New-AzOperationalInsightsAzureActivityLogDataSource

Collect Azure Activity log from given subscription.

Syntax

New-AzOperationalInsightsAzureActivityLogDataSource
   [-ResourceGroupName] <String>
   [-WorkspaceName] <String>
   [-Name] <String>
   [-SubscriptionId] <String>
   [-BackfillStartTime <DateTimeOffset>]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzOperationalInsightsAzureActivityLogDataSource
   [-Workspace] <PSWorkspace>
   [-Name] <String>
   [-SubscriptionId] <String>
   [-BackfillStartTime <DateTimeOffset>]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzOperationalInsightsAzureActivityLogDataSource cmdlet enables Log Analytics to collect Azure activity log from given subscription.

Examples

Example 1

New-AzOperationalInsightsAzureActivityLogDataSource -ResourceGroupName testrg -WorkspaceName LogAnalyticsworkspace -Name test -SubscriptionId 0b1f6471-1bf0-4dda-aec3-cb9272f09590

Name              : test
ResourceGroupName : testrg
WorkspaceName     : LogAnalyticsworkspace
ResourceId        : /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/testrg/providers/Microsoft.OperationalInsights/workspaces/LogAnalyticsworkspace/datasources/test
Kind              : AzureActivityLog
Properties        : {"linkedResourceId":"/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/providers/microsoft.insights/eventtypes/management","backfillStartTime":"0001-01-01T00:00:00+00:00"}

This command enables Log Analytics to collect Azure activity log from given subscription.

Parameters

-BackfillStartTime

You can choose to backfill logs from a week ago.

Type:DateTimeOffset
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Type:String
Position:3
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-SubscriptionId

Type:String
Position:4
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Workspace

Type:PSWorkspace
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WorkspaceName

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

Inputs

PSWorkspace

String

DateTimeOffset

Outputs

PSDataSource