Kaido Jarvemets - Logo

Simplifying Azure Log Analytics with Custom PowerShell Tools


Efficient data management and security monitoring are critical in cloud environments. While working on the Defender for Identity Workbook for Microsoft Sentinel Toolkit and the Defender for SQL Deployment Accelerator Toolkit, I realized the necessity to streamline the custom table creation process. This insight led to the development of two PowerShell functions aimed at enhancing the setup and management of Azure Log Analytics workspaces.

Toolkit Overviews

Function Overview

  • New-LAWTableColumn Function
    • This function is designed to facilitate the creation of individual columns for custom tables in Azure Log Analytics. It allows users to specify the column name and data type, ensuring that each column is configured to accurately represent the data it will store.
  • New-LAWCustomTable Function
    • Complementing the column creation function, this function is used to assemble these columns into a structured custom table. It integrates the columns into a single table schema, sets up the table in the specified Azure Log Analytics workspace, and prepares it to receive and store data.

This section is reserved for our Premium Members only. Upgrade your membership to access this solution and unlock more benefits.


This example showcases the creation of a custom table named “Test2_CL” in Azure Log Analytics, demonstrating how to integrate mandatory and custom columns effectively.

Azure Log Analytics Custom Table

Benefits of Using These Functions

  • Efficiency
    • Automates the complex setup processes, saving time and minimizing errors.
  • Customization
    • Offers the flexibility to define and organize data within tables based on specific monitoring and analysis needs.
  • Scalability
    • Facilitates easy scaling of data architecture to accommodate growing data volumes or evolving business requirements.

Querying Custom Tables in Azure Log Analytics

After setting up custom tables, you can list all such resources in a specific Azure Log Analytics workspace using the PowerShell script below. This script helps you monitor and manage your custom tables by showing key details like names, retention periods, and plans.

					Get-AzOperationalInsightsTable -ResourceGroupName "MYRESOURCEGROUP" -WorkspaceName "MYWORKSPACENAME" |
    Where-Object {$PSItem.Name -like "*_cl*"} |
        Select-Object Name,RetentionInDays,Plan


The New-LAWTableColumn and New-LAWCustomTable functions are indispensable for those looking to enhance their Azure Log Analytics configurations.

Leave a Reply

Contact me

If you’re interested in learning about Simplifying Azure Log Analytics with Custom PowerShell Tools. I can help you understand how this solution can benefit your organization and provide a customized solution tailored to your specific needs.

Table of Contents