dingmeng-xue
commented
3 years ago We will look into it.
Open Ayanmullick opened 3 years ago
dingmeng-xue
commented
3 years ago We will look into it.
dingmeng-xue
commented
3 years ago @Ayanmullick , could you share the debug log when executing (Get-AzOperationalInsightsSavedSearch -ResourceGroupName <> -Name <>).Value.properties? You can turn on debug log via $DebugPreference = "Continue"
Ayanmullick
commented
3 years ago @Ayanmullick , could you share the debug log when executing
(Get-AzOperationalInsightsSavedSearch -ResourceGroupName <> -Name <>).Value.properties? You can turn on debug log via$DebugPreference = "Continue"
I removed the Body. Please confirm if you are able to reproduce issue at your end.
dingmeng-xue
commented
3 years ago After discussion with service team, Azure Portal uses a separate source (query-pack) to return additional query template. Service team is considering to add them to management API.
Description
How can one see the full list of saved queries in a Log Analytics workspace using PowerShell?
Steps to reproduce
This shows only a subset of the whole list.
Output
| Category | DisplayName | | -------- | ----------- | | Security | All Security Activities | | Security | Security Activities on the computer "Computer01.contoso.com" (replace with your own computer name) | | Security | Security Activities on the computer "COMPUTER01.contoso.com" for account "Administrator" (replace with your own computer and account names) | | Security | Logon Activity by Computer | | Security | Logon Activity by Computer Where More than 10 logons have happened | | Security | Accounts who terminated Microsoft antimalware ("MsMpEng.exe") on any computer | | Security | Computers where the Microsoft antimalware process ("MsMpEng.exe") was terminated | | Security | Computers where "hash.exe" was executed (replace with different process name) more than 5 times | | Security | All Process names that were executed | | Security | Computers whose security log was cleared | | Security | Logon Activity by Account | | Security | Logon Activity by Account for accounts who only logged on less than 5 times | | Security | Accounts who remotely logged on the computer "Computer01.contoso.com" (replace with your own computer name) | | Security Critical Notable Issues | Distinct malicious IP addresses accessed | | Security Critical Notable Issues | Computers with detected threats | | Security Critical Notable Issues | Computers missing security updates | | Security Critical Notable Issues | Computer with guest account logons | | Security Critical Notable Issues | High priority Active Directory assessment security recommendations | | Security Critical Notable Issues | High priority SQL assessment security recommendations | | Security Warning Notable Issues | Members added To security-enabled groups | | Security Warning Notable Issues | Domain security policy changes | | Security Warning Notable Issues | Computers with system audit policy changes | | Security Warning Notable Issues | Suspicious executables | | Security Warning Notable Issues | Computers with insufficient protection | | Security Warning Notable Issues | Computers missing critical updates | | Security Warning Notable Issues | Logons with a clear text password | | Security Warning Notable Issues | Low priority AD assessment security recommendations | | Security Warning Notable Issues | Low priority SQL assessment security recommendations | | Security Info Notable Issues | Computers with cleaned event logs | | Security Info Notable Issues | Accounts failed to log on | | Security Info Notable Issues | Loading or Unloading of Kernel modules (Linux) | | Security Info Notable Issues | Distinct paths of Executed Commands (Linux) | | Security Info Notable Issues | Accounts failed to login (Linux) | | Security Info Notable Issues | Executed Commands (Linux) | | Security Info Notable Issues | Locked accounts | | Security Info Notable Issues | Change or reset passwords attempts | | Security Info Notable Issues | Security groups created or modified | | Security Info Notable Issues | Remote procedure call(RPC) attempts | | Security Info Notable Issues | User accounts created or enabled | | Security Info Notable Issues | Computers with users added to a Linux group | | Security Info Notable Issues | Computers with new Linux group created | | Security Info Notable Issues | Computers with failed Linux user password change | | Security Info Notable Issues | Computers with failed ssh logons | | Security Info Notable Issues | Computers with failed su logons | | Security Info Notable Issues | Computers with failed sudo logons | | Security Info Notable Issues | Distinct clients resolving malicious domains | | Log Management | All Events | | Log