Public/Send-LogAnalyticsData.ps1
|
Function New-LogSignature { <# .SYNOPSIS This function will generate a signature for use with the Azure Log Analytics HTTP Data Collector API. .DESCRIPTION This function will generate a signature for use with the Azure Log Analytics HTTP Data Collector API. .PARAMETER customerId The Workspace ID (a.k.a. Customer ID) of the Log Analytics workspace. .PARAMETER sharedKey The Primary or Secondary key of the Log Analytics workspace. .PARAMETER date The date and time of the request in RFC1123 format. .PARAMETER contentLength The length of the request body. .PARAMETER method The HTTP method of the request. .PARAMETER contentType The content type of the request body. .PARAMETER resource The resource path of the request. .EXAMPLE $signature = New-LogSignature ` -customerId "00000000-0000-0000-0000-000000000000" ` -sharedKey "E45F234s~dgWE1" ` -date "Wed, 01 Jan 2020 00:00:00 GMT" ` -contentLength 100 ` -method "POST" ` -contentType "application/json" ` -resource "/api/logs" #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions')] param( $customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource ) $xHeaders = "x-ms-date:" + $date $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash) $keyBytes = [Convert]::FromBase64String($sharedKey) $sha256 = New-Object System.Security.Cryptography.HMACSHA256 $sha256.Key = $keyBytes $calculatedHash = $sha256.ComputeHash($bytesToHash) $encodedHash = [Convert]::ToBase64String($calculatedHash) $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash return $authorization } Function Send-LogAnalyticsData { <# .SYNOPSIS This is a small module that will take a JSON object and send it to Azure Log Analytics using the HTTP Data Collector API. .DESCRIPTION Send data to Azure Log Analytics using the HTTP Data Collector API. Data MUST be in JSON format. .PARAMETER customerId The Workspace ID (a.k.a. Customer ID) of the Log Analytics workspace. .PARAMETER sharedKey The Primary or Secondary key of the Log Analytics workspace. .PARAMETER body The JSON object to send to Log Analytics. .PARAMETER logType The name of the Log Analytics custom log that will receive the data. .EXAMPLE $body = @{ "EventID" = 1000 "EventName" = "Test Event" } | ConvertTo-Json Send-LogAnalyticsData -customerId "00000000-0000-0000-0000-000000000000" -sharedKey "E45F234s~dgWE1" -body $body -logType "TestLog" #> [CmdletBinding()] param( $customerId, $sharedKey, $body, $logType ) $method = "POST" $contentType = "application/json" $resource = "/api/logs" $rfc1123date = [DateTime]::UtcNow.ToString("r") $contentLength = $body.Length $signature = New-LogSignature ` -customerId $customerId ` -sharedKey $sharedKey ` -date $rfc1123date ` -contentLength $contentLength ` -method $method ` -contentType $contentType ` -resource $resource $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01" $headers = @{ "Authorization" = $signature; "Log-Type" = $logType; "x-ms-date" = $rfc1123date; "time-generated-field" = $TimeStampField; } $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing return $response.StatusCode } Export-ModuleMember -Function Send-LogAnalyticsData, New-LogSignature |