Get ‘Diagnostic Settings’ config on all Azure Resources using PowerShell

As we start to plan a consolidation of our Log Analytics Workspaces and cleaning up years of partial implementations, we needed to discover all resources that have diagnostic settings configured.


  • search through all subscriptions
  • provide the following details
    • Resource in question
    • Configured Diagnostic Settings
    • Details on what metrics and logs are configured
  • Export it to a CSV file
  • Store results in a PS Object that i can further query/refine


A little bit about what Platform Logs/Diagnostic Logs are:

Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. They are automatically generated although you need to configure certain platform logs to be forwarded to one or more destinations to be retained. This article provides an overview of platform logs including what information they provide and how you can configure them for collection and analysis.

Overview of Azure platform logs – Azure Monitor | Microsoft Docs

Most resources in Azure gives you the opportunity to add Diagnostic Settings to send to one of three destinations.

  • Log Analytics
  • Event Hub
  • Storage Account
In this example you can see there is a Log Analytics Workspace designated as a destination for Diagnostic Logs from an Azure SQL database.

The Script

Looking online I couldn’t find anything that offered quite what i wanted to achieve so I put together the following script. It does take some time to run on large environments and is not optimised for performance.

The Results

The output comes in two ways:

CSV Output

Here i export the output to a CSV file called AzureResourceDiagnosticSettings-2020-01-07-00-0000.csv in the current running directory. It contains the following columns:

  • ResourceName – The resource being questioned
  • DiagnosticSettingsName – The name given to the Diag Setting
  • StorageAccountName
  • EventHubName
  • WorkspaceName
  • Metrics – JSON extract of the specific Metrics details
  • Logs- JSON extract of the specific Logs details
  • Subscription – Which subscription it belongs to
  • ResourceId
  • DiagnosticSettingsId
  • StorageAccountId
  • EventHubId
  • WorkspaceId

PowerShell Array

With the CSV, you can edit it in Excel and do pretty much anything from here on, but while you are in PowerShell, you can still use it as an PS Object. The Array is still available to do further queries, refinements, or automation.

I specifically carry across the ID’s of all the necessary objects so that they can be used downstream. Simply running the following command would filter the results to a specific Workspace:

$DiagResults | Where-Object {$_.WorkspaceName -like "LAW-LOGS01"} 

Example of the CSV output below so you get a feel for what you expect to get in the end.

Example CSV extract file


Overview of Azure platform logs – Azure Monitor | Microsoft Docs

Create diagnostic settings to send platform logs and metrics to different destinations – Azure Monitor | Microsoft Docs

Get-AzDiagnosticSetting (Az.Monitor) | Microsoft Docs

Finding Diagnostic Settings Configuration for Azure Resources – CHARBEL NEMNOM

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

QR Code Business Card