I'm trying to use azure graph with kusto query to get the agent version of a vm.
With REST API, we can do "/instanceView" to get vmAgent.vmAgentVersion
but with Azure Resource Graph explorer, the instanceView is limited to "PowerState".
I didn't find any way to have that information with kusto. Any suggestions ?
resources
| where type == "microsoft.compute/virtualmachines"
Using Azure Resource Graph explorer, you will get:
resources
| project properties,
type
| where type == "microsoft.compute/virtualmachines"
Output:
instanceView": {
"hyperVGeneration": "V1",
"computerName": "ceuubfcv",
"powerState": {
"displayStatus": "VM running",
"code": "PowerState/running",
"level": "Info"
},
"osVersion": "18.04",
"osName": "ubuntu"
}
},
"vmId": "76vvgtchiufd4e"
}
Alternatively, you can use below PowerShell command to get vm version agent and I followed Microsoft-Document and #Rakhesh sasidharan's Blog:
$vio = (Invoke-AzRestMethod -Path ('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Compute/virtualMachines/{2}/instanceView?api-version=2021-11-01' -f "XX","YY","ZZ") -Method 'GET' | Select-Object -ExpandProperty Content | ConvertFrom-Json)
$vio
$vio.vmAgent
XX-Subscription ID
YY-Resourcegroup
ZZ- Name Of VM
Using KQL, I found below query you can get agent id and some details of vm:
VMComputer
So you can use Rest api , resource graph and powershell to get details of Vm. Using KQL all the details are not retrieved AFAIK.
Related
I am doing auto-shutdown for VM using ARM template with .Net core Now I want to show dropdown for time zone which azure portal show based on VM deployed in which Region .
I am attaching screenshot.
The REST API endpoint
https://management.azure.com/subscriptions/{yourSubscriptionId}/resourceGroups/{yourResourceGroup}/providers/Microsoft.Compute/virtualMachines/{yourVMName}?$expand=instanceView&api-version=2020-12-01
should return something including:
"osProfile": {
"computerName": "computername",
"adminUsername": "adminusername",
"windowsConfiguration": {
"provisionVMAgent": true,
"enableAutomaticUpdates": true,
"patchSettings": {
"patchMode": "AutomaticByOS"
}
},
Now, you don't see timeZone there - the REST API documentation says it should be under windowsConfiguration. I'm speculating that it may be missing because I haven't changed anything, and that it is defaulting.
You can also run
$vm = Get-AzVM -Name {vmName}
$vm.OSProfile.WindowsConfiguration
Hi everyone please help me . I want to get available location based on my existing virtual machine configuration using azure rest api.
You can get the location where your VM exists from the Virtual Machines - Get API.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}?api-version=2020-12-01
Sample response:
{
"name": "MyVM",
"id": "/subscriptions/***/resourceGroups/***/providers/Microsoft.Compute/virtualMachines/MyVM",
"type": "Microsoft.Compute/virtualMachines",
"location": "centralus",
"tags": {
...
},
"properties": {
...
},
...
}
Web: This page lists the availability of Azure Virtual Machines by region: Products available by region
REST API: The collection of locations where a certain resource type can be created can be fetched from the Providers - List API from ProviderResourceType property in the response.
PowerShell: An easier alternative is to use the following command to get the supported locations for Azure VMs:
((Get-AzResourceProvider -ProviderNamespace Microsoft.Compute).ResourceTypes | Where-Object ResourceTypeName -eq virtualMachines).Locations
Note that some services or VM features are only available in certain regions, such as specific VM sizes. To determine which SKUs are available in a region/zone, use the Get-AzComputeResourceSku cmdlet (or Resource Skus - List REST API). Filter the results by location.
Get-AzComputeResourceSku | where {$_.ResourceType.Contains("virtualMachines")}
Another great option you may want to explore to move Azure resources between Azure regions is the Azure Resource Mover service. Resource Mover provides a simple and consistent experience with reduced move time and complexity. Checkout this tutorial to move Azure VMs across regions.
what I'm trying to is to enable VM Diagnostic extension to send Event logs (Application [1,2,3], Security [all], System [1,2,3]) to one unified storage account (let's call logs storage) where WADWindowsEventLogsTable is supposed to be created.
different scenarios I'm trying to implement :
VM is in the same resource group where logs storage is.
The result : works
VM in a different resource group where logs storage is.
The result : works
VM in a different subscription
The result : the extension will be enabled. However, when go to Agent tab, I'll get the error message "the value must not be empty" under Storage account section
agent tab, storage account section error
Environment
Windows
Powershell 7.0.2
DiagnosticsConfiguration.json
{
"PublicConfig": {
"WadCfg": {
"DiagnosticMonitorConfiguration": {
"overallQuotaInMB": 5120,
"WindowsEventLog": {
"scheduledTransferPeriod": "PT1M",
"DataSource": [
{
"name": "Application!*[System[(Level=1 or Level=2 or Level=3 or Level=4)]]"
},
{
"name": "Security!*"
},
{
"name": "System!*[System[(Level=1 or Level=2 or Level=3 or Level=4)]]"
}
]
}
}
},
"StorageAccount": "logsstorage",
"StorageType": "TableAndBlob"
},
"PrivateConfig": {
"storageAccountName": "logsstorage",
"storageAccountKey": "xxxxxxx",
"storageAccountEndPoint": "https://logsstorage.blob.core.windows.net"
}
}
Powershell commands :
Set-AzVMDiagnosticsExtension -ResourceGroupName "myvmresourcegroup" -VMName "myvm" -DiagnosticsConfigurationPath "DiagnosticsConfiguration.json"
I even tried to explicitly specifying account name and key as :
$storage_key = "xxxxxx"
Set-AzVMDiagnosticsExtension -ResourceGroupName "myvmresourcegroup" -VMName "myvm" -DiagnosticsConfigurationPath "DiagnosticsConfiguration.json" -StorageAccountName "logsstroage" -StorageAccountKey $storage_key
I've spent a lot of time trying to figure out the issue without luck.
