static async Task Main(string[] args)
{
var clientId = "c0b75ac5-9bae-44d5-a118-eea0ae39adfd";
var clientSecret = "@v0s8o81NA=-FCdtozuzNipy.Q2EGM==";
var domain = "wolterskluwer.onmicrosoft.com";
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var workspaceId = "e4505189-dcc5-4d5d-9b36-b88a88afbdf3";
var serviceClientCredentials = GetServiceClientCredentials(clientId, clientSecret, domain, authEndpoint, tokenAudience);
var client = new OperationalInsightsDataClient(serviceClientCredentials)
{
WorkspaceId = workspaceId
};
var query = "search *\r\n| where Type == \"ETWEvent\" and Message contains \"MultiFieldSearch\" and TaskName == \"Message\" and Message contains \"QueryString\"\r\n| project TimeGenerated, SearchTerms=extract(\"\\\"QueryString\\\":\\\"([^\\\"]*?)\\\"\", 1, Message)\r\n| take 10";
// Run query and store results in log analyzer
QueryResults results = null;
try
{
results = await client.QueryAsync(query);
await ProcessQueryResults(results.Results);
}
catch (Exception e)
{
Console.WriteLine(e);
Environment.Exit(1);
}
}
protected void SetupDataClient(RestTestFramework.MockContext context)
{
var credentials = new ApiKeyClientCredentials("DEMO_KEY");
var operationalInsightsDataClient = new OperationalInsightsDataClient(credentials, HttpMockServer.CreateInstance());
_helper.SetupManagementClients(operationalInsightsDataClient);
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
string name = req.Query["name"];
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
name = name ?? data?.name;
log.LogInformation("Function called by {UserName}", name);
var workspaceId = LAWorkSpaceIDAKV;
var clientId = clientIDAKV;
var clientSecret = clientSecretAKV;
var domain = "AZURE_AD_DOMAIN_NAME";
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var client = new OperationalInsightsDataClient(creds)
{
WorkspaceId = workspaceId
};
// Log Analytics Kusto query - look for data in the past 10 days
string query = @"
InformationProtectionLogs_CL
| where TimeGenerated >= ago(10d)
| where UserId_s == '*****@*****.**'
| where ProtectionOwner_s == '*****@*****.**'
| where Protected_b == 'true'
| where ObjectId_s != 'document1'
| where MachineName_s != ''
| where ApplicationName_s != 'Outlook'
| extend FileName = extract('((([a-zA-Z0-9\\s_:]*\\.[a-z]{1,4}$))|([a-zA-Z0-9\\s_:]*$))', 1, ObjectId_s)
| distinct FileName, Activity_s, LabelName_s, TimeGenerated, Protected_b, MachineName_s
| sort by TimeGenerated desc nulls last";
// update the query with caller user's email
string query1 = query.Replace("*****@*****.**", name);
var outputTable = client.Query(query1.Trim()).Tables[0];
// Return results to calling agent as a table
return(name != null
? (ActionResult) new OkObjectResult(outputTable)
: new BadRequestObjectResult("Please pass a name on the query string or in the request body"));
}
private OperationalInsightsDataClient GetClient(MockContext ctx, string workspaceId = DefaultWorkspaceId, string apiKey = DefaultApiKey)
{
var credentials = new ApiKeyClientCredentials(apiKey);
var client = new OperationalInsightsDataClient(credentials, HttpMockServer.CreateInstance());
client.WorkspaceId = workspaceId;
return(client);
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
string name = req.Query["name"];
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
name = name ?? data?.name;
log.LogInformation("AIP Tracking Request for File: {FileName} ", name);
var workspaceId = LAWorkSpaceIDAKV;
var clientId = clientIDAKV;
var clientSecret = clientSecretAKV;
var domain = "AZURE_AD_DOMAIN_NAME";
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var client = new OperationalInsightsDataClient(creds)
{
WorkspaceId = workspaceId
};
string query = @"let doclookup = InformationProtectionLogs_CL
| where TimeGenerated >= ago(31d)