Management | Count of Events containing the word "started" grouped by EventID | | Log Management | Count of Events grouped by Event Log | | Log Management | Count of Events grouped by Event Source | | Log Management | Count of Events grouped by Event ID | | Log Management | All Events with level "Warning" | | Log Management | Count of Events with level "Warning" grouped by Event ID | | Log Management | How many connections to Operations Manager's SDK service by day | | Log Management | Events in the Operations Manager Event Log whose Event ID is in the range between 2000 and 3000 | | Log Management | When did my servers initiate restart? | | Log Management | Windows Firewall Policy settings have changed | | Log Management | On which machines and how many times have Windows Firewall Policy settings changed | | Log Management | All IIS Log Entries | | Log Management | Shows breakdown of response codes | | Log Management | Find the maximum time taken for each page | | Log Management | Shows which pages people are getting a 404 for | | Log Management | Average HTTP Request time by HTTP Method | | Log Management | Shows servers that are throwing internal server error | | Log Management | Count of IIS Log Entries by HTTP Request Method | | Log Management | Count of IIS Log Entries by HTTP User Agent | | Log Management | Count of IIS Log Entries by Client IP Address | | Log Management | IIS Log Entries for a specific client IP Address (replace with your own) | | Log Management | Count of IIS Log Entries by URL requested by client (without query strings) | | Log Management | Count of IIS Log Entries by Host requested by client | | Log Management | Count of IIS Log Entries by URL for the host "www.contoso.com" (replace with your own) | | Log Management | Total Bytes sent by Client IP Address | | Log Management | Total Bytes received by each Azure Role Instance | | Log Management | Total Bytes received by each IIS Computer | | Log Management | Total Bytes responded back to clients by each IIS ServerIP Address | | Log Management | Total Bytes responded back to clients by Client IP Address | | Log Management | Average HTTP Request time by Client IP Address | | Log Management | All Syslogs | | Log Management | All Syslog Records with Errors | | Log Management | All Syslog Records grouped by Facility | | Log Management | All Syslog Records grouped by ProcessName | | General Exploration | Which Management Group is generating the most data points? | | General Exploration | Distribution of data Types | | General Exploration | All Computers with their most recent data | | General Exploration | Stale Computers (data older than 24 hours) | | Alert Management | Critical alerts raised during the past 24 hours | | Alert Management | Warning alerts raised during the past 24 hours | | Alert Management | Sources with active alerts raised during the past 24 hours | | Alert Management | Critical alerts raised during the past 24 hours which are still active | | Alert Management | Alerts raised during the past 24 hours which are now closed | | Alert Management | Alerts raised during the past 1 day grouped by their severity | | Alert Management | Alerts raised during the past 1 day sorted by their repeat count value | | Alert Management | Alerts raised by Nagios Servers | | Alert Management | Alerts raised by Zabbix Server | | UpdateCompliance | Update deployment failures | | UpdateCompliance | Devices pending reboot to complete update | | UpdateCompliance | OS Servicing branch distribution for the devices | | UpdateCompliance | OS Edition distribution for the devices | | UpdateCompliance | Deferral configurations for Feature Update | | UpdateCompliance | Pause configurations for Feature Update | | UpdateCompliance | Deferral configurations for Quality Update | | UpdateCompliance | Pause configurations for Quality Update | | UpdateCompliance | Devices not assessed for Defender AV |Many queries like the one highlighted in the list below are missing from the output of the cmdlet.
The list from the Azure Portal
Environment data
| Name | Value | |---------------------------|------------------------------| | OS | Microsoft Windows 10.0.19043 | | PSVersion | 7.1.3 | | WSManStackVersion | 3.0 | | PSCompatibleVersions | {1.0, 2.0, 3.0, 4.0…} | | PSRemotingProtocolVersion | 2.3 | | PSEdition | Core | | SerializationVersion | 1.1.0.1 | | GitCommitId | 7.1.3 | | Platform | Win32NT |Get-Module -ListAvailable Az.operationalinsights|Select-Object ModuleType,Version,CompatiblePSEditions,Name
| ModuleType | Version | CompatiblePSEditions | Name | |------------|---------|--------------------------------------------------|------------------------------| | Script| 2.3.0 | {Core, Desktop}| Az.OperationalInsights |Document Details