The real issue here is that the extension doesn't create the expected table WADWindowsEventLogsTable (or write to it if it's already exist)
According to the official documentation I should be able to do this, example 3 :
https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmdiagnosticsextension?view=azps-4.3.0
I've submitted an issue with the team on GitHub and gave more details, but still waiting for their input
https://github.com/Azure/azure-powershell/issues/12259
This is because the storage account "logsstorage" you specify is in another subscription.
You should have selected a different subscription to enable VM Diagnostic extension. So you also need to modify your DiagnosticsConfiguration.json file and specify a storage account which is in the current subscription.
I managed to get this fixed with some help from Microsoft engineer.
I've detailed the answer in this GitHub issue :
Set-AzVMDiagnosticsExtension doesn't seem working properly across subscriptions
The answer :
I managed to get this work, thanks for the help from #prernavashistha from Microsoft support it turned out there's some inconsistency in the documentations.
According to the documentation here :
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostics-extension-windows-install#powershell-deployment
In PrivateConfig I should pass the storage URI to "storageAccountEndPoint" key :
"PrivateConfig": {
"storageAccountEndPoint": "https://logsstorage.blob.core.windows.net"}
However, according to another documentation reference :
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/diagnostics-extension-schema-windows#json
I should pass the Azure storage endpoint :
"PrivateConfig": {
"storageAccountEndPoint": "https://core.windows.net"}
I can confirm that using Azure storage endpoint resolved the issue, and I can enable the extension across subscriptions, and I can see logs being written to the correct table as expected.
Thanks
I am trying to deploy an ARM template using the Azure DevOps release pipeline. Azure KeyVault is one of the resources in the template. the deployment is successful when I use the Powershell script. however, when Azure DevOps Release pipeline is used, deployment fails with error "Bad JSON content found in the request"
The key vault resource definition is as below.
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2018-02-14",
"name": "[parameters('keyVaultName')]",
"location": "[parameters('location')]",
"tags": {
"displayName": "KeyVault"
},
"properties": {
"enabledForDeployment": "[parameters('enabledForDeployment')]",
"enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
"enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
"tenantId": "[parameters('tenantId')]",
"accessPolicies": [],
"sku": {
"name": "[parameters('skuName')]",
"family": "A"
}
}
}
Update: I suspected that it could be because of tenant id and hardcoded the tenant id to test. But still no luck.
According to the log, you are specifying the override parameters in the task. That's why you are using the ARM template I provided, but still facing the Bad request error. Because in the task logic, the script which in ARM files is the request body of the API. And we use this API to create a resource you specified in azure. For detailed task logic described, you can refer my previous answer.
The parameter definition in the ARM template is correct, but now, the error caused by the override parameters specified:
More specifically, the error is because of the subscription().tenantId in your parameter override definition.
You can try to use Write-Host subscription().tenantId to get its value and print out by using Azure powershell task. You will see that it could not get any thing. One word, this can only used in Json file instead of used in task.
So now, because of no value get from this expression, also you have override the previous value which defined in the JSON file. It will lack the key parameter value(tenantId) in the request body when the task is going to create a azure resource with API.
There has 2 solution can solve it.
1. Do not try to override the parameters which its value is using expression.
Here I just mean the parameter that relevant with Azure subscription. Most of the expression could not be compiled in the Azure ARM deploy task.
2. If you still want to override these special parameters with the special expression in the task.
If this, you must add one task firstly, to get the tenantId from that. Then pass it into the ARM deploy task.
You can add Azure Powershell task by using the following sample script:
Write-Output "Getting tenantId using Get-AzureRmSubscription..."
$subscription = (Get-AzureRmSubscription -SubscriptionId $azureSubscriptionId)
Write-Output "Requested subscription: $azureSubscriptionId"
$subscriptionId = $subscription.Id
$subscriptionName = $subscription.Name
$tenantId = $subscription.tenantId
Write-Output "Subscription Id: $subscriptionId"
Write-Output "Subscription Name: $subscriptionName"
Write-Output "Tenant Id: $tenantId"
Write-Host "##vso[task.setvariable variable=TenantID;]$$tenantId"
Then in the next task, you can use $(TenantID) to get its value.
Here you can refer to this two excellent blog: Blog1 and Blog2
I still recommend you to use the first solution since the volume of the pipeline will increase and complicate if choosing the second solution.
I'm building an Azure Logic App and try to automate the creation of an Azure Redis Cache. There is a specific action for this (Create or update resource) which I was able to bring up:
As you can see I entered 2016-02-01 as the api version. I was trying different values here just guessing from other api versions I know from Microsoft. I can't find any resource on this on the internet. The result of this step will be:
{
"error":
{
"code": "InvalidResourceType",
"message": "The resource type could not be found in the namespace 'Microsoft.Cache' for api version '2016-02-01'."
}
}
What is the correct value for x-ms-api-version and where can I find the history for this value based on the resource provider?
Try
Resource Provider: Microsoft.Cache
Name: Redis/<yourrediscachename>
x-ms-api-version: 2017-02-01
One easy way to know the supported versions for each resource type is using CLI on your Azure Portal, e.g.
az provider show --namespace Microsoft.Cache --query "resourceTypes[?resourceType=='Redis'].apiVersions | [0]"
would return:
[
"2017-02-01",
"2016-04-01",
"2015-08-01",
"2015-03-01",
"2014-04-01-preview",
"2014-04-01"
]
I made it work with:
HTH