< Back
New-OMSSavedSearch
Post
NAME New-OMSSavedSearch
SYNOPSIS
Creates new saved search in OMS workspace.
SYNTAX
New-OMSSavedSearch [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String> [-OMSWorkspaceName]
<String> [-QueryName] <String> [-Query] <String> [-Category] <String> [[-APIVersion] <String>] [-WhatIf]
[-Confirm] [<CommonParameters>]
New-OMSSavedSearch [-Token] <String> [-OMSConnection] <Object> [-QueryName] <String> [-Query] <String> [-Category]
<String> [[-APIVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Creates new saved search in OMS workspace.
PARAMETERS
-Token <String>
Token aquired from Get-AADToken cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSConnection <Object>
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SubscriptionID <String>
Azure Subscription ID where the OMS workspace
is located.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceGroupName <String>
Azure Resource Group Name where the OMS
workspace is located.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSWorkspaceName <String>
Name of the OMS workspace.
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-QueryName <String>
Query name for the saved search.
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Query <String>
Query to be saved in OMS.
Example: * EventID=406
Required? true
Position? 6
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Category <String>
Category of the saved search.
Required? true
Position? 7
Default value
Accept pipeline input? false
Accept wildcard characters? false
-APIVersion <String>
Api version for microsoft.operationalinsights
Azure Resource provider.
Required? false
Position? 8
Default value 2015-03-20
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
No Output.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName
$OMSWorkspace -Query $Query -QueryName 'Restarted Servers' -Category 'Windows Server' -Token $Token -APIVersion
'2015-03-20'
Description
-----------
Creates new saved search query
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>New-OMSSavedSearch -OMSConnection $OMSCon -Query $Query -QueryName 'Restarted Servers' -Category 'Windows
Server' -Token $Token
Description
-----------
Creates new saved search query by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
RELATED LINKS
SYNOPSIS
Creates new saved search in OMS workspace.
SYNTAX
New-OMSSavedSearch [-Token] <String> [-SubscriptionID] <String> [-ResourceGroupName] <String> [-OMSWorkspaceName]
<String> [-QueryName] <String> [-Query] <String> [-Category] <String> [[-APIVersion] <String>] [-WhatIf]
[-Confirm] [<CommonParameters>]
New-OMSSavedSearch [-Token] <String> [-OMSConnection] <Object> [-QueryName] <String> [-Query] <String> [-Category]
<String> [[-APIVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Creates new saved search in OMS workspace.
PARAMETERS
-Token <String>
Token aquired from Get-AADToken cmdlet.
Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSConnection <Object>
Object that contains all needed parameters for working
with OMSSearch Module. You can create such object in
OMS Automation as connection asset.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SubscriptionID <String>
Azure Subscription ID where the OMS workspace
is located.
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourceGroupName <String>
Azure Resource Group Name where the OMS
workspace is located.
Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-OMSWorkspaceName <String>
Name of the OMS workspace.
Required? true
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-QueryName <String>
Query name for the saved search.
Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Query <String>
Query to be saved in OMS.
Example: * EventID=406
Required? true
Position? 6
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Category <String>
Category of the saved search.
Required? true
Position? 7
Default value
Accept pipeline input? false
Accept wildcard characters? false
-APIVersion <String>
Api version for microsoft.operationalinsights
Azure Resource provider.
Required? false
Position? 8
Default value 2015-03-20
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
No Output.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-OMSSavedSearch -SubscriptionID $subscriptionId -ResourceGroupName $ResourceGroupName -OMSWorkspaceName
$OMSWorkspace -Query $Query -QueryName 'Restarted Servers' -Category 'Windows Server' -Token $Token -APIVersion
'2015-03-20'
Description
-----------
Creates new saved search query
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$subscriptionId = "3c1d68a5-4064-4522-94e4-e0378165555e"
$ResourceGroupName = "oi-default-east-us"
$OMSWorkspace = "Test"
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>New-OMSSavedSearch -OMSConnection $OMSCon -Query $Query -QueryName 'Restarted Servers' -Category 'Windows
Server' -Token $Token
Description
-----------
Creates new saved search query by using information from asset of type connection in OMS Automation
Uses specific version of Operational Insights API
Example Variables
-----------------
$OMSCon = Get-AutomationConnection -Name 'OMSCon'
$Token = Get-AADToken -OMSConnection $OMSCon
$Query = "shutdown Type=Event EventLog=System Source=User32 EventID=1074 | Select TimeGenerated,Computer"
RELATED LINKS