az monitor log-analytics workspace saved-search
Manage saved search for log analytics workspace.
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor log-analytics workspace saved-search create |
Create a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search delete |
Delete a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search list |
List all saved searches for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search show |
Show a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search update |
Update a saved search for a given workspace. |
Core | GA |
Create a saved search for a given workspace.
az monitor log-analytics workspace saved-search create --category
--display-name
--name
--resource-group
--saved-query
--workspace-name
[--fa]
[--fp]
[--tags]Create a saved search for a given workspace.
az monitor log-analytics workspace saved-search create -g MyRG --workspace-name MyWS -n MySavedSearch --category Test1 --display-name TestSavedSearch -q "AzureActivity | summarize count() by bin(TimeGenerated, 1h)" --fa myfun --fp "a:string = value"The category of the saved search. This helps the user to find a saved search faster.
Display name of the saved search.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The query expression for the saved search.
Name of the Log Analytics Workspace.
Function Aliases are short names given to Saved Searches so they can be easily referenced in query. They are required for Computer Groups.
The optional function parameters if query serves as a function. Value should be in the following format: 'param-name1:type1 = default_value1, param-name2:type2 = default_value2'. For more examples and proper syntax please refer to https://learn.microsoft.com/azure/kusto/query/functions/user-defined-functions.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Delete a saved search for a given workspace.
az monitor log-analytics workspace saved-search delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
List all saved searches for a given workspace.
az monitor log-analytics workspace saved-search list --resource-group
--workspace-nameName of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Show a saved search for a given workspace.
az monitor log-analytics workspace saved-search show [--ids]
[--name]
[--resource-group]
[--subscription]
[--workspace-name]One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Update a saved search for a given workspace.
az monitor log-analytics workspace saved-search update --name
--resource-group
--workspace-name
[--category]
[--display-name]
[--fa]
[--fp]
[--saved-query]
[--tags]Update a saved search for a given workspace.
az monitor log-analytics workspace saved-search update -g MyRG --workspace-name MyWS -n MySavedSearch --category Test1 --display-name TestSavedSearch -q "AzureActivity | summarize count() by bin(TimeGenerated, 1h)" --fa myfun --fp "a:string = value"Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name of the Log Analytics Workspace.
The category of the saved search. This helps the user to find a saved search faster.
Display name of the saved search.
Function Aliases are short names given to Saved Searches so they can be easily referenced in query. They are required for Computer Groups.
The optional function parameters if query serves as a function. Value should be in the following format: 'param-name1:type1 = default_value1, param-name2:type2 = default_value2'. For more examples and proper syntax please refer to https://learn.microsoft.com/azure/kusto/query/functions/user-defined-functions.
The query expression for the saved search.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI feedback
Azure CLI is an open source project. Select a link to provide feedback: