-AzOperationalInsightsQuery
-Workspace <PSWorkspace>
-Query <String>
[-Timespan <TimeSpan>]
[-Wait <Int32>]
[-IncludeRender]
[-IncludeStatistics]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Invoke-AzOperationalInsightsQuery cmdlet returns the search results based on the specified parameters.
You can access the status of the search in the Metadata property of the returned object.
If the status is Pending, then the search has not completed, and the results will be from the archive.
You can retrieve the results of the search from the Value property of the returned object.
Please check detail of general query limits here:
https://learn.microsoft.com/azure/azure-monitor/service-limits#log-queries-and-language .
Note: try setting -Wait to a larger value if you experience the error 'The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing'.
Examples
Example 1: Get search results using a query
$query = "union * | take 10"
$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId "63613592-b6f7-4c3d-a390-22ba13102111" -Query $query
$queryResults.Results
Once invoked, $queryResults.Results will contain all of the resulting rows from your query.
Example 2: Convert $results.Result IEnumerable to an array
$query = "union * | take 10"
$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId "63613592-b6f7-4c3d-a390-22ba13102111" -Query $query
$resultsArray = [System.Linq.Enumerable]::ToArray($queryResults.Results)
Some queries can result in very large data sets being returned. Because of this, the default behavior of the cmdlet is to return an IEnumerable to reduce memory costs. If you'd prefer to have an array of results, you can use the LINQ Enumerable.ToArray() extension method to convert the IEnumerable to an array.
Example 3: Get search results using a query over a specific timeframe
$query = "union * | take 10"
$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId "63613592-b6f7-4c3d-a390-22ba13102111" -Query $query -Timespan (New-TimeSpan -Hours 24)
$queryResults.Results
The results from this query will be limited to the past 24 hours.
Example 4: Include render & statistics in query result
$query = "union * | take 10"
$queryResults = Invoke-AzOperationalInsightsQuery -WorkspaceId "63613592-b6f7-4c3d-a390-22ba13102111" -Query $query -IncludeRender -IncludeStatistics
$queryResults.Results
$queryResults.Render
$queryResults.Statistics
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IncludeRender
If specified, rendering information for metric queries will be included in the response.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IncludeStatistics
If specified, query statistics will be included in the response.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Query
The query to execute.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Timespan
The timespan to bound the query by.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Wait
Puts an upper bound on the amount of time the server will spend processing the query. See: https://learn.microsoft.com/azure/azure-monitor/logs/api/timeouts
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Workspace
The workspace
Parameter properties
Type: PSWorkspace
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByWorkspaceObject
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-WorkspaceId
The workspace ID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByWorkspaceId
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs