New-AzureRmOperationalInsightsWindowsEventDataSource

Collects event logs from computers that run the Windows operating system.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

New-AzureRmOperationalInsightsWindowsEventDataSource
   [-ResourceGroupName] <String>
   [-WorkspaceName] <String>
   [-Name] <String>
   [-EventLogName] <String>
   [-CollectErrors]
   [-CollectWarnings]
   [-CollectInformation]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzureRmOperationalInsightsWindowsEventDataSource
   [-Workspace] <PSWorkspace>
   [-Name] <String>
   [-EventLogName] <String>
   [-CollectErrors]
   [-CollectWarnings]
   [-CollectInformation]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzureRmOperationalInsightsWindowsEventDataSource cmdlet adds a data source that collects Windows event logs from connected computers that run the Windows operating system in Azure Operational Insights.

Parameters

-CollectErrors

Indicates that Operational Insights collects error messages.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CollectInformation

Indicates that Operational Insights collects information messages.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CollectWarnings

Indicates that Operational Insights collects warning messages.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EventLogName

Specifies the name of the event log.

Type:String
Position:4
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a name for the data source.

Type:String
Position:3
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of a resource group that contains computers.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Workspace

Specifies a workspace in which this cmdlet operates.

Type:PSWorkspace
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WorkspaceName

Specifies the name of a workspace in which this cmdlet operates.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

PSWorkspace

Parameters: Workspace (ByValue)

String

Outputs

PSDataSource