< Back
Get-AzureRmOperationalInsightsSearchResults
Post
NAME Get-AzureRmOperationalInsightsSearchResults
SYNOPSIS
Returns search results based on the specified parameters.
SYNTAX
Get-AzureRmOperationalInsightsSearchResults [-ResourceGroupName] <String> [-WorkspaceName] <String> [[-Top] <Int64>] [[-PreHighlight] <String>]
[[-PostHighlight] <String>] [[-Query] <String>] [[-Start] <DateTime>] [[-End] <DateTime>] [[-Id] <String>] [-DefaultProfile
<IAzureContextContainer>] [<CommonParameters>]
DESCRIPTION
The Get-AzureRmOperationalInsightsSearchResults cmdlet returns the search results based on the specified parameters.
You can access the status of the search in the Metadata property of the returned object. If the status is Pending, then the search has not
completed, and the results will be from the archive.
You can retrieve the results of the search from the Value property of the returned object.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-End <DateTime>
End of the queried time range.
Required? false
Position? 7
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Id <String>
If an id is given, the search results for that id will be retrieved using the original query parameters.
Required? false
Position? 8
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PostHighlight <String>
Required? false
Position? 4
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PreHighlight <String>
Required? false
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Query <String>
The search query that will be executed.
Required? false
Position? 5
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ResourceGroupName <String>
The name of the resource group that contains the workspace.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Start <DateTime>
Start of the queried time range.
Required? false
Position? 6
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Top <Int64>
The maximum number of results to be returned, limited to 5000.
Required? false
Position? 2
Default value 10
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-WorkspaceName <String>
Specifies a workspace name.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
PSSearchGetSearchResultsResponse
The PSSearchGetSearchResultsResponse object includes a Value property that includes the records returned from the search in JSON format and a
metadata object that includes information about the results of the search.
NOTES
Example 1: Get search results using a query
PS C:\\>Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName "ContosoResourceGroup" -WorkspaceName "ContosoWorkspace" -Query "Type=Event"
-Top 100
This command gets all search results by using a query.
Example 2: Get search results using an ID
PS C:\\>Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName "ContosoResourceGroup" -WorkspaceName "ContosoWorkspace" -Id
"ContosoSearchId"
This command gets search results by using an ID.
Example 3: Wait for a search to complete before displaying results
PS C:\\>$error.clear()
$response = @{}
$StartTime = Get-Date
$resGroup = "ContosoResourceGroup"
$wrkspace = "ContosoWorkspace"
# Sample Query
$query = "Type=Event"
# Get Initial response
$response = Get-AzureRmOperationalInsightsSearchResults -WorkspaceName $wrkspace -ResourceGroupName $resGroup -Query $query -Top 15000
$elapsedTime = $(get-date) - $script:StartTime
Write-Host "Elapsed: " $elapsedTime "Status: " $response.Metadata.Status
# Split and extract request Id
$reqIdParts = $response.Id.Split("/")
$reqId = $reqIdParts[$reqIdParts.Count -1]
# Poll if pending
while($response.Metadata.Status -eq "Pending" -and $error.Count -eq 0) {
$response = Get-AzureRmOperationalInsightsSearchResults -WorkspaceName $wrkspace -ResourceGroupName $resGroup -Id $reqId
$elapsedTime = $(get-date) - $script:StartTime
Write-Host "Elapsed: " $elapsedTime "Status: " $response.Metadata.Status
}
Write-Host "Returned " $response.Value.Count " documents"
Write-Host $error
This script starts a search and waits until it completes before displaying the results.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... rchresults
Get-AzureRmOperationalInsightsSavedSearchResults
SYNOPSIS
Returns search results based on the specified parameters.
SYNTAX
Get-AzureRmOperationalInsightsSearchResults [-ResourceGroupName] <String> [-WorkspaceName] <String> [[-Top] <Int64>] [[-PreHighlight] <String>]
[[-PostHighlight] <String>] [[-Query] <String>] [[-Start] <DateTime>] [[-End] <DateTime>] [[-Id] <String>] [-DefaultProfile
<IAzureContextContainer>] [<CommonParameters>]
DESCRIPTION
The Get-AzureRmOperationalInsightsSearchResults cmdlet returns the search results based on the specified parameters.
You can access the status of the search in the Metadata property of the returned object. If the status is Pending, then the search has not
completed, and the results will be from the archive.
You can retrieve the results of the search from the Value property of the returned object.
PARAMETERS
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-End <DateTime>
End of the queried time range.
Required? false
Position? 7
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Id <String>
If an id is given, the search results for that id will be retrieved using the original query parameters.
Required? false
Position? 8
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PostHighlight <String>
Required? false
Position? 4
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PreHighlight <String>
Required? false
Position? 3
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Query <String>
The search query that will be executed.
Required? false
Position? 5
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ResourceGroupName <String>
The name of the resource group that contains the workspace.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Start <DateTime>
Start of the queried time range.
Required? false
Position? 6
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Top <Int64>
The maximum number of results to be returned, limited to 5000.
Required? false
Position? 2
Default value 10
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-WorkspaceName <String>
Specifies a workspace name.
Required? true
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
PSSearchGetSearchResultsResponse
The PSSearchGetSearchResultsResponse object includes a Value property that includes the records returned from the search in JSON format and a
metadata object that includes information about the results of the search.
NOTES
Example 1: Get search results using a query
PS C:\\>Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName "ContosoResourceGroup" -WorkspaceName "ContosoWorkspace" -Query "Type=Event"
-Top 100
This command gets all search results by using a query.
Example 2: Get search results using an ID
PS C:\\>Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName "ContosoResourceGroup" -WorkspaceName "ContosoWorkspace" -Id
"ContosoSearchId"
This command gets search results by using an ID.
Example 3: Wait for a search to complete before displaying results
PS C:\\>$error.clear()
$response = @{}
$StartTime = Get-Date
$resGroup = "ContosoResourceGroup"
$wrkspace = "ContosoWorkspace"
# Sample Query
$query = "Type=Event"
# Get Initial response
$response = Get-AzureRmOperationalInsightsSearchResults -WorkspaceName $wrkspace -ResourceGroupName $resGroup -Query $query -Top 15000
$elapsedTime = $(get-date) - $script:StartTime
Write-Host "Elapsed: " $elapsedTime "Status: " $response.Metadata.Status
# Split and extract request Id
$reqIdParts = $response.Id.Split("/")
$reqId = $reqIdParts[$reqIdParts.Count -1]
# Poll if pending
while($response.Metadata.Status -eq "Pending" -and $error.Count -eq 0) {
$response = Get-AzureRmOperationalInsightsSearchResults -WorkspaceName $wrkspace -ResourceGroupName $resGroup -Id $reqId
$elapsedTime = $(get-date) - $script:StartTime
Write-Host "Elapsed: " $elapsedTime "Status: " $response.Metadata.Status
}
Write-Host "Returned " $response.Value.Count " documents"
Write-Host $error
This script starts a search and waits until it completes before displaying the results.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... rchresults
Get-AzureRmOperationalInsightsSavedSearchResults