Trying to retrieve the value of Authorization.action from Get-AzActivityLog | select-Object but I am having difficulty filtering my results down to what I need.
When running the below, I get results but when I pipe to Select-Object to only return the specified values, I get values for all except Autorization.action. Fairly new so not sure how to accomplish this and not finding documentation that clarifies to me online. Obviously Authorization.action is not correct but I can't seem to find a solution.
Get-AzActivityLog -ResourceId $sa.Id `
-StartTime ((Get-Date).AddDays($timeframe)) `
-Status Succeeded `
| where {$_.Authorization.action -like "Microsoft.Storage/storageAccounts/regenerateKey/action"} `
| Select-Object Authorization.action, EventTimestamp, ResourceGroupName, ResourceId
Output
Thanks for any insight in to this.
You could do it in Multiple ways :
Get-AzActivityLog -ResourceId $sa.Id `
-StartTime ((Get-Date).AddDays($timeframe)) `
-Status Succeeded `
| where {$_.Authorization.action -like "Microsoft.Storage/storageAccounts/regenerateKey/action"} `
| Select-Object {$_.Authorization.action}, EventTimestamp, ResourceGroupName, ResourceId
Or
Like Mathias Mentioned :
Get-AzActivityLog -ResourceId $sa.Id `
-StartTime ((Get-Date).AddDays($timeframe)) `
-Status Succeeded `
| where {$_.Authorization.action -like "Microsoft.Storage/storageAccounts/regenerateKey/action"} `
| Select-Object #{Name='AuthorizationAction';Expression={$_.Authorization.action}}, EventTimestamp, ResourceGroupName, ResourceId
The Reason Being Select-Object chooses the immediate property of the object. However, in your case the Authorization.Action is one level down being a complex property. So you will have to evaluate the expression.
Also you could use the -ExpandProperty parameter to expand a complex property.
Select-Object Authorization -ExpandProperty Authorization | Select-Object Action
Related
Azure: Extend Psh command with two columns resource type & name
I am trying to write a Azure Psh command with two columns resource type & name and query the RBAC assignments for a user.
I have these two tables, is there a way to merge the following two tables?
Following is my current progress with the command:
Get-AzRoleAssignment -SignInName A12345#abc.com | Select-Object -Property RoleDefinitionName, {Get-AzResource -ResourceId $_.RoleAssignmentID | Select-Object -Property Name,ResourceType} | Format-Table;
Get-AzRoleAssignment -SignInName A12345#abc.com | Select-Object -Property RoleDefinitionName, {Get-AzResource -ResourceId $_.Scope | Select-Object -Property Name, ResourceType} | Format-Table
You can use the below command to directly get the two information in one line :
Get-AzRoleAssignment -SignInName ansuman#xyz.com | Select-Object -Property RoleDefinitionName, {Get-AzResource -ResourceId $_.RoleAssignmentID | Select-Object -Property Name,ResourceType} , {Get-AzResource -ResourceId $_.Scope | Select-Object -Property Name, ResourceType} | Format-Table
Update:
To prettify the Headers you can use this :
Get-AzRoleAssignment -SignInName ans#xyz.com | Select-Object -Property RoleDefinitionName, #{N='RoleDetails';E={Get-AzResource -ResourceId $_.RoleAssignmentID | Select-Object -Property Name,ResourceType}} , #{L='ScopeDetails';E={Get-AzResource -ResourceId $_.Scope | Select-Object -Property Name, ResourceType}}
Output:
i'm trying to use Powershell to query my Storage Accounts by using name filter
I have tried these commands (and their variants) but have not still managed to get this working.
Get-AzStorageAccount | where -FilterScript {($_.ResourceType -eq "storageAccounts") -and ($_.StorageAccountName -contains "Prod") }
Get-AzResource -ResourceType Microsoft.Storage/storageAccounts | Get-AzResource -Name Prod* | ft
Any tips because I'm a bit lost. My goal would be that command / script would print out e.g all Storage Accounts which contains Prod in their name.
You can use Where-Object and -match to filter here:
Get-AzStorageAccount | Where-Object {$_.StorageAccountName -match 'prod'}
Or using -like:
Get-AzStorageAccount | Where-Object {$_.StorageAccountName -like '*prod*'}
If you really want to use Get-AzResource, then you need to filter by the Microsoft.Storage/storageAccounts resource type:
Get-AzResource -ResourceType "Microsoft.Storage/storageAccounts" | Where-Object {$_.Name -match 'prod'}
You can have a look at Matching Operators from about_comparison_operators for more information.