| where ObjectId_s contains 'AIPFILETOTRACK' and ContentId_g != ''
| distinct ContentId_g, ObjectId_s;
let accesslookup = InformationProtectionLogs_CL
| where Operation_s == 'AcquireLicense' or Activity_s != '';
accesslookup
| join kind = inner(
doclookup
) on $left.ContentId_g == $right.ContentId_g
| extend FileName = extract('((([a-zA-Z0-9\\s_:]*\\.[a-z]{1,4}$))|([a-zA-Z0-9\\s_:]*$))', 1, ObjectId_s1)
| project ContentId_g, FileName, AccessedBy = UserId_s, Activity_s, ProtectionOwner_s, TimeGenerated, ProtectionTime_t, ApplicationName_s, IPv4_s, MachineName_s";
// update the query with caller user's document to track
string query1 = query.Replace("AIPFILETOTRACK", name);
var outputTable = client.Query(query1.Trim()).Tables[0];
return(name != null
? (ActionResult) new OkObjectResult(outputTable)
: new BadRequestObjectResult("Please pass a name on the query string or in the request body"));
}
public bool RunLAQuery(string tableName)
{
try
{
// Get credentials fron config.json
var appConfig = new AppConfig();
var credentials = appConfig.GetCredentials();
customerId = credentials["workspaceId"];
clientId = credentials["clientId"];
clientSecret = credentials["clientSecret"];
domain = credentials["domain"];
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var laClient = new OperationalInsightsDataClient(creds);
laClient.WorkspaceId = customerId;
var path = new SampleDataPath();
var dirPath = path.GetDirPath();
tableName = tableName.Replace(dirPath, "").Replace(".json", "");
string query = tableName
+ @"| where TimeGenerated > ago(10d)
| limit 100";
var results = laClient.Query(query);
var tableCount = results.Tables.Count;
if (tableCount > 0)
{
return(true);
}
else
{
return(false);
}
}
catch (Exception ex)
{
throw new Exception("Calling Log Analytics Error " + ex.Message);
}
}
/// <summary>
/// Authenticate to the Kusto Log Analytics instance for build.
/// </summary>
/// <returns></returns>
private OperationalInsightsDataClient GetClient()
{
// Authenticate to log analytics.
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(AuthEndpoint),
TokenAudience = new Uri(TokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(Domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var client = new OperationalInsightsDataClient(creds)
{
WorkspaceId = workspaceId
};
return(client);
}
public static void Init(TestContext context)
{
// Wire up test secrets.
_secrets = InitSecrets();
// Get a data client, helping us actually Read data, too.
_dataClient = GetLawDataClient(_secrets.LawSecrets.LawId, _secrets.LawPrincipalCredentials.ClientId, _secrets.LawPrincipalCredentials.ClientSecret, _secrets.LawPrincipalCredentials.Domain).Result;
// Set up unique identifiers for the tests. This helps us query the Log Analytics Workspace for our specific messages, and ensure the count and properties are correctly shipped to the logs.
testIdentifierEntries = $"test-id-{Guid.NewGuid()}";
testIdentifierEntry = $"test-id-{Guid.NewGuid()}";
// Initialize the LAW Client.
LogAnalyticsClient logger = new LogAnalyticsClient(
workspaceId: _secrets.LawSecrets.LawId,
sharedKey: _secrets.LawSecrets.LawKey);
// Test 1 prep: Push a collection of entities to the logs.
List <DemoEntity> entities = new List <DemoEntity>();
for (int ii = 0; ii < 12; ii++)
{
entities.Add(new DemoEntity
{
Criticality = "e2ecriticality",
Message = testIdentifierEntries,
SystemSource = "e2etest"
});
}
logger.SendLogEntries(entities, "endtoendlogs").Wait();
// Test 2 prep: Send a single entry to the logs.
logger.SendLogEntry(new DemoEntity
{
Criticality = "e2ecriticalitysingleentry",
Message = testIdentifierEntry,
SystemSource = "e2etestsingleentry"
}, "endtoendlogs").Wait();
// Since it takes a while before the logs are queryable, we'll sit tight and wait for a few minutes before we launch the retrieval-tests.
