Merge pull request #595 from KelvinTegelaar/dev

pull[bot] · web-flow · commit cf4279441953 · 2025-12-08T16:00:21.000Z
[pull] dev from KelvinTegelaar:dev
diff --git a/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearches.ps1 b/Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearches.ps1
@@ -19,9 +19,14 @@ function Get-CippAuditLogSearches {
 
         if ($ReadyToProcess.IsPresent) {
             Measure-CippTask -TaskName 'QueryReadyToProcess' -EventName 'CIPP.AuditLogsProfile' -Script {
-                $15MinutesAgo = (Get-Date).AddMinutes(-15).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
-                $1DayAgo = (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
-                Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "PartitionKey eq 'Search' and Tenant eq '$TenantFilter' and (CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" | Sort-Object Timestamp
+                $15MinutesAgo = (Get-Date).AddMinutes(-15).ToUniversalTime()
+                $1DayAgo = (Get-Date).AddDays(-1).ToUniversalTime()
+                Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "PartitionKey eq 'Search' and Tenant eq '$TenantFilter'" | Where-Object {
+                    $_.Timestamp -ge $1DayAgo -and (
+                        $_.CippStatus -eq 'Pending' -or
+                        ($_.CippStatus -eq 'Processing' -and $_.Timestamp -le $15MinutesAgo)
+                    )
+                } | Sort-Object Timestamp
             }
         } else {
             Measure-CippTask -TaskName 'QueryAllSearches' -EventName 'CIPP.AuditLogsProfile' -Script {
diff --git a/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1 b/Modules/CIPPCore/Public/AuditLogs/New-CIPPAuditLogSearchResultsCache.ps1
@@ -13,91 +13,111 @@ function New-CIPPAuditLogSearchResultsCache {
         [string]$TenantFilter,
         [string]$SearchId
     )
-    try {
-        $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
-        $fourHoursAgo = (Get-Date).AddHours(-4).ToUniversalTime()
-        $failedEntity = Get-CIPPAzDataTableEntity @FailedDownloadsTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId' and Timestamp ge datetime'$($fourHoursAgo.ToString('yyyy-MM-ddTHH:mm:ssZ'))'"
 
-        if ($failedEntity) {
-            $message = "Skipping search ID: $SearchId for tenant: $TenantFilter - Previous attempt failed within the last 4 hours"
-            Write-LogMessage -API 'AuditLog' -tenant $TenantFilter -message $message -Sev 'Info'
-            Write-Information $message
-            exit 0
-        }
-    } catch {
-        Write-Information "Error checking for failed downloads: $($_.Exception.Message)"
-    }
+    Measure-CippTask -TaskName 'AuditLogSearchResultsCache' -EventName 'CIPP.AuditLogsProfileRoot' -Script {
+        Measure-CippTask -TaskName 'CheckFailedDownloads' -EventName 'CIPP.AuditLogsProfile' -Script {
+            try {
+                $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
+                $fourHoursAgo = (Get-Date).AddHours(-4).ToUniversalTime()
+                $failedEntity = Get-CIPPAzDataTableEntity @FailedDownloadsTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId' and Timestamp ge datetime'$($fourHoursAgo.ToString('yyyy-MM-ddTHH:mm:ssZ'))'"
 
-    try {
-        Write-Information "Starting audit log cache process for tenant: $TenantFilter"
-        $CacheWebhooksTable = Get-CippTable -TableName 'CacheWebhooks'
-        $CacheWebhookStatsTable = Get-CippTable -TableName 'CacheWebhookStats'
-        # Check if we haven't already downloaded this search by checking the cache table
-        $searchEntity = Get-CIPPAzDataTableEntity @CacheWebhooksTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId'"
-        if ($searchEntity) {
-            Write-Information "Search ID: $SearchId already cached for tenant: $TenantFilter"
-            exit 0
+                if ($failedEntity) {
+                    $message = "Skipping search ID: $SearchId for tenant: $TenantFilter - Previous attempt failed within the last 4 hours"
+                    Write-LogMessage -API 'AuditLog' -tenant $TenantFilter -message $message -Sev 'Info'
+                    Write-Information $message
+                    exit 0
+                }
+            } catch {
+                Write-Information "Error checking for failed downloads: $($_.Exception.Message)"
+            }
         }
 
-        # Record this attempt in the FailedAuditLogDownloads table BEFORE starting the download
-        # This way, if the function is killed before completion, the record will remain
         try {
-            $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
-            $attemptId = [guid]::NewGuid().ToString()
-            $failedEntity = @{
-                RowKey       = $attemptId
-                PartitionKey = $TenantFilter
-                SearchId     = $SearchId
-                ErrorMessage = 'Download attempt in progress'
+            Write-Information "Starting audit log cache process for tenant: $TenantFilter"
+
+            Measure-CippTask -TaskName 'CheckExistingCache' -EventName 'CIPP.AuditLogsProfile' -Script {
+                $CacheWebhooksTable = Get-CippTable -TableName 'CacheWebhooks'
+                $CacheWebhookStatsTable = Get-CippTable -TableName 'CacheWebhookStats'
+                # Check if we haven't already downloaded this search by checking the cache table
+                $searchEntity = Get-CIPPAzDataTableEntity @CacheWebhooksTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId'"
+                if ($searchEntity) {
+                    Write-Information "Search ID: $SearchId already cached for tenant: $TenantFilter"
+                    exit 0
+                }
             }
-            Add-CIPPAzDataTableEntity @FailedDownloadsTable -Entity $failedEntity -Force
-            Write-Information "Recorded download attempt for search ID: $SearchId, tenant: $TenantFilter"
-        } catch {
-            Write-Information "Failed to record download attempt: $($_.Exception.Message)"
-        }
 
