search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.96k stars 2.94k forks source link

az monitor log-analytics query incorrectly process multiline analytics-query parameter #29152

Open martin-rublik opened 2 months ago

martin-rublik commented 2 months ago

Describe the bug

A mutli-line analytics query is stripped, only first line is taken into consideration, the rest of the query is ignored.

Related command

$la=$(az monitor log-analytics workspace list) | ConvertFrom-Json
$sentinelLA = $la | ?{$_.Name -eq $SENTINEL_LA_NAME}

query = @"
SigninLogs 
| where TimeGenerated > ago(30minutes) 
| distinct UserPrincipalName,tostring(DeviceDetail.displayName) 
| limit 10
"@

$signInLogs=$(az monitor log-analytics query -w $sentinelLA.customerId --analytics-query $query)

Errors

az monitor log-analytics query returns all the date from SignInLogs

Issue script & Debug output

az monitor log-analytics query returns all the date from SignInLogs

Expected behavior

the filter where TimeGenerated > ago(30minutes) should be taken into consideration, also the limit etc.

Environment Summary

azure-cli                         2.61.0

core                              2.61.0
telemetry                          1.1.0

Extensions:
log-analytics                      0.2.2

Dependencies:
msal                              1.28.0
azure-mgmt-resource               23.1.1

Python location 'C:\temp\azure-cli-2.61.0-x64\python.exe'
Extensions directory 'C:\Users\martinr\.azure\cliextensions'

Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb  6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

https://martin.rublik.eu/2024/06/11/az-cli-and-loganalytics.html you can find detailed information here, along with workaround for this issue.

yonzhan commented 2 months ago

Thank you for opening this issue, we will look into it.