Querying Azure Log Analytics with PowerShell

I have used the Azure portal to query log analytics in the past, usually typing in a query then pressing “run”. I may have even used the export option to save a csv of the results. Typically, the portal restricts you to 10k worth of records in a single query bu suddenly I had the need to extract more data and on a rolling basis. Clearly, the portal wasn’t going to cut it for me.

I was about to start writing some code to hit the web api when I thought, ‘I wonder if PowerShell could help here?’ Of course the answer was yes, there’s a cmdlet for that. All you need is an authenticated session, the workspace id which you get from the analytics blade in the portal, and away you go.


# Make sure you are authenticated with 
# Connect-AzureRmAccount


[string]$WorkspaceID = 'guid from analytics blade in portal.azure.com'

$Query = @'

search "Hello World"
| order by TimeGenerated desc
| project RenderedDescription 

'@

$Results = Invoke-AzureRmOperationalInsightsQuery -WorkspaceId $WorkspaceID -Query $Query

$Results.Results | Export-Csv -Path "HelloWorldInTheLogs.csv"


Anything that works in the interactive query runner will work in code. Aside from this one off use, I can see this being useful for pre- and post-deployment monitoring to check for errors when services start up.