Question 215170 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – is it possible to get the ingestion volume of a log analytics workspace using powershell or any programming language?

I am getting a summary of our log analytics workspaces in the company, this includes the tables that are being used in each workspace, as well as other data such as the ingestion volume.

The closest thing to "get" this is to use this command in PowerShell

Get-AzOperationalInsightsWorkspaceUsage -ResourceGroupName "RG_name" -Name "WS_name"

And it shows me this info:

Id            : DataAnalyzed
CurrentValue  : 0
Unit          : Bytes
Limit         : -1
NextResetTime : 7/24/2023 8:00:00 AM
QuotaPeriod   : 1.00:00:00

Which is not enough, I am looking for this:

image with the data I am looking to get through powershell or any other language

I searched for anything similar but didn’t find anything else. Hope there is a solution that I am missing.

Tags:

2

Answers


  1. 0

    You can get this using the REST API. The call you want to make is to Workspace Usages, which will show you your usage in bytes.

    https://learn.microsoft.com/en-us/rest/api/loganalytics/workspace-usages/list?tabs=HTTP#workspacelistusagesresult

    You can call REST API’s directly from powershell using Invoke-RestMethod. It is a twostep process. First, you need to make a REST call to authenticate, then you can make your subsequent REST calls using the token you received during the auth call. Steps are fully documented here (the example here shows how you can extract the token from Powershell Context):

    https://learn.microsoft.com/en-us/azure/governance/resource-graph/first-query-rest-api

    Login or Signup to reply.
  2. 0

    Assuming you will be using your user account to query the Log Analytics Rest API and you have access to the Az Module plus Reader roles over the target Log Analytics Workspace, this is how you can get the ingestion volume by querying the Usage table.

    # connect impersonating user
Connect-AzAccount
# the GUID of the LAW goes here
$workspaceId = 'xxxxx-xxxxx-xxxxx...'
$resource = 'https://api.loganalytics.io'
# get a token with permissions to query the LAW API
$token = Get-AzAccessToken -ResourceUrl $resource

$invokeRestMethodSplat = @{
    Headers     = @{
        Authorization = '{0} {1}' -f $token.Type, $token.Token
    }
    Uri         = '{0}/v1/workspaces/{1}/query' -f $resource, $workspaceId
    ContentType = 'application/json'
    Method      = 'Post'
    Body        = @{
        query = '
        Usage
        | where TimeGenerated > ago(24h)
        | summarize ["TotalIngestionVolume(GB)"] = sum(Quantity) / 1024.0 by DataType
        | order by ["TotalIngestionVolume(GB)"]
        '
    } | ConvertTo-Json
}
$response = Invoke-RestMethod @invokeRestMethodSplat

    Up to this point in $response you would have the ingestion volume per table in your Log Analytics Workspace, problem is the response from this API is really bad so you have to enumerate the columns and rows to get objects out of it like so:

    $columns = @($response.tables.columns.name)
$count = $columns.Count
$result = [ordered]@{}

foreach ($row in $response.tables.rows) {
    for ($i = 0; $i -lt $count; $i++) {
        $result[$columns[$i]] = $row[$i]
    }
 
    [pscustomobject] $result
    $result.Clear()
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search