We have over 20 route tables that we need to be able to quickly modify.
We have 2 NVAs that could act as the next hop but we are not able to find the correct solution.
We are stuck at this:
$groupname = Get-AzResourceGroup | Out-GridView –PassThru | Select -ExpandProperty ResourceGroupName
$rt = Get-AzRouteTable -ResourceGroupName $groupname | Out-GridView -PassThru
$oldroutes = Get-AzRouteTable -ResourceGroupName $groupname | Get-AzRouteConfig | Where-Object -Property NextHopIpAddress -Like 1.1.1.1 | Select -ExpandProperty Name
foreach ($oldroutes in $oldroutes)
{
Set-AzRouteConfig -RouteTable $rt -Name $oldroute -NextHopIpAddress 2.2.2.2 | Set-AzRoutetable }
This works to the part that is able to go through all Route Tables and identify all routes that have next hop as 1.1.1.1 and store them in a variable called $oldroutes and only selecting the route Name which is needed by the Set-AZRouteConfig command.
It runs correct up until the Set part. Instead of Modifying it just sets the NextHopIpAddress as 2.2.2.2 and deletes all other values, so when we try to commit the changes we get an error.
Set-AzRoutetable : Address prefix string for resource ...... cannot be null
Has anyone done this or are we missing anything maybe?
Thank you in advance!
I can reproduce your issue, when using Set-AzRouteConfig | Set-AzRoutetable , the parameter -AddressPrefix is needed, if you don't want change it, you could specify it with the original one. And if you want to set -NextHopIpAddress, you need to specify the -NextHopType only with VirtualAppliance. And this part $oldroutes in $oldroutes is also has a mistake, it should be $oldroute in $oldroutes.
So in summary, your script should be like below.
$groupname = Get-AzResourceGroup | Out-GridView –PassThru | Select -ExpandProperty ResourceGroupName
$rt = Get-AzRouteTable -ResourceGroupName $groupname | Out-GridView -PassThru
$oldroutes = Get-AzRouteTable -ResourceGroupName $groupname | Get-AzRouteConfig | Where-Object -Property NextHopIpAddress -Like 1.1.1.1
foreach ($oldroute in $oldroutes)
{
Set-AzRouteConfig -RouteTable $rt -Name $oldroute.Name -AddressPrefix $oldroute.AddressPrefix -NextHopType VirtualAppliance -NextHopIpAddress 2.2.2.2 | Set-AzRoutetable
}
I created multiple script to identify who started or stopped a Vm using the activity log but unable to get the results - the script just executes without an output
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit
Get-AzureRmLog -StartTime 2018-10-01T10:30 -EndTime 2018-10-12T11:30
-ResourceId /subscriptions/S1sub/resourceGroups/SamRG/providers/microsoft.compute/test
-DetailedOutput -Maxrecord 100 -InformationAction stop
Get-AzureRmLog -ResourceGroup samitrg -StartTime 2018-10-01T10:30
-EndTime 2018-10-12T11:30 | Select-Object level,eventtimestamp,caller,ID,resourcegroupname,Authorization,scope |
Export-Csv -Path c:\abc.csv
Get-AzureRmLog -ResourceGroup samitrg -StartTime 2018-10-01T10:30
-EndTime 2018-10-12T11:30 | Where-Object OperationName -EQ Microsoft.compute/virtualmachines/deallocate/action
Try the command below, add the extra parameters you need, like -StartTime,-EndTime,etc, it will work fine.
