az monitor log-analytics workspace table search-job

Manage tables for log analytics workspace search results table.

Commands

az monitor log-analytics workspace table search-job create

Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'.

az monitor log-analytics workspace table search-job create

Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'.

az monitor log-analytics workspace table search-job create --end-search-time
                                                           --name
                                                           --resource-group
                                                           --search-query
                                                           --start-search-time
                                                           --workspace-name
                                                           [--limit]
                                                           [--no-wait]
                                                           [--retention-time]
                                                           [--total-retention-time]

Examples

Create a Log Analytics workspace search result table.

az monitor log-analytics workspace table search-job create --resource-group MyResourceGroup --workspace-name MyWorkspace -n MyTable_SRCH --retention-time 45 --search-query "Heartbeat | where SourceSystem != '' | project SourceSystem" --limit 1000 --start-search-time "Sat, 28 Aug 2021 05:29:18 GMT" --end-search-time "Sat, 28 Aug 2021 08:29:18 GMT"

Required Parameters

--end-search-time

Datetime format. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--name -n

Name of the table.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--search-query

Search job query.

--start-search-time

Datetime format. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--workspace-name

Name of the Log Analytics Workspace.

Optional Parameters

--limit

Limit the search job to return up to specified number of rows.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--retention-time

The data table data retention in days, between 4 and 730. Setting this property to null will default to the workspace.

--total-retention-time

The table data total retention in days, between 4 and 2555. Setting this property to null will default to table retention.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.