Share via

Set total retention period for one or more tables

Nikhil Padma 0 Reputation points
2024-06-18T18:39:12.59+00:00

Hi,

I am trying to set the total retention time for one or more log tables using the command az monitor log-analytics workspace table update --subscription <subscription id> --resource-group sentinel --workspace-name <name> --name AppEvents AppExceptions --retention-time -1 --total-retention-time 365 but it fails when i specify two or more tables but works when i specify one. May i know if there is any command to specify all the tables at once.

Thanks,
Nikhil

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,037 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 22,891 Reputation points Microsoft Employee
    2024-06-18T20:23:52.2866667+00:00

    Hi @Nikhil Padma , you'll need to set each table separately or loop through them all, something like this:

    $tables = "AppEvents", "AppExceptions"

foreach ($table in $tables) {
    Update-AzOperationalInsightsTable `
        -ResourceGroupName sentinel `
        -WorkspaceName <name> `
        -TableName $table `
        -RetentionInDays -1 `
        -TotalRetentionInDays 365
}

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James