< Back
Invoke-OMSSearchQuery
Post
NAME Invoke-OMSSearchQuery
SYNOPSIS
Executes Search Query against OMS
SYNTAX
Invoke-OMSSearchQuery [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String>
[-OMSWorkspaceName] <String> [-Query] <String> [[-Top] <Int32>] [[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-OMSConnection] <Object> [-Query] <String> [[-Top] <Int32>] [-Start]
<String> [-End] <String> [[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-OMSConnection] <Object> [-Query] <String> [[-Top] <Int32>]
[[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String>
[-OMSWorkspaceName] <String> [-Query] <String> [[-Top] <Int32>] [-Start] <String> [-End] <String> [[-APIVersion]
<String>] [<CommonParameters>]
DESCRIPTION
Executes Search Query against OMS
PARAMETERS
-Token <String>
Token aquired from Get-AADToken cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSConnection <Object>
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SubscriptionID <String>
Azure Subscription ID where the OMS workspace
is located.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceGroupName <String>
Azure Resource Group Name where the OMS
workspace is located.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSWorkspaceName <String>
Name of the OMS workspace.
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Query <String>
Query to be executed against OMS API.
Example: * EventID=406
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Top <Int32>
Maximum number of restults to be returned
from the query. If not specified 10 results
will be returned.
Example: 200
Required? false
Position? 6
Default value 10
Accept pipeline input? false
Accept wildcard characters? false
-Start <String>
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T08:33:55.864Z
Required? true
Position? 7
Default value
Accept pipeline input? false
Accept wildcard characters? false
-End <String>
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T14:34:16.953Z
Required? true
Position? 8
Default value
Accept pipeline input? false
Accept wildcard characters? false
-APIVersion <String>
Api version for microsoft.operationalinsights
Azure Resource provider.
Required? false
Position? 9
Default value 2015-03-20
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
System.Object. Returns array of objects. Each object
is result from the query executed. Properties of each
object depend on the type of data returned.
For example result from Perf Type can look like this:
Key Value
--- -----
Computer CENTOS7
ObjectName Processor
CounterName % Processor Time
InstanceName _Total
Min 0,0
Max 1,0
SampleCount 45
TimeGenerated 2016-01-11T21:13:52Z
BucketStartTime 2016-01-11T21:05:39Z
BucketEndTime 2016-01-11T21:13:52Z
SourceSystem OpsManager
CounterPath \\\\CENTOS7\\Processor(_Total)\\% Processor Time
StandardDeviation 0,339934634239519
MG 00000000-0000-0000-0000-000000000002
id 8530a411-23bd-e980-04ae-b5dc6fffa365
Type Perf
CounterValue 0,866666666666667
__metadata {[Type, Perf], [TimeGenerated, 2016-01-11T21:13:52Z]}
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
-APIVersion '2015-03-20'
Description
-----------
Executes query against OMS
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token
Description
-----------
Executes query against OMS
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes query against OMS
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start
$StartTime -End $EndTime -APIVersion '2015-03-20'
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start
$StartTime -End $EndTime
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
RELATED LINKS
SYNOPSIS
Executes Search Query against OMS
SYNTAX
Invoke-OMSSearchQuery [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String>
[-OMSWorkspaceName] <String> [-Query] <String> [[-Top] <Int32>] [[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-OMSConnection] <Object> [-Query] <String> [[-Top] <Int32>] [-Start]
<String> [-End] <String> [[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-OMSConnection] <Object> [-Query] <String> [[-Top] <Int32>]
[[-APIVersion] <String>] [<CommonParameters>]
Invoke-OMSSearchQuery [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String>
[-OMSWorkspaceName] <String> [-Query] <String> [[-Top] <Int32>] [-Start] <String> [-End] <String> [[-APIVersion]
<String>] [<CommonParameters>]
DESCRIPTION
Executes Search Query against OMS
PARAMETERS
-Token <String>
Token aquired from Get-AADToken cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSConnection <Object>
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SubscriptionID <String>
Azure Subscription ID where the OMS workspace
is located.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceGroupName <String>
Azure Resource Group Name where the OMS
workspace is located.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSWorkspaceName <String>
Name of the OMS workspace.
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Query <String>
Query to be executed against OMS API.
Example: * EventID=406
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Top <Int32>
Maximum number of restults to be returned
from the query. If not specified 10 results
will be returned.
Example: 200
Required? false
Position? 6
Default value 10
Accept pipeline input? false
Accept wildcard characters? false
-Start <String>
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T08:33:55.864Z
Required? true
Position? 7
Default value
Accept pipeline input? false
Accept wildcard characters? false
-End <String>
Date/Time string in format yyyy-MM-ddTHH:mm:ss.fffZ
Start and End paramteres specify the interval for
which the query should return results.
Example: 2016-01-17T14:34:16.953Z
Required? true
Position? 8
Default value
Accept pipeline input? false
Accept wildcard characters? false
-APIVersion <String>
Api version for microsoft.operationalinsights
Azure Resource provider.
Required? false
Position? 9
Default value 2015-03-20
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
System.Object. Returns array of objects. Each object
is result from the query executed. Properties of each
object depend on the type of data returned.
For example result from Perf Type can look like this:
Key Value
--- -----
Computer CENTOS7
ObjectName Processor
CounterName % Processor Time
InstanceName _Total
Min 0,0
Max 1,0
SampleCount 45
TimeGenerated 2016-01-11T21:13:52Z
BucketStartTime 2016-01-11T21:05:39Z
BucketEndTime 2016-01-11T21:13:52Z
SourceSystem OpsManager
CounterPath \\\\CENTOS7\\Processor(_Total)\\% Processor Time
StandardDeviation 0,339934634239519
MG 00000000-0000-0000-0000-000000000002
id 8530a411-23bd-e980-04ae-b5dc6fffa365
Type Perf
CounterValue 0,866666666666667
__metadata {[Type, Perf], [TimeGenerated, 2016-01-11T21:13:52Z]}
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
-APIVersion '2015-03-20'
Description
-----------
Executes query against OMS
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token
Description
-----------
Executes query against OMS
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Invoke-OMSSearchQuery -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName
-OMSWorkspaceName $OMSWorkspace -Query $Query -Token $Token -Top $NumberOfResults -Start $StartTime -End $EndTime
Description
-----------
Executes query against OMS
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start
$StartTime -End $EndTime -APIVersion '2015-03-20'
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Invoke-OMSSearchQuery -OMSConnection $OMSCon -Query $Query -Token $Token -Top $NumberOfResults -Start
$StartTime -End $EndTime
Description
-----------
Executes query against OMS by using information from asset of type connection in OMS Automation
Specify End and Start date as well as maximum number of returned reuslts
Returns results from the query
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
$NumberOfResults = 150
$StartTime = (((get-date)).AddHours(-6).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$EndTime = ((get-date).ToUniversalTime()).ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
RELATED LINKS