Thread.Sleep(6 * 1000 * 60);
}
public async Task <Table> RunLAQuery(string domain, string clientId, string clientSecret, string workspaceId)
{
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var LAclient = new OperationalInsightsDataClient(creds)
{
WorkspaceId = workspaceId
};
// Log Analytics Kusto query - look for user data in the past 24 hours
string query = @"
let lookback = timespan(24h);
let doclookup = InformationProtectionLogs_CL
| where ContentId_g != '' and ObjectId_s != ''
and TimeGenerated >= ago(90d)
| distinct ContentId_g, ObjectId_s;
let accesslookup = InformationProtectionLogs_CL
| where TimeGenerated >= ago(lookback)
| where Activity_s == 'AccessDenied'
| extend AccessCount = 1;
accesslookup
| join kind = inner(
doclookup
) on $left.ContentId_g == $right.ContentId_g
| extend FileName = extract('((([^\\/\\\\]*\\.[a-z]{1,4}$))|([[^\\/\\\\]*$))', 1, ObjectId_s1)
| summarize AccessCount = sum(AccessCount) by ContentId_g, FileName, LabelName_s, UserId_s, ProtectionOwner_s,
TimeGenerated, ProtectionTime_t, IPv4_s, Activity_s, Operation_s";
var outputTable = await LAclient.QueryAsync(query.Trim());
return(outputTable.Tables[0]);
}
public async Task GetPartialError()
{
using var ctx = MockContext.Start(this.GetType());
OperationalInsightsDataClient client = GetClient(ctx);
string query = $"set truncationmaxrecords=1; Perf";
var response = await client.QueryWithHttpMessagesAsync(query, PastHourTimespan);
Assert.Equal(System.Net.HttpStatusCode.OK, response.Response.StatusCode);
Assert.Equal("OK", response.Response.ReasonPhrase);
Assert.True(response.Body.Tables.Count > 0, "Table count isn't greater than 0");
Assert.False(String.IsNullOrWhiteSpace(response.Body.Tables[0].Name), "Table name was null/empty");
Assert.True(response.Body.Tables[0].Columns.Count > 0, "Column count isn't greater than 0");
Assert.True(response.Body.Tables[0].Rows.Count > 0, "Row count isn't greater than 0");
Assert.NotNull(response.Body.Error);
Assert.Equal("PartialError", response.Body.Error.Code);
Assert.True(response.Body.Error.Details.Count > 0, "Error Details count isn't greater than 0");
Assert.StartsWith("Query result set has exceeded the internal record count limit",
response.Body.Error.Details[0].InnerError.Message);
}
static void Main(string[] args)
{
var builder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true);
IConfigurationRoot configuration = builder.Build();
var tenantId = configuration["tenantId"];
var clientId = configuration["clientId"];
var secret = configuration["secret"];
var workspaceId = configuration["workspaceId"];
var adSettingsForLoganalytics = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri("https://login.microsoftonline.com"),
TokenAudience = new Uri("https://api.loganalytics.io/"),
ValidateAuthority = true
};
// Build the service credentials and Monitor client
var serviceCreds = ApplicationTokenProvider.LoginSilentAsync(tenantId, clientId, secret, adSettingsForLoganalytics).Result;
using (var logAnalyticsClient = new OperationalInsightsDataClient(serviceCreds))
{
logAnalyticsClient.WorkspaceId = workspaceId;
var queryResult = logAnalyticsClient.Query("KubePodInventory");
foreach (var result in queryResult.Results)
{
Console.WriteLine(result.Count + ": {" + result.Keys.ToString() + ", " + result.Values.ToString() + "}");
}
}
Console.WriteLine("Hello World!");
Console.ReadKey();
}
public static async Task <QueryResults> RunLAQuery(string username)
{
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var LAclient = new OperationalInsightsDataClient(creds)
{
WorkspaceId = workspaceId
};
// Log Analytics Kusto query - look for user data in the past 20 days
string query = @"
InformationProtectionLogs_CL
| where TimeGenerated >= ago(20d)
| where UserId_s == '*****@*****.**'
| where ProtectionOwner_s == '*****@*****.**'
| where ObjectId_s != 'document1'
| where MachineName_s != ''
| extend FileName = extract('((([a-zA-Z0-9\\s_:]*\\.[a-z]{1,4}$))|([a-zA-Z0-9\\s_:]*$))', 1, ObjectId_s)
| distinct FileName, Activity_s, LabelName_s, TimeGenerated, Protected_b, MachineName_s
| sort by TimeGenerated desc nulls last";
// update the query with caller user's email
string query1 = query.Replace("*****@*****.**", username);
var outputTable = await LAclient.QueryAsync(query1.Trim());
return(outputTable);
}
public static async Task <OperationalInsightsDataClient> GetLawDataClient(string workspaceId, string lawPrincipalClientId, string lawPrincipalClientSecret, string domain)
{
// Note 2020-07-26. This is from the Microsoft.Azure.OperationalInsights nuget, which haven't been updated since 2018.
