Month: February 2025

Log Analytics Simple Mode

Simple Mode – I have mixed feelings. Yes, Simple Mode in Azure Monitor Log Analytics is useful. Yes, it makes querying logs easier. But does it strip away too much of the power that Kusto Query Language (KQL) offers? Let’s break it down.

What is Simple Mode?

Simple Mode is Microsoft’s latest attempt to make Azure Monitor’s Log Analytics more accessible. Instead of writing KQL queries, you can now use a simplified, form-based approach to retrieve logs. This means:

No more KQL wrangling for simple queries
Drop-down selections to filter logs
Pre-built query templates for common scenarios

It’s perfect for beginners and those who just want quick answers without learning the intricacies of KQL. But for those of us who love the flexibility and depth of KQL, it feels a bit… underwhelming.

Where Simple Mode Shines

Okay, I’ll admit—it has its moments:

  1. Fast Troubleshooting – Need to check VM performance? Find failed logins? Simple Mode makes it quick.
  2. Less Query Anxiety – Not everyone wants to remember where TimeGenerated >= ago(7d). Fair enough.
  3. Better Team Accessibility – Non-technical users (like project managers or business analysts) can actually use Log Analytics now.

It’s a great tool for entry-level users, and it can certainly speed up basic troubleshooting.

Where It Falls Short (for Power Users)

If you’re used to writing KQL like a pro, Simple Mode will probably feel like training wheels on a motorcycle.

🔻 Limited Query Complexity – No advanced joins, unions, or calculated fields
🔻 Less Control Over Data Filtering – Drop-downs are great until you need a specific filter that isn’t there
🔻 Can Hide Critical Insights – Sometimes, the best debugging happens in the nitty-gritty details, which Simple Mode glosses over

It’s like being handed a “Dummies Guide to PowerShell” when you’ve been scripting automation for years. You appreciate the effort, but it’s just… not for you.

Can You Still Use KQL?

Thankfully YES. Microsoft isn’t forcing Simple Mode on us. You can toggle back to KQL mode whenever you want.

  1. Start with Simple Mode
  2. Switch to KQL Mode when you need more control
  3. Mix and match based on what you need

It’s a decent compromise, but I wouldn’t be surprised if Microsoft keeps nudging us toward using Simple Mode more in the future.

Running PowerShell Inline with Azure Standard Logic Apps: Because Sometimes, No-Code is Too Much Work

Azure Logic Apps are fantastic—until you need to do something slightly complex. The built-in workflow language is powerful but, let’s be honest, sometimes writing expressions in that JSON-esque nightmare is more painful than debugging a spaghetti-coded PowerShell script written by an intern.

Enter PowerShell in Azure Logic Apps (Standard Edition)—where you can run inline PowerShell scripts, skipping the need for convoluted @{json_expression} gymnastics.

Why?

Readability: Ever tried debugging a concat(split(base64(binary), ',')) expression? Yeah, me neither. PowerShell is just easier to read and debug.

Flexibility: You can manipulate JSON, handle dates, perform string operations, and even call APIs—all in a single PowerShell script instead of chaining actions together.

Less Clicks, More Code: Instead of adding multiple Compose, Condition, and Parse JSON actions, you can just run a PowerShell script inline and return exactly what you need.

How to Run PowerShell in Azure Standard Logic Apps

Step 1: Add the Inline Code Action

  1. Open your Azure Logic App (Standard Edition).
  2. Click “Add an action” in your workflow.
  3. Search for Inline Code and select it.

Note: This works only in Standard Logic Apps, not Consumption-based ones.

Step 2: Write Your PowerShell Script

The Inline Code action lets you use PowerShell directly inside the workflow.

Here’s a simple example:

param ($inputData)

# Convert input JSON into a PowerShell object
$data = $inputData | ConvertFrom-Json

# Get current timestamp in ISO format
$timestamp = Get-Date -Format "yyyy-MM-ddTHH:mm:ssZ"

# Concatenate values (because Logic Apps JSON expressions are a pain)
$fullName = "$($data.firstName) $($data.lastName)"

# Return an object
@{
    fullName = $fullName
    timestamp = $timestamp
} | ConvertTo-Json -Compress

Step 3: Pass Data Into the Script

  1. Click the “Parameters” section in the Inline Code action.
  2. Add a new parameter (e.g., inputData).
  3. Pass data from a previous action (like an HTTP request, a database call, or another Logic App action).

When executed, the script will return a structured JSON response—without needing multiple Logic App actions for transformation.

Real-World Use Cases

Date Manipulation: Logic Apps date functions are limited, but PowerShell handles them easily.

Complex String Operations: Need to extract a value from a string? Regex it in PowerShell.

API Calls & Data Formatting: Fetch data, process it, and return the exact structure you need.

PowerShell in Logic Apps Standard is a game-changer. Instead of wrestling with the built-in workflow language, you can just script it. It’s faster, cleaner, and doesn’t require chaining a dozen actions together just to manipulate a date or merge strings.

So next time you’re staring at an ugly @concat expression, ask yourself: “Could I just do this in PowerShell?” The answer is yes—and your future self will thank you.