New-AzOperationalInsightsWindowsEventDataSource

Collects event logs from computers that run the Windows operating system.

Syntax

New-AzOperationalInsightsWindowsEventDataSource
   [-ResourceGroupName] <String>
   [-WorkspaceName] <String>
   [-Name] <String>
   [-EventLogName] <String>
   [-CollectErrors]
   [-CollectWarnings]
   [-CollectInformation]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzOperationalInsightsWindowsEventDataSource
   [-Workspace] <PSWorkspace>
   [-Name] <String>
   [-EventLogName] <String>
   [-CollectErrors]
   [-CollectWarnings]
   [-CollectInformation]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzOperationalInsightsWindowsEventDataSource cmdlet adds a data source that collects Windows event logs from connected computers that run the Windows operating system in Azure Operational Insights.

Examples

Example 1: Create system Windows event data source

$EventLogNames       = @()
$EventLogNames      += 'Directory Service'
$EventLogNames      += 'Microsoft-Windows-EventCollector/Operational'
$EventLogNames      += 'System'
$ResourceGroupName   = 'MyResourceGroup'
$WorkspaceName       = 'MyWorkspaceName'

$Count = 0
foreach ($EventLogName in $EventLogNames) {
    $Count++
    $null = New-AzOperationalInsightsWindowsEventDataSource `
    -ResourceGroupName $ResourceGroupName `
    -WorkspaceName $WorkspaceName `
    -Name "Windows-event-$($Count)" `
    -EventLogName $EventLogName `
    -CollectErrors `
    -CollectWarnings `
    -CollectInformation
}

Get-AzOperationalInsightsDataSource `
   -ResourceGroupName $ResourceGroupName `
   -WorkspaceName $WorkspaceName `
   -Kind 'WindowsEvent'

Parameters

-CollectErrors

Indicates that Operational Insights collects error messages.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CollectInformation

Indicates that Operational Insights collects information messages.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CollectWarnings

Indicates that Operational Insights collects warning messages.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EventLogName

Specifies the name of the event log.

Type:String
Position:4
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Name

Specifies a name for the data source. The name is not exposed in the Azure Portal and any string can be used as long as it is unique.

Type:String
Position:3
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-ResourceGroupName

Specifies the name of a resource group that contains computers.

Type:String
Position:1
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Workspace

Specifies a workspace in which this cmdlet operates.

Type:PSWorkspace
Position:0
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-WorkspaceName

Specifies the name of a workspace in which this cmdlet operates.

Type:String
Position:2
Default value:None
Accept pipeline input:True
Accept wildcard characters:False

Inputs

PSWorkspace

String

Outputs

PSDataSource