az monitor log-analytics workspace

Manage Azure log analytics workspace.

Commands

Name	Description	Type	Status
az monitor log-analytics workspace create	Create a workspace instance.	Core	GA
az monitor log-analytics workspace data-export	Manage data export ruls for log analytics workspace.	Core	GA
az monitor log-analytics workspace data-export create	Create a data export rule for a given workspace.	Core	GA
az monitor log-analytics workspace data-export delete	Delete a data export rule for a given workspace.	Core	GA
az monitor log-analytics workspace data-export list	List all data export ruleses for a given workspace.	Core	GA
az monitor log-analytics workspace data-export show	Show a data export rule for a given workspace.	Core	GA
az monitor log-analytics workspace data-export update	Update a data export rule for a given workspace.	Core	GA
az monitor log-analytics workspace delete	Deletes a workspace resource.	Core	GA
az monitor log-analytics workspace failback	Deactivates failover for the specified workspace.The failback operation is asynchronous and can take up to 30 minutes to complete.The status of the operation can be checked using the operationId returned in the response.	Core	GA
az monitor log-analytics workspace failover	Activates failover for the specified workspace.The specified replication location must match the location of the enabled replication for this workspace.The failover operation is asynchronous and can take up to 30 minutes to complete.The status of the operation can be checked using the operationId returned in the response.	Core	GA
az monitor log-analytics workspace get-schema	Get the schema for a given workspace.	Core	GA
az monitor log-analytics workspace get-shared-keys	Get the shared keys for a workspace.	Core	GA
az monitor log-analytics workspace identity	Manage Identity.	Core	GA
az monitor log-analytics workspace identity assign	Assign the user or system managed identities.	Core	GA
az monitor log-analytics workspace identity remove	Remove the user or system managed identities.	Core	GA
az monitor log-analytics workspace identity show	Show the details of managed identities.	Core	GA
az monitor log-analytics workspace identity wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az monitor log-analytics workspace linked-service	Manage linked service for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-service create	Create a linked service.	Core	GA
az monitor log-analytics workspace linked-service delete	Delete a linked service.	Core	GA
az monitor log-analytics workspace linked-service list	Get all the linked services in a workspace.	Core	GA
az monitor log-analytics workspace linked-service show	Show the properties of a linked service.	Core	GA
az monitor log-analytics workspace linked-service update	Update a linked service.	Core	GA
az monitor log-analytics workspace linked-service wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az monitor log-analytics workspace linked-storage	Manage linked storage account for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage add	Add some linked storage accounts with specific data source type for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage create	Create some linked storage accounts for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage delete	Delete all linked storage accounts with specific data source type for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage list	List all linked storage accounts for a log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage remove	Remove some linked storage accounts with specific data source type for log analytics workspace.	Core	GA
az monitor log-analytics workspace linked-storage show	Show all linked storage accounts with specific data source type for a log analytics workspace.	Core	GA
az monitor log-analytics workspace list	Get a list of workspaces under a resource group or a subscription.	Core	GA
az monitor log-analytics workspace list-available-service-tier	List the available service tiers for the workspace.	Core	GA
az monitor log-analytics workspace list-deleted-workspaces	Get a list of deleted workspaces that can be recovered in a subscription or a resource group.	Core	GA
az monitor log-analytics workspace list-link-target	List a list of workspaces which the current user has administrator privileges and are not associated with an Azure Subscription.	Core	GA
az monitor log-analytics workspace list-management-groups	Get a list of management groups connected to a workspace.	Core	GA
az monitor log-analytics workspace list-usages	Get a list of usage metrics for a workspace.	Core	GA
az monitor log-analytics workspace pack	Manage intelligent packs for log analytics workspace.	Core	GA
az monitor log-analytics workspace pack disable	Disable an intelligence pack for a given workspace.	Core	GA
az monitor log-analytics workspace pack enable	Enable an intelligence pack for a given workspace.	Core	GA
az monitor log-analytics workspace pack list	List all the intelligence packs possible and whether they are enabled or disabled for a given workspace.	Core	GA
az monitor log-analytics workspace recover	Recover a workspace in a soft-delete state within 14 days.	Core	GA
az monitor log-analytics workspace saved-search	Manage saved search for log analytics workspace.	Core	GA
az monitor log-analytics workspace saved-search create	Create a saved search for a given workspace.	Core	GA
az monitor log-analytics workspace saved-search delete	Delete a saved search for a given workspace.	Core	GA
az monitor log-analytics workspace saved-search list	List all saved searches for a given workspace.	Core	GA
az monitor log-analytics workspace saved-search show	Show a saved search for a given workspace.	Core	GA
az monitor log-analytics workspace saved-search update	Update a saved search for a given workspace.	Core	GA
az monitor log-analytics workspace show	Show a workspace instance.	Core	GA
az monitor log-analytics workspace table	Manage tables for log analytics workspace.	Core	GA
az monitor log-analytics workspace table create	Create a Log Analytics workspace microsoft/custom log table. The table name needs to end with '_CL'.	Core	GA
az monitor log-analytics workspace table delete	Delete a Log Analytics workspace table.	Core	GA
az monitor log-analytics workspace table list	List all the tables for the given Log Analytics workspace.	Core	GA
az monitor log-analytics workspace table migrate	Migrate a Log Analytics table from support of the Data Collector API and Custom Fields features to support of Data Collection Rule-based Custom Logs.	Core	GA
az monitor log-analytics workspace table restore	Manage tables for log analytics workspace restore logs table.	Core	GA
az monitor log-analytics workspace table restore create	Create a Log Analytics workspace restore logs table. The table name needs to end with '_RST'.	Core	GA
az monitor log-analytics workspace table search-job	Manage tables for log analytics workspace search results table.	Core	GA
az monitor log-analytics workspace table search-job cancel	Cancel a log analytics workspace search results table query run.	Core	GA
az monitor log-analytics workspace table search-job create	Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'.	Core	GA
az monitor log-analytics workspace table show	Get a Log Analytics workspace table.	Core	GA
az monitor log-analytics workspace table update	Update the properties of a Log Analytics workspace table.	Core	GA
az monitor log-analytics workspace table wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az monitor log-analytics workspace update	Update a workspace instance.	Core	GA
az monitor log-analytics workspace wait	Place the CLI in a waiting state until a condition is met.	Core	GA