// Possibly we'll look for a REST-approach instead, and create the proper client here.
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var credentials = await ApplicationTokenProvider.LoginSilentAsync(domain, lawPrincipalClientId, lawPrincipalClientSecret, adSettings);
var client = new OperationalInsightsDataClient(credentials)
{
WorkspaceId = workspaceId
};
return(client);
}
static async Task MainAsync()
{
//Console.WriteLine("Hello World!");
string workspaceId = System.Environment.GetEnvironmentVariable("workspaceId");
string subscriptionID = System.Environment.GetEnvironmentVariable("subscriptionID");
string groupName = System.Environment.GetEnvironmentVariable("groupName");
string clientId = System.Environment.GetEnvironmentVariable("clientId");
string clientSecret = System.Environment.GetEnvironmentVariable("clientSecret");
string domain = System.Environment.GetEnvironmentVariable("domain");
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
TimeSpan span = new TimeSpan(0, 36, 0, 0, 0);
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
try
{
var token = GetAuthorizationHeader(clientId, clientSecret);
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var client = new OperationalInsightsDataClient(creds);
client.WorkspaceId = workspaceId;
string query = "let CPUtable= Perf | where CounterName == \"% Processor Time\" | where ObjectName == \"Processor\" " +
"| summarize avg(CounterValue) by bin(TimeGenerated, 1hr), Computer " +
"| project-rename CPU = avg_CounterValue; " +
"let Idletable = Perf " +
"| where CounterName == \"% Idle Time\" " +
"| where ObjectName == \"Processor\" " +
"| summarize avg(CounterValue) by bin(TimeGenerated, 1hr), Computer " +
"| project-rename Idle = avg_CounterValue; " +
"let ReadsTable = Perf " +
"| where CounterName == \"Disk Reads/sec\" " +
"| where ObjectName == \"Logical Disk\"" +
"| summarize avg(CounterValue) by bin(TimeGenerated, 1hr), Computer " +
"| project-rename Reads = avg_CounterValue; " +
"let WritesTable = Perf " +
"| where CounterName == \"Disk Writes/sec\" " +
"| where ObjectName == \"Logical Disk\" " +
"| summarize avg(CounterValue) by bin(TimeGenerated, 1hr), Computer " +
"| project-rename Writes = avg_CounterValue; " +
"let table1 = CPUtable " +
"| lookup kind = leftouter Idletable on TimeGenerated,Computer; " +
"let table2 = table1 " +
"| lookup kind = leftouter ReadsTable on TimeGenerated,Computer; " +
"table2 " +
"| lookup kind = leftouter WritesTable on TimeGenerated,Computer";
var queryResults = client.Query(query, span);
HashSet <string> unused = await ValidateVM(queryResults, token, groupName, subscriptionID);
string responseString = string.Join(", ", unused);
Console.WriteLine(responseString);
if (responseString.Length > 0)
{
SendEmail(responseString).Wait();
Console.WriteLine("Sent Email");
}
}
catch (Exception e)
{
if (e.InnerException != null)
{
throw new InvalidOperationException(e.InnerException.Message);
}
else
{
throw new InvalidOperationException(e.Message);
}
}
}
public static void Init(TestContext context)
{
// Wire up test secrets.
