az monitor log-analytics workspace saved-search
Manage saved search for log analytics workspace.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor log-analytics workspace saved-search create |
Create a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search delete |
Delete a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search list |
List all saved searches for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search show |
Show a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search update |
Update a saved search for a given workspace. |
Core | GA |
az monitor log-analytics workspace saved-search create
Create a saved search for a given workspace.
az monitor log-analytics workspace saved-search create --category
--display-name
--name
--resource-group
--saved-query
--workspace-name
[--fa --func-alias]
[--fp --func-param]
[--tags]Examples
Create a saved search for a given workspace.
az monitor log-analytics workspace saved-search create -g MyRG --workspace-name MyWS -n MySavedSearch --category Test1 --display-name TestSavedSearch -q "AzureActivity | summarize count() by bin(TimeGenerated, 1h)" --fa myfun --fp "a:string = value"Required Parameters
The category of the saved search. This helps the user to find a saved search faster.
Display name of the saved search.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The query expression for the saved search.
Name of the Log Analytics Workspace.
Optional Parameters
Function Aliases are short names given to Saved Searches so they can be easily referenced in query. They are required for Computer Groups.
The optional function parameters if query serves as a function. Value should be in the following format: 'param-name1:type1 = default_value1, param-name2:type2 = default_value2'. For more examples and proper syntax please refer to https://learn.microsoft.com/azure/kusto/query/functions/user-defined-functions.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace saved-search delete
Delete a saved search for a given workspace.
az monitor log-analytics workspace saved-search delete [--ids]
[--name --saved-search-name]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace saved-search list
List all saved searches for a given workspace.
az monitor log-analytics workspace saved-search list --resource-group
--workspace-nameRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace saved-search show
Show a saved search for a given workspace.
az monitor log-analytics workspace saved-search show [--ids]
[--name --saved-search-name]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace saved-search update
Update a saved search for a given workspace.
az monitor log-analytics workspace saved-search update --name
--resource-group
--workspace-name
[--category]
[--display-name]
[--fa --func-alias]
[--fp --func-param]
[--saved-query]
[--tags]Examples
Update a saved search for a given workspace.
az monitor log-analytics workspace saved-search update -g MyRG --workspace-name MyWS -n MySavedSearch --category Test1 --display-name TestSavedSearch -q "AzureActivity | summarize count() by bin(TimeGenerated, 1h)" --fa myfun --fp "a:string = value"Required Parameters
Name of the saved search and it's unique in a given workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name of the Log Analytics Workspace.
Optional Parameters
The category of the saved search. This helps the user to find a saved search faster.
Display name of the saved search.
Function Aliases are short names given to Saved Searches so they can be easily referenced in query. They are required for Computer Groups.
The optional function parameters if query serves as a function. Value should be in the following format: 'param-name1:type1 = default_value1, param-name2:type2 = default_value2'. For more examples and proper syntax please refer to https://learn.microsoft.com/azure/kusto/query/functions/user-defined-functions.
The query expression for the saved search.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
