az monitor data-collection rule windows-event-log
Note
This reference is part of the monitor-control-service extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az monitor data-collection rule windows-event-log command. Learn more about extensions.
Manage Windows Event Log data source.
Commands
| az monitor data-collection rule windows-event-log add |
Add a Windows Event Log data source. |
| az monitor data-collection rule windows-event-log delete |
Delete a Windows Event Log data source. |
| az monitor data-collection rule windows-event-log list |
List Windows Event Log data sources. |
| az monitor data-collection rule windows-event-log show |
Show a Windows Event Log data source. |
| az monitor data-collection rule windows-event-log update |
Update a Windows Event Log data source. |
az monitor data-collection rule windows-event-log add
Add a Windows Event Log data source.
az monitor data-collection rule windows-event-log add --name
--resource-group
--rule-name
--streams {Microsoft-Event, Microsoft-WindowsEvent}
--x-path-queriesExamples
Add a Windows Event Log data source
az monitor data-collection rule windows-event-log add --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "appTeam1AppEvents" --streams "Microsoft-WindowsEvent" --x-path-queries "Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]" "System![System[(Level = 1 or Level = 2 or Level = 3)]]"Required Parameters
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the data collection rule. The name is case insensitive.
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.
A list of Windows Event Log queries in XPATH format.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule windows-event-log delete
Delete a Windows Event Log data source.
az monitor data-collection rule windows-event-log delete --name
--resource-group
--rule-nameExamples
Delete a Windows Event Log data source
az monitor data-collection rule windows-event-log delete --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "appTeam1AppEvents"Required Parameters
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the data collection rule. The name is case insensitive.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule windows-event-log list
List Windows Event Log data sources.
az monitor data-collection rule windows-event-log list --resource-group
--rule-nameExamples
List Windows Event Log data sources
az monitor data-collection rule windows-event-log list --rule-name "myCollectionRule" --resource-group "myResourceGroup"Required Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the data collection rule. The name is case insensitive.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule windows-event-log show
Show a Windows Event Log data source.
az monitor data-collection rule windows-event-log show --name
--resource-group
--rule-nameExamples
Show a Windows Event Log data source
az monitor data-collection rule windows-event-log show --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "appTeam1AppEvents"Required Parameters
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the data collection rule. The name is case insensitive.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule windows-event-log update
Update a Windows Event Log data source.
az monitor data-collection rule windows-event-log update --name
--resource-group
--rule-name
[--streams {Microsoft-Event, Microsoft-WindowsEvent}]
[--x-path-queries]Examples
Update a Windows Event Log data source
az monitor data-collection rule windows-event-log update --rule-name "myCollectionRule" --resource-group "myResourceGroup" --name "appTeam1AppEvents" --x-path-queries "Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"Required Parameters
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the data collection rule. The name is case insensitive.
Optional Parameters
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.
A list of Windows Event Log queries in XPATH format.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
الملاحظات
إرسال الملاحظات وعرضها المتعلقة بـ