_secrets = TestsBase.InitSecrets();
// Get a data client, helping us actually Read data, too.
_dataClient = LawDataClientHelper.GetLawDataClient(
_secrets.LawSecrets.LawId,
_secrets.LawPrincipalCredentials.ClientId,
_secrets.LawPrincipalCredentials.ClientSecret,
_secrets.LawPrincipalCredentials.Domain)
.Result;
// Set up unique identifiers for the tests. This helps us query the Log Analytics Workspace for our specific messages, and ensure the count and properties are correctly shipped to the logs.
testIdentifierEntries = $"test-id-{Guid.NewGuid()}";
testIdentifierEntry = $"test-id-{Guid.NewGuid()}";
testIdentifierEncodingEntry = $"test-id-{Guid.NewGuid()}-ÅÄÖ@~#$%^&*()123";
testIdentifierNullableEntry = $"test-id-{Guid.NewGuid()}";
testIdentifierLogTypeEntry = $"test-id-{Guid.NewGuid()}";
diTestId = $"test-id-di-{Guid.NewGuid()}";
// Initialize the LAW Client.
LogAnalyticsClient logger = new LogAnalyticsClient(
workspaceId: _secrets.LawSecrets.LawId,
sharedKey: _secrets.LawSecrets.LawKey);
// Test 1 prep: Push a collection of entities to the logs.
List <DemoEntity> entities = new List <DemoEntity>();
for (int ii = 0; ii < 12; ii++)
{
entities.Add(new DemoEntity
{
Criticality = "e2ecriticality",
Message = testIdentifierEntries,
SystemSource = "e2etest",
Priority = int.MaxValue - 1
});
}
logger.SendLogEntries(entities, "endtoendlogs").Wait();
// Test 2 prep: Send a single entry to the logs.
logger.SendLogEntry(new DemoEntity
{
Criticality = "e2ecriticalitysingleentry",
Message = testIdentifierEntry,
SystemSource = "e2etestsingleentry",
Priority = int.MinValue + 1
}, "endtoendlogs");
// Since it takes a while before the logs are queryable, we'll sit tight and wait for a few minutes before we launch the retrieval-tests.
// Test 3 prep: Verify that different encoding types work
var encodingTestEntity = new DemoEntity
{
Criticality = "e2ecriticalityencoding",
Message = $"{testIdentifierEncodingEntry}", // Special encoding test.
SystemSource = "e2etestencoding",
Priority = int.MaxValue - 10000
};
logger.SendLogEntry(encodingTestEntity, "endtoendlogs");
// Test 4 prep: Verify that nullable entries work
var nullableTestEntity = new NullableDemoEntity
{
Message = $"{testIdentifierNullableEntry}",
NoValue = null,
WithValue = int.MaxValue - 20000
};
logger.SendLogEntry(nullableTestEntity, "endtoendlogs");
// Test 5 prep: Verify we can use AlphaNum + Underscore for Log-Type.
var logTypeTestEntity = new DemoEntity
{
Criticality = "Critical",
Message = testIdentifierLogTypeEntry,
Priority = int.MaxValue - 1,
SystemSource = "logtypetest"
};
logger.SendLogEntry(logTypeTestEntity, "log_name_123");
//
// DI LOGGER
//
var provider = new ServiceCollection()
.AddLogAnalyticsClient(c =>
{
c.WorkspaceId = _secrets.LawSecrets.LawId;
c.SharedKey = _secrets.LawSecrets.LawKey;
}).BuildServiceProvider();
var diLogger = provider.GetRequiredService <LogAnalyticsClient>();
// Send a log entry to verify it works.
diLogger.SendLogEntry(new DemoEntity
{
Criticality = "e2ecritical",
Message = diTestId,
SystemSource = "e2ewithdi",
Priority = int.MinValue + 1
}, "endtoendwithdilogs");
// Unfortunately, from the time we send the logs, until they appear in LAW, takes a few minutes.
