Hi,
I have policy that configures resource diagnostic setting on to Log Analytics Workspace. When I check resource compliance state from policy, it says "non-compliant" with following error message
If I then try to create remediation task, it will also fail with following
Failed to update diagnostics for 'monitoringdemo'.
{
"code":"Conflict",
"message": "Data sink '/subscriptions/<id>/resourceGroups/<rg>/providers/Microsoft.EventHub/namespaces/<ns>/authorizationrules/RootManageSharedAccessKey'
is already used in diagnostic setting 'monitoring' for category 'AppExceptions'.
Data sinks can't be reused in different settings on the same category for the same resource."
}.
I understand that it means that I cannot create multiple diagnostic settings with same category targeting same destination. And in event hub scenario it includes authorizationrules/<your access key> part.
In mine case someone has already enabled diagnostic settings (manually) for X resource but with wrong name but to right Log Analytics and because name is wrong, it is "non-compliant".
Could I maybe add something to the policy so it would overdrive existing name / settings to the right ones or can I delete something from policy that it check only that right Log Analytics is there without taking a notice for the name (so name could be XXXXX but it is compliant if the right Log Analytics is specified).
We can take as example build in policy (KeyVault_DeployDiagnosticLog_Deploy_LogAnalytics.json)