0

My application insight is enabled to Log analytics. I want to delete logs from specific application insight..

I want a PowerShell script where I can purge the data which is attached to workspace..

1 Answers1

0

I want a PowerShell script where I can purge the data which is attached to workspace..

Based on our research , we haven't find any Power Shell cmdlets that can be used to purge the data of application insights.

You can invoke this Rest API from PowerShell & you can send a POST request with a body that contains the Application Insights telemetry table we want to purge and the filter that we want to apply on those records.

Below are the steps to followed to invoke the rest api using the PowerShell & to purge data of a specific column :

  • To use this API , You need to create an app registration in AAD & create client secret for that app registration.

  • you need to assign a role to your app in order to access the Application Insights resource.

  • Select the Application Insight resource (or directly select the Subscription object if you want), click on Access Control (IAM) and then add a role assignment.

  • create a new role assignment with Data Purger as the role and select your app registration (search for the app name)

Here is the PowerShell script to Invoke the REST API:

Import-Module AzureRM.Profile

##pass the app registration details
$appId = "YOR_APPLICATION_ID"
$key = "YOR_CLIENT_SECRET" 
$tenantId = "YOUR_AAD_TENANT_ID"

$subscriptionId = "YOUR_SUBSCRIPTION_ID"
$resourceGroupName = "YOUR_APPINSIGHTS_RESOURCE_GROUP_NAME"
$resourceName = "YOUR_APPINSIGHTS_INSTANCE_NAME"

# Create the authentication URL and get the authentication context
$authUrl = "https://login.windows.net/${tenantId}"
$AuthContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]$authUrl

# Build the credential object and get the token form AAD
$credentials = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential -ArgumentList $appId,$key
$result = $AuthContext.AcquireToken("https://management.core.windows.net/",$credentials)

# Build the authorization header JSON object

$authHeader = @{
'Content-Type'='application/json'
'Authorization'=$result.CreateAuthorizationHeader()
}

$URI = "https://management.azure.com/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Insights/components/${resourceName}/purge?api-version=2015-05-01"

$body = @"
{
   "table": "customEvents",
   "filters": [
     {
       "column": "timestamp",
       "operator": "<",
       "value": "2021-01-01T00:00:00.000"
     }
   ]
}
"@


$purgeID=Invoke-RestMethod -Uri $URI -Method POST -Headers $authHeader -Body $body

It may take a while (e.g. 2-3 days) for the purge operation to get complete.

For more information , you can refer this blog or this reference SO thread.

VenkateshDodda
  • 4,723
  • 1
  • 3
  • 12
  • this above is for application insight data. according to Microsoft we cant purge the data of application insight which is enable to log analytics. but my application is enable to log analytics and their in workspace so many application insight is attached but i want to delete only one application insight data.. is their any way please share with me – sheema bareen Nov 01 '21 at 06:47