I would like to share my collection of PowerShell based Kusto Schema Tools with the community. The tools are written to managing data interchange between Azure Data Explorer (ADX), EventHouse and Microsoft Sentinel. They are extremely helpful in creating Data Collection Rules for Log Analytics and ensuring that schema consistency exists across KQL powered systems.
The PowerShell scripts are used for:
- Exporting Sentinel and Log Analytics table schemas to Azure Data Explorer (ADX) and Eventhouse KQL scripts
- Automating Data Collection Rule creation to write data to Log Analytics / Sentinel tables
- Extending Log Analytics Workspaces with new Custom Log (CL) tables
- Discovering writeable tables in Log Analytics / Sentinel
Enterprise Assets Included
As examples of the automated output produced by the scripts
- 400+ Data Collection Rule Templates: Bicep deployment packages for _CL definitions
- 400+ Bicep Table Definitions: Infrastructure-as-code examples for extending Log Analytics custom tables
- 1000+ KQL Table Definitions: KQL schema templates derived from Log Analytics and the Sentinel archive to serve as templates for data engineering with ADX and EventHouse.
Scripts and Enterprise Assets can be accessed here:
https://github.com/LaurieRhodes/Powershell-Kusto-Schema-Tools
- Log in to post comments