Thread.Sleep(8 * 1000 * 60);
}
/// <summary>
/// Executing the log analytics queries
/// </summary>
public void ExecuteLogAnalyticsQueries()
{
Console.WriteLine($"ExecuteLogAnalyticsQueries Start");
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(AuthEndpoint),
TokenAudience = new Uri(TokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(Domain, AADClientId, ClientSecret, adSettings).GetAwaiter().GetResult();
var client = new OperationalInsightsDataClient(creds);
client.WorkspaceId = WorkspaceId;
dirQueryResults = new Dictionary <string, Quries>();
bool retry = true;
int retryCount = 0;
QueryResults results = null;
foreach (KeyValuePair <string, Quries> item in QueryData)
{
try
{
try
{
while (retry && retryCount <= 2)
{
results = client.Query(item.Value.Query);
retry = false;
}
}
catch (Exception e)
{
retryCount++;
Console.WriteLine($"Error while processing the query name {item.Key} retry count {retryCount}, Exception: {e}");
Thread.Sleep(threadSleepTime);
client = new OperationalInsightsDataClient(creds);
client.WorkspaceId = WorkspaceId;
}
retry = true;
retryCount = 0;
if (results != null && results.Tables.Count > 0)
{
#if DEBUG
//string rowformat = "{0},{1}";
//string rowData = string.Empty;
//foreach (var dr in results.Tables[0].Rows)
//{
// foreach (string dc in dr)
// {
// if (dc != null)
// rowData = rowData == "" ? dc : string.Format(rowformat, rowData, dc);
// }
// rowData = string.Empty;
//}
#endif
if (!string.IsNullOrEmpty(item.Value.Summarize))
{
item.Value.PerfResult = null;
Dictionary <string, double> PerfResult = new Dictionary <string, double>();
for (int i = 0; i < results.Tables[0].Rows.Count; i++)
{
if (results.Tables[0].Rows[i].Count > 1 && !string.IsNullOrEmpty(results.Tables[0].Rows[i][0]))
{
//Console.WriteLine($"{item.Value.Category} Result Name: {results.Tables[0].Rows[i][0]} Result Value: {results.Tables[0].Rows[i][1]} == time :{DateTime.Now.ToString("MM/dd/yyyy HH:mm:ss")} UTC Time: {DateTime.UtcNow.ToString("MM/dd/yyyy HH:mm:ss")}");
PerfResult.Add(results.Tables[0].Rows[i][0], Convert.ToDouble(results.Tables[0].Rows[i][1]));
}
}
item.Value.PerfResult = PerfResult;
}
item.Value.Result = results.Tables[0].Rows.Count.ToString();
}
else
{
item.Value.Result = "No Data";
Console.WriteLine("No Data");
}
}
catch (Exception ex)
{
item.Value.Result = "Error";
Console.WriteLine($"Error while processing the query name {item.Key} Exception: {ex}");
}
results = null;
dirQueryResults.Add(item.Key, item.Value);
}
Console.WriteLine($"ExecuteLogAnalyticsQueries End");
}
public bool RunLAQuery(string tableName)
{
try
{
// Get credentials fron config.json
var appConfig = new AppConfig();
var credentials = appConfig.GetCredentials();
customerId = credentials["workspaceId"];
clientId = credentials["clientId"];
clientSecret = credentials["clientSecret"];
domain = credentials["domain"];
var authEndpoint = "https://login.microsoftonline.com";
var tokenAudience = "https://api.loganalytics.io/";
var adSettings = new ActiveDirectoryServiceSettings
{
AuthenticationEndpoint = new Uri(authEndpoint),
TokenAudience = new Uri(tokenAudience),
ValidateAuthority = true
};
var creds = ApplicationTokenProvider.LoginSilentAsync(domain, clientId, clientSecret, adSettings).GetAwaiter().GetResult();
var laClient = new OperationalInsightsDataClient(creds);
laClient.WorkspaceId = customerId;
