One of the problems you may face when using Microsoft’s Operations Management Suite Log Analytics (I’m glad there is no acronym for all that) is to replicate some configurations you may require to another workspace. If you provide services to multiple customers, you will know exactly how challenging it can be. If you have a Dev or QA environment, you may also require moving your configuration.
Currently, the OMS Log Analytics console won’t allow you to move your alerts and search queries. For the saved searches, I’ve written a couple of scripts for that purpose (see here). More recently, Microsoft made the Alert REST API documentation available here and with that, the alerts can also be exported and imported.
For that, I’ve written two scripts:
– Export-Alerts.ps1 – it will cycle through your tenants and identify all saved searches that have an action and a schedule (alert) assigned to it and will export them to a file.
– Import-Alerts.ps1 – it will take the previously generated file and import those alerts into any workspace you select.
Let’s see how it works. First, exporting:
When you run the script, you must enter your credentials:
Then pick your tenant:
and your subscription:
Once done, it will generate a file (alerts.xml by default):
Now to import it, steps are similar. Run the file import-alerts.ps1 file and pick your tenant:
Then the subscription:
And the target workspace:
And lastly, the alerts.xml file:
Once done, you should see the alerts in your target workspace, as well as the saved searches!
Hope this helps!