ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS

Are you in control? – or are some of your core infrastructure processes like patching, antivirus, bitlocker enablement drifting? Or would you like to do advanced inventory, where you can lookup your warranty state against Lenovo or Dell warranty, then keep reading.

Check out ClientInspector (github), which can help you get great insight to your complete client environment.

ClientInspector is free to the community – built to be a cool showcase of how you can bring back data from your clients using Azure Log Ingestion PipelineAzure Data Collection RulesAzure LogAnalytics; view them with Azure Monitor & Azure Dashboards – and get “drift-alerts” using Microsoft Sentinel.

The little “helper” that makes the magic is my new Powershell module, AzLogDcrIngestPS (github). I have also written a blog-post about this module

You can get the whole infrastructure for ClientInspector up and running within 10 min using the DeploymentKit for ClientInspector (github).

Video 3m 01s – Dashboards

Quick Links

What data is being collected ?
Desired State Dashboards – How to get insight of my environment from the data ?
How do I query the data? – Kusto (KQL) is the answer
Architecture, Schema & Networking
Running ClientInspector.ps1 – 3 modes
Sample output of ClientInspector
Layout of ClientInspector data-set
Verbose-mode & More help
Cost – How much does it cost to store these data ?

Videos of solution

Video 3m 19s – Running ClientInspector using commandline (normal mode)
Video 1m 40s – Automatic creation of 2 tables & DCRs (verbose mode)
Video 1m 37s – Automatic creation of 2 tables & DCRs (normal mode)
Video 1m 34s – See schema of DCR and table)
Video 2m 19s – Data manipulation
Video 1m 58s – Kusto queries against data
Video 3m 01s – Dashboards
Video 0m 48s – Sample usage of data – lookup against Lenovo warranty db
Video 7m 25s – Deployment via ClientInspector DeploymentKit

Archicture & flow of ClientInspector

ClientInspector (v2) is uploading the collected data into custom logs in Azure LogAnalytics workspace – using Log ingestion APIAzure Data Collection Rules (DCR) and Azure Data Collection Endpoints (DCE).

Sample Dashboards



It is important for me to state that I’m not trying to build a separate management tool, which will compete with Microsoft security and management stack.

Nothing beats Microsoft Azure/M365 management and security stack. They are rock star solutions.

But I’m really passioned about the logging capabilities and the power to bring data back from clients, servers, cloud and 3rd party systems – and getting cool valueable information out of the data.

I have a similar solution for servers – ServerInspector. Unfortunately, it is not public.

Happy hunting 😄

Big thanks – you are rock stars 🙂

Lastly, I would like to give big credits to a few people, who I have worked together with on building AzLogDcrIngestPS Powershell module and my daily work with the Azure log & viewing capabilities:

Ivan VarnitskiProgram Manager – Azure Pipeline
Evgeny TernovskyProgram Manager – Azure Pipeline
Nick KiestProgram Manager – Azure Data Collection Rules
Oren SalzbergProgram Manager – Azure LogAnalytics
Guy WildTechnical Writer – Azure LogAnalytics
John GardnerProgram Manager – Azure Workbooks
Shikha JainProgram Manager – Azure Workbooks
Ingo BringemeierPrincipal Program Manager – Azure Monitor
Shayoni SethProgram Manager – Azure Monitor Agent
Jeff WolfordProgram Manager – Azure Monitor Agent
Xema PathakProgram Manager – Azure VMInsight (integration to Azure Monitor Agent)

1 thought on “ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS”

Leave a Reply