Start a VM:
$start = Get-AzureRmLog -ResourceId "<ResourceId>" | Where-Object { $_.Authorization.Action -eq "Microsoft.Compute/virtualMachines/start/action"}
$start | Select-Object level,eventtimestamp,caller,ID,resourcegroupname,Authorization,scope
Stop a VM:
$stop = Get-AzureRmLog -ResourceId "<ResourceId>" | Where-Object { $_.Authorization.Action -eq "Microsoft.Compute/virtualMachines/deallocate/action"}
$stop | Select-Object level,eventtimestamp,caller,ID,resourcegroupname,Authorization,scope
I found the solution
START
Get-AzureRmLog -ResourceID /subscriptions/<SUBID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Compute/virtualMachines/<VMName> -StartTime 2018-10-16T21:30 -EndTime 2018-10-16T21:50 -MaxRecord 20 | Where-Object { $_.Authorization.Action -eq "Microsoft.Compute/virtualMachines/start/action"} | Select-Object level,eventtimestamp,caller,ID,resourcegroupname,Authorization | Format-table -wrap -AutoSize -Property level,eventtimestamp,caller,resourcegroupname,ID -groupby Authorization
STOP
Get-AzureRmLog -ResourceID /subscriptions/<SUBID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Compute/virtualMachines/<VMName> -StartTime 2018-10-16T21:30 -EndTime 2018-10-16T21:45 -MaxRecord 20 | Where-Object { $_.Authorization.Action -eq "Microsoft.Compute/virtualMachines/deallocate/action"} | Select-Object level,eventtimestamp,caller,ID,resourcegroupname,Authorization | Format-table -wrap -AutoSize -Property level,eventtimestamp,caller,resourcegroupname,ID -groupby Authorization
Hope this helps everyone :)
I've used a hash table to calculate some values for my VMWare inventory script, but now when I output the data, it records it as a key/value pair. I'd like to dump just the value. When I simply take what I'm handed that works fine, but when I get picky PS starts to stonewall me. :-)
Here is the relevant part of the script.
foreach ($machine in $vmList) {
$vmname = $machine.Name
$properties = #{
'Name'=Get-VM $vmname | Select -ExpandProperty Name
'RAM'=Get-VM $vmname | Select -ExpandProperty MemoryGB
'CpuCount'=Get-VM $vmname | Select -ExpandProperty NumCpu
'UsedDiskGB'=Get-VM $vmname | Select-Object #{n="UsedDiskGB"; e={[math]::Round( $_.UsedSpaceGB, 3 )}}
'TotalDiskGB'=Get-VM $vmname | Select-Object #{n="TotalDiskGB"; e={[math]::Round((Get-HardDisk -vm $_ | Measure-Object -Sum CapacityGB).Sum)}}
'Networks'=Get-VM $vmname | Select-Object #{n="Networks"; e={(Get-NetworkAdapter -VM $_ |Sort-Object NetworkName |Select -Unique -Expand NetworkName) -join '; '}}
'OS'=(Get-VM -Name $vmname | Get-View).summary.config.guestFullName
}
$object=New-Object -TypeName PSObject -Prop $properties
Export-Csv -Path $WorkDir\vms.csv -Append -Encoding UTF8 -InputObject $Object
Write-Output $Object
}
How do I get UsedDiskGB, Networks and TotalDiskGB to display just the value instead of something like '#{TotalDiskGB=80}'? Ram, OS, CpuCount and Name work exactly as desired already.
Also, suggestions on doing this in a faster way are welcome. I'm sure all these calls can be done better. I had it done in a single line, but then they asked for OS to be added and that changed everything.
Easy, but bad way:
In the expression pipe to |Select -ExpandProperty <property name> to get just the value. Such as:
'TotalDiskGB'=Get-VM $vmname | Select-Object #{n="TotalDiskGB"; e={[math]::Round((Get-HardDisk -vm $_ | Measure-Object -Sum CapacityGB).Sum)}}|select -expand totaldiskgb
The better way:
Structure your properties better to start with. Try this:
'TotalDiskGB'= [math]::Round((Get-HardDisk -vm (Get-VM $vmname) | Measure-Object -Sum CapacityGB).Sum)
The reason you're having issues is because you are creating a PSCustomObject with your Select, and Totaldiskgb is a property of that object. You don't want to make an object, you just want the value of that property.
Edit: Thank you to #briantist for pointing out that Get-VM $vmname should be called once, and stored as an object to be used later, rather than called for each time it is needed for a member of $Properties. For example:
foreach ($machine in $vmList) {
$vmname = $machine.Name
$vmobject = Get-VM $vmname
$properties = #{
'Name'=$vmobject | Select -ExpandProperty Name
'RAM'=$vmobject | Select -ExpandProperty MemoryGB
'CpuCount'=$vmobject | Select -ExpandProperty NumCpu
'UsedDiskGB'=[math]::Round( $vmobject.UsedSpaceGB, 3 )
'TotalDiskGB'=[math]::Round((Get-HardDisk -vm $vmobject | Measure-Object -Sum CapacityGB).Sum)
'Networks'=(Get-NetworkAdapter -VM $vmobject |Sort-Object NetworkName |Select -Unique -Expand NetworkName) -join '; '
'OS'=($vmobject | Get-View).summary.config.guestFullName
}
$object=New-Object -TypeName PSObject -Prop $properties
Export-Csv -Path $WorkDir\vms.csv -Append -Encoding UTF8 -InputObject $Object
Write-Output $Object
}