-        $downloadStartTime = Get-Date
-        try {
-            Write-Information "Processing search ID: $($SearchId) for tenant: $TenantFilter"
-            $searchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
-            foreach ($searchResult in $searchResults) {
-                $cacheEntity = @{
-                    RowKey       = $searchResult.id
-                    PartitionKey = $TenantFilter
-                    SearchId     = $SearchId
-                    JSON         = [string]($searchResult | ConvertTo-Json -Depth 10)
+            # Record this attempt in the FailedAuditLogDownloads table BEFORE starting the download
+            # This way, if the function is killed before completion, the record will remain
+            Measure-CippTask -TaskName 'RecordDownloadAttempt' -EventName 'CIPP.AuditLogsProfile' -Script {
+                try {
+                    $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
+                    $attemptId = [guid]::NewGuid().ToString()
+                    $failedEntity = @{
+                        RowKey       = $attemptId
+                        PartitionKey = $TenantFilter
+                        SearchId     = $SearchId
+                        ErrorMessage = 'Download attempt in progress'
+                    }
+                    Add-CIPPAzDataTableEntity @FailedDownloadsTable -Entity $failedEntity -Force
+                    Write-Information "Recorded download attempt for search ID: $SearchId, tenant: $TenantFilter"
+                } catch {
+                    Write-Information "Failed to record download attempt: $($_.Exception.Message)"
                 }
-                Add-CIPPAzDataTableEntity @CacheWebhooksTable -Entity $cacheEntity -Force
             }
-            Write-Information "Successfully cached search ID: $($SearchId) for tenant: $TenantFilter"
-            try {
-                $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
-                $failedEntities = Get-CIPPAzDataTableEntity @FailedDownloadsTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId'"
-                if ($failedEntities) {
-                    Remove-AzDataTableEntity @FailedDownloadsTable -Entity $failedEntities -Force
-                    Write-Information "Removed failed download records for search ID: $SearchId, tenant: $TenantFilter"
+
+            $downloadStartTime = Get-Date
+            Measure-CippTask -TaskName 'DownloadAndCacheResults' -EventName 'CIPP.AuditLogsProfile' -Script {
+                try {
+                    Write-Information "Processing search ID: $($SearchId) for tenant: $TenantFilter"
+                    $searchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
+                    foreach ($searchResult in $searchResults) {
+                        $cacheEntity = @{
+                            RowKey       = $searchResult.id
+                            PartitionKey = $TenantFilter
+                            SearchId     = $SearchId
+                            JSON         = [string]($searchResult | ConvertTo-Json -Depth 10)
+                        }
+                        Add-CIPPAzDataTableEntity @CacheWebhooksTable -Entity $cacheEntity -Force
+                    }
+                    Write-Information "Successfully cached search ID: $($SearchId) for tenant: $TenantFilter"
+
+                    Measure-CippTask -TaskName 'RemoveFailedRecord' -EventName 'CIPP.AuditLogsProfile' -Script {
+                        try {
+                            $FailedDownloadsTable = Get-CippTable -TableName 'FailedAuditLogDownloads'
+                            $failedEntities = Get-CIPPAzDataTableEntity @FailedDownloadsTable -Filter "PartitionKey eq '$TenantFilter' and SearchId eq '$SearchId'"
+                            if ($failedEntities) {
+                                Remove-AzDataTableEntity @FailedDownloadsTable -Entity $failedEntities -Force
+                                Write-Information "Removed failed download records for search ID: $SearchId, tenant: $TenantFilter"
+                            }
+                        } catch {
+                            Write-Information "Failed to remove download attempt record: $($_.Exception.Message)"
+                        }
+                    }
+
+                    $searchResults
+                } catch {
+                    throw $_
                 }
-            } catch {
-                Write-Information "Failed to remove download attempt record: $($_.Exception.Message)"
             }
-        } catch {
-            throw $_
-        }
 
-        $downloadEndTime = Get-Date
-        $downloadSeconds = ($downloadEndTime - $downloadStartTime).TotalSeconds
+            $downloadEndTime = Get-Date
+            $downloadSeconds = ($downloadEndTime - $downloadStartTime).TotalSeconds
+
+            Measure-CippTask -TaskName 'RecordStats' -EventName 'CIPP.AuditLogsProfile' -Script {
+                $statsEntity = @{
+                    RowKey       = $TenantFilter
+                    PartitionKey = 'Stats'
+                    DownloadSecs = [string]$downloadSeconds
+                    SearchCount  = [string]($searchResults ? $searchResults.Count : 0)
+                }
+                Add-CIPPAzDataTableEntity @CacheWebhookStatsTable -Entity $statsEntity -Force
+                Write-Information "Completed audit log cache process for tenant: $TenantFilter. Download time: $downloadSeconds seconds"
+            }
 
-        $statsEntity = @{
-            RowKey       = $TenantFilter
-            PartitionKey = 'Stats'
-            DownloadSecs = [string]$downloadSeconds
-            SearchCount  = [string]($searchResults ? $searchResults.Count : 0)
+            return ($searchResults ? $searchResults.Count : 0)
+        } catch {
+            Write-Information "Error in New-CIPPAuditLogSearchResultsCache for tenant: $TenantFilter. Error: $($_.Exception.Message)"
+            throw $_
         }
-        Add-CIPPAzDataTableEntity @CacheWebhookStatsTable -Entity $statsEntity -Force
-        Write-Information "Completed audit log cache process for tenant: $TenantFilter. Download time: $downloadSeconds seconds"
-        return ($searchResults ? $searchResults.Count : 0)
-    } catch {
-        Write-Information "Error in New-CIPPAuditLogSearchResultsCache for tenant: $TenantFilter. Error: $($_.Exception.Message)"
-        throw $_
     }
 }