//get custom table name
var path = new SampleDataPath();
var dirPath = path.GetDirPath();
tableName = tableName.Replace(dirPath, "").Replace(".json", "");
//get a list of table names in your workspace
var tableNameList = new List <string>();
string query = @"search * | distinct $table";
var result = laClient.Query(query).Tables;
foreach (var table in result)
{
var rows = table.Rows;
foreach (var r in rows)
{
var customFileName = r[0];
if (customFileName.EndsWith("_CL"))
{
tableNameList.Add(customFileName);
}
}
}
//check if the custom table name exists in the list
if (tableNameList.Contains(tableName) == false)
{
return(false);
}
else
{
//check if there's any data in the table for last 7 days
string query1 = tableName
+ @"| where TimeGenerated > ago(7d)
| limit 10";
var results = laClient.Query(query1);
var tableCount = results.Tables.Count;
if (tableCount > 0)
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception ex)
{
throw new Exception("Calling Log Analytics Error " + ex.Message);
}
}
public static void Init(TestContext context)
{
// Wire up test secrets.
_secrets = InitSecrets();
// Get a data client, helping us actually Read data, too.
_dataClient = GetLawDataClient(
_secrets.LawSecrets.LawId,
_secrets.LawPrincipalCredentials.ClientId,
_secrets.LawPrincipalCredentials.ClientSecret,
_secrets.LawPrincipalCredentials.Domain)
.Result;
// Set up unique identifiers for the tests. This helps us query the Log Analytics Workspace for our specific messages, and ensure the count and properties are correctly shipped to the logs.
testIdentifierEntries = $"test-id-{Guid.NewGuid()}";
testIdentifierEntry = $"test-id-{Guid.NewGuid()}";
testIdentifierEncodingEntry = $"test-id-{Guid.NewGuid()}-ÅÄÖ@~#$%^&*()123";
testIdentifierNullableEntry = $"test-id-{Guid.NewGuid()}";
// Initialize the LAW Client.
LogAnalyticsClient logger = new LogAnalyticsClient(
workspaceId: _secrets.LawSecrets.LawId,
sharedKey: _secrets.LawSecrets.LawKey);
// Test 1 prep: Push a collection of entities to the logs.
List <DemoEntity> entities = new List <DemoEntity>();
for (int ii = 0; ii < 12; ii++)
{
entities.Add(new DemoEntity
{
Criticality = "e2ecriticality",
Message = testIdentifierEntries,
SystemSource = "e2etest",
Priority = int.MaxValue - 1
});
}
logger.SendLogEntries(entities, "endtoendlogs").Wait();
// Test 2 prep: Send a single entry to the logs.
logger.SendLogEntry(new DemoEntity
{
Criticality = "e2ecriticalitysingleentry",
Message = testIdentifierEntry,
SystemSource = "e2etestsingleentry",
Priority = int.MinValue + 1
}, "endtoendlogs");
// Since it takes a while before the logs are queryable, we'll sit tight and wait for a few minutes before we launch the retrieval-tests.
// Test 3 prep: Verify that different encoding types work
var encodingTestEntity = new DemoEntity
{
Criticality = "e2ecriticalityencoding",
Message = $"{testIdentifierEncodingEntry}", // Special encoding test.
SystemSource = "e2etestencoding",
Priority = int.MaxValue - 10000
};
logger.SendLogEntry(encodingTestEntity, "endtoendlogs");
// Test 4 prep: Verify that nullable entries work
var nullableTestEntity = new NullableDemoEntity
{
Message = $"{testIdentifierNullableEntry}",
NoValue = null,
WithValue = int.MaxValue - 20000
};
logger.SendLogEntry(nullableTestEntity, "endtoendlogs");
Thread.Sleep(6 * 1000 * 60);
}
