az monitor data-collection rule
Note
This reference is part of the monitor-control-service extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az monitor data-collection rule command. Learn more about extensions.
Manage data collection rule for monitor control service.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor data-collection rule association |
Manage data collection rule association for monitor control service. |
Extension | GA |
| az monitor data-collection rule association create |
Create an association. |
Extension | GA |
| az monitor data-collection rule association delete |
Delete an association. |
Extension | GA |
| az monitor data-collection rule association list |
List associations for the specified data collection rule. And Lists associations for the specified resource. |
Extension | GA |
| az monitor data-collection rule association show |
Return the specified association. |
Extension | GA |
| az monitor data-collection rule association update |
Update an association. |
Extension | GA |
| az monitor data-collection rule create |
Create a data collection rule. |
Extension | GA |
| az monitor data-collection rule data-flow |
Manage data flows. |
Extension | GA |
| az monitor data-collection rule data-flow add |
Add a data flow. |
Extension | GA |
| az monitor data-collection rule data-flow list |
List data flows. |
Extension | GA |
| az monitor data-collection rule delete |
Deletes a data collection rule. |
Extension | GA |
| az monitor data-collection rule list |
List all data collection rules in the specified resource group. And Lists all data collection rules in the specified subscription. |
Extension | GA |
| az monitor data-collection rule log-analytics |
Manage Log Analytics destinations. |
Extension | GA |
| az monitor data-collection rule log-analytics add |
Add Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics delete |
Delete a Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics list |
List Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics show |
Show a Log Analytics destination of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics update |
Update a Log Analytics destination of a data collection rule. |
Extension | GA |
| az monitor data-collection rule performance-counter |
Manage Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter add |
Add a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter delete |
Delete a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter list |
List Log performance counter data sources. |
Extension | GA |
| az monitor data-collection rule performance-counter show |
Show a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter update |
Update a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule show |
Return the specified data collection rule. |
Extension | GA |
| az monitor data-collection rule syslog |
Manage Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog add |
Add a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog delete |
Delete a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog list |
List Syslog data sources. |
Extension | GA |
| az monitor data-collection rule syslog show |
Show a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog update |
Update a Syslog data source. |
Extension | GA |
| az monitor data-collection rule update |
Update a data collection rule. |
Extension | GA |
| az monitor data-collection rule windows-event-log |
Manage Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log add |
Add a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log delete |
Delete a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log list |
List Windows Event Log data sources. |
Extension | GA |
| az monitor data-collection rule windows-event-log show |
Show a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log update |
Update a Windows Event Log data source. |
Extension | GA |
az monitor data-collection rule create
Create a data collection rule.
az monitor data-collection rule create --name
--resource-group
--rule-file
[--description]
[--location]
[--tags]Examples
Create data collection rule
az monitor data-collection rule create --resource-group "myResourceGroup" --location "eastus" --name "myCollectionRule" --rule-file "C:\samples\dcrEx1.json"Required Parameters
The name of the data collection rule. The name is case insensitive.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The json file for rule parameters.
Usage: --rule-file sample.json rule json file should be rule parameters organized as json format, like below: { "properties": { "destinations": { "azureMonitorMetrics": { "name": "azureMonitorMetrics-default" } }, "dataFlows": [ { "streams": [ "Microsoft-InsightsMetrics" ], "destinations": [ "azureMonitorMetrics-default" ] } ] } }.
Optional Parameters
Description of the data collection rule.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule delete
Deletes a data collection rule.
az monitor data-collection rule delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--yes]Examples
Delete data collection rule
az monitor data-collection rule delete --name "myCollectionRule" --resource-group "myResourceGroup"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the data collection rule. The name is case insensitive.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule list
List all data collection rules in the specified resource group. And Lists all data collection rules in the specified subscription.
az monitor data-collection rule list [--resource-group]Examples
List data collection rules by resource group
az monitor data-collection rule list --resource-group "myResourceGroup"List data collection rules by subscription
az monitor data-collection rule listOptional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule show
Return the specified data collection rule.
az monitor data-collection rule show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get data collection rule
az monitor data-collection rule show --name "myCollectionRule" --resource-group "myResourceGroup"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the data collection rule. The name is case insensitive.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor data-collection rule update
Update a data collection rule.
az monitor data-collection rule update [--data-flows]
[--description]
[--extensions]
[--ids]
[--log-analytics]
[--monitor-metrics]
[--name]
[--performance-counters]
[--resource-group]
[--subscription]
[--syslog]
[--tags]
[--windows-event-logs]Examples
Update data collection rule
az monitor data-collection rule update --resource-group "myResourceGroup" --name "myCollectionRule" --data-flows destinations="centralWorkspace" streams="Microsoft-Perf" streams="Microsoft-Syslog" streams="Microsoft-WindowsEvent" --log-analytics name="centralWorkspace" resource-id="/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace" --performance-counters name="appTeamExtraCounters" counter-specifiers="\\Process(_Total)\\Thread Count" sampling-frequency=30 streams="Microsoft-Perf" --syslog name="cronSyslog" facility-names="cron" log-levels="Debug" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --windows-event-logs name="cloudSecurityTeamEvents" streams="Microsoft-WindowsEvent" x-path-queries="Security!"Optional Parameters
The specification of data flows.
Usage: --data-flows streams=XX1 streams=XX2 destinations=XX1 destinations=XX2
streams: Required. List of streams for this data flow. destinations: Required. List of destinations for this data flow.
Multiple actions can be specified by using more than one --data-flows argument.
Description of the data collection rule.
The list of Azure VM extension data source configurations. Expected value: json-string/@json-file.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
List of Log Analytics destinations.
Usage: --log-analytics resource-id=XX name=XX
resource-id: Required. The resource ID of the Log Analytics workspace. name: Required. A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.
Multiple actions can be specified by using more than one --log-analytics argument.
Azure Monitor Metrics destination.
Usage: --monitor-metrics name=XX
name: Required. A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.
The name of the data collection rule. The name is case insensitive.
The list of performance counter data source configurations.
Usage: --performance-counters streams=XX1 streams=XX2 sampling-frequency=XX counter-specifiers=XX1 counter-specifiers=XX2 name=XX
streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. sampling-frequency: Required. The number of seconds between consecutive counter measurements (samples). counter-specifiers: Required. A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command 'typeperf'. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Multiple actions can be specified by using more than one --performance-counters argument.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The list of Syslog data source configurations.
Usage: --syslog streams=XX1 streams=XX2 facility-names=XX1 facility-names=XX2 log-levels=XX1 log-levels=XX2 name=XX
streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. facility-names: Required. The list of facility names. log-levels: The log levels to collect. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Multiple actions can be specified by using more than one --syslog argument.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The list of Windows Event Log data source configurations.
Usage: --windows-event-logs streams=XX1 streams=XX2 x-path-queries=XX1 x-path-queries=XX2 name=XX
streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. x-path-queries: Required. A list of Windows Event Log queries in XPATH format. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Multiple actions can be specified by using more than one --windows-event-logs argument.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Submit and view feedback for