az monitor log-analytics
Note
This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.
Manage Azure log analytics.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor log-analytics cluster |
Manage Azure log analytics cluster. |
Core | GA |
| az monitor log-analytics cluster create |
Create a cluster instance. |
Core | GA |
| az monitor log-analytics cluster delete |
Delete a cluster instance. |
Core | GA |
| az monitor log-analytics cluster list |
List all cluster instances in a resource group or in current subscription. |
Core | GA |
| az monitor log-analytics cluster show |
Show the properties of a cluster instance. |
Core | GA |
| az monitor log-analytics cluster update |
Update a cluster instance. |
Core | GA |
| az monitor log-analytics cluster wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az monitor log-analytics query |
Query a Log Analytics workspace. |
Extension | GA |
| az monitor log-analytics query-pack |
Manage Azure log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack create |
Create a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack delete |
Delete a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack list |
List of all log analytics query packs. |
Core | Preview |
| az monitor log-analytics query-pack query |
Manage the query of log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack query create |
Create a specific query within a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack query delete |
Delete a specific query defined within a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack query list |
List queries defined within a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack query search |
Search a list of queries defined within a log analytics query pack according to given search properties. |
Core | Preview |
| az monitor log-analytics query-pack query show |
Show a specific query defined within a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack query update |
Update a specific query within a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack show |
Show a log analytics query pack. |
Core | Preview |
| az monitor log-analytics query-pack update |
Update a log analytics query pack. |
Core | Preview |
| az monitor log-analytics solution |
Commands to manage monitor log-analytics solution. |
Extension | GA |
| az monitor log-analytics solution create |
Create the Solution. |
Extension | GA |
| az monitor log-analytics solution delete |
Delete the solution in the subscription. |
Extension | GA |
| az monitor log-analytics solution list |
List the solution list. It will retrieve both first party and third party solutions. |
Extension | GA |
| az monitor log-analytics solution show |
Get the user solution. |
Extension | GA |
| az monitor log-analytics solution update |
Update a Solution. Only updating tags supported. |
Extension | GA |
| az monitor log-analytics solution wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
| az monitor log-analytics workspace |
Manage Azure log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace create |
Create a workspace instance. |
Core | GA |
| az monitor log-analytics workspace data-export |
Manage data export ruls for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace data-export create |
Create a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export delete |
Delete a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export list |
List all data export ruleses for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export show |
Show a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export update |
Update a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace delete |
Deletes a workspace resource. |
Core | GA |
| az monitor log-analytics workspace get-schema |
Get the schema for a given workspace. |
Core | GA |
| az monitor log-analytics workspace get-shared-keys |
Get the shared keys for a workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service |
Manage linked service for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service create |
Create a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service delete |
Delete a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service list |
Get all the linked services in a workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service show |
Show the properties of a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service update |
Update a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az monitor log-analytics workspace linked-storage |
Manage linked storage account for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage add |
Add some linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage create |
Create some linked storage accounts for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage delete |
Delete all linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage list |
List all linked storage accounts for a log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage remove |
Remove some linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage show |
Show all linked storage accounts with specific data source type for a log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace list |
Get a list of workspaces under a resource group or a subscription. |
Core | GA |
| az monitor log-analytics workspace list-available-service-tier |
List the available service tiers for the workspace. |
Core | GA |
| az monitor log-analytics workspace list-deleted-workspaces |
Get a list of deleted workspaces that can be recovered in a subscription or a resource group. |
Core | GA |
| az monitor log-analytics workspace list-link-target |
List a list of workspaces which the current user has administrator privileges and are not associated with an Azure Subscription. |
Core | GA |
| az monitor log-analytics workspace list-management-groups |
Get a list of management groups connected to a workspace. |
Core | GA |
| az monitor log-analytics workspace list-usages |
Get a list of usage metrics for a workspace. |
Core | GA |
| az monitor log-analytics workspace pack |
Manage intelligent packs for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace pack disable |
Disable an intelligence pack for a given workspace. |
Core | GA |
| az monitor log-analytics workspace pack enable |
Enable an intelligence pack for a given workspace. |
Core | GA |
| az monitor log-analytics workspace pack list |
List all the intelligence packs possible and whether they are enabled or disabled for a given workspace. |
Core | GA |
| az monitor log-analytics workspace recover |
Recover a workspace in a soft-delete state within 14 days. |
Core | GA |
| az monitor log-analytics workspace saved-search |
Manage saved search for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search create |
Create a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search delete |
Delete a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search list |
List all saved searches for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search show |
Show a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search update |
Update a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace show |
Show a workspace instance. |
Core | GA |
| az monitor log-analytics workspace table |
Manage tables for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace table create |
Create a Log Analytics workspace microsoft/custom log table. The table name needs to end with '_CL'. |
Core | GA |
| az monitor log-analytics workspace table delete |
Delete a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table list |
List all the tables for the given Log Analytics workspace. |
Core | GA |
| az monitor log-analytics workspace table migrate |
Migrate a Log Analytics table from support of the Data Collector API and Custom Fields features to support of Data Collection Rule-based Custom Logs. |
Core | GA |
| az monitor log-analytics workspace table restore |
Manage tables for log analytics workspace restore logs table. |
Core | GA |
| az monitor log-analytics workspace table restore create |
Create a Log Analytics workspace restore logs table. The table name needs to end with '_RST'. |
Core | GA |
| az monitor log-analytics workspace table search-job |
Manage tables for log analytics workspace search results table. |
Core | GA |
| az monitor log-analytics workspace table search-job cancel |
Cancel a log analytics workspace search results table query run. |
Core | GA |
| az monitor log-analytics workspace table search-job create |
Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'. |
Core | GA |
| az monitor log-analytics workspace table show |
Get a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table update |
Update the properties of a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az monitor log-analytics workspace update |
Update a workspace instance. |
Core | GA |
| az monitor log-analytics workspace wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az monitor log-analytics query
Query a Log Analytics workspace.
az monitor log-analytics query --analytics-query
--workspace
[--timespan]
[--workspaces]Examples
Execute a simple query over past 3.5 days.
az monitor log-analytics query -w workspace-customId --analytics-query "AzureActivity | summarize count() by bin(timestamp, 1h)" -t P3DT12HExecute a saved query in workspace
QUERY=$(az monitor log-analytics workspace saved-search show -g resource-group --workspace-name workspace-name -n query-name --query query --output tsv)
az monitor log-analytics query -w workspace-customId --analytics-query "$QUERY"Required Parameters
Query to execute over Log Analytics data.
GUID of the Log Analytics Workspace.
Optional Parameters
Timespan over which to query. Defaults to querying all available data.
Additional workspaces to union data for querying. Specify additional workspace IDs separated by space.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for