az monitor log-analytics workspace create

Create a workspace instance.

az monitor log-analytics workspace create --name --workspace-name
                                          --resource-group
                                          [--capacity-reservation-level --level {100, 1000, 10000, 200, 2000, 25000, 300, 400, 500, 5000, 50000}]
                                          [--identity-type --type {None, SystemAssigned, UserAssigned}]
                                          [--ingestion-access {Disabled, Enabled}]
                                          [--location]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--query-access {Disabled, Enabled}]
                                          [--quota]
                                          [--replication-enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--replication-location]
                                          [--retention-time]
                                          [--sku --sku-name {CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard}]
                                          [--tags]
                                          [--user-assigned]

Examples

Create a workspace instance

az monitor log-analytics workspace create -g MyResourceGroup -n MyWorkspace

Required Parameters

--name --workspace-name -n

Name of the Log Analytics Workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--capacity-reservation-level --level

The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.

Property	Value
Parameter group:	Sku Arguments
Accepted values:	100, 1000, 10000, 200, 2000, 25000, 300, 400, 500, 5000, 50000

--identity-type --type

Type of managed service identity.

Property	Value
Parameter group:	Identity Arguments
Accepted values:	None, SystemAssigned, UserAssigned

--ingestion-access

The public network access type to access workspace ingestion.

Property	Value
Parameter group:	Properties Arguments
Default value:	Enabled
Accepted values:	Disabled, Enabled

--location -l

The geo-location where the resource lives When not specified, the location of the resource group will be used.

Property	Value
Parameter group:	Parameters Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--query-access

The public network access type to access workspace query.

Property	Value
Parameter group:	Properties Arguments
Default value:	Enabled
Accepted values:	Disabled, Enabled

--quota

The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.

Property	Value
Parameter group:	Properties Arguments

--replication-enabled

Specifies whether the replication is enabled or not. When true, workspace configuration and data is replicated to the specified location. If replication is been enabled, location must be provided.

Property	Value
Parameter group:	Replication Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--replication-location

The location of the replication.

Property	Value
Parameter group:	Replication Arguments

--retention-time

The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

Property	Value
Parameter group:	Properties Arguments
Default value:	30

--sku --sku-name

The name of the SKU.

Property	Value
Parameter group:	Sku Arguments
Default value:	PerGB2018
Accepted values:	CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Parameters Arguments

--user-assigned

The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Identity Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace delete

Deletes a workspace resource.

The name is kept for 14 days and cannot be used for another workspace. To remove the workspace completely and release the name, use the --force flag.

az monitor log-analytics workspace delete [--force {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--ids]
                                          [--name --workspace-name]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--resource-group]
                                          [--subscription]
                                          [--yes]

Examples

Soft delete a workspace instance.

az monitor log-analytics workspace delete --resource-group MyResourceGroup --workspace-name MyWorkspace

Completely delete a workspace instance.

az monitor log-analytics workspace delete --force --resource-group MyResourceGroup --workspace-name MyWorkspace

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--force -f

Deletes the workspace without the recovery option. A workspace that was deleted with this flag cannot be recovered.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name --workspace-name -n

Name of the Log Analytics Workspace.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--yes -y

Do not prompt for confirmation.

Property	Value
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace failback

Deactivates failover for the specified workspace.The failback operation is asynchronous and can take up to 30 minutes to complete.The status of the operation can be checked using the operationId returned in the response.

az monitor log-analytics workspace failback [--ids]
                                            [--name --workspace-name]
                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                            [--resource-group]
                                            [--subscription]

Examples

Deactive failover for specified workspace

az monitor log-analytics workspace failback --resource-group oiautorest6685 --workspace-name oiautorest6685

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name --workspace-name

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace failover

Activates failover for the specified workspace.The specified replication location must match the location of the enabled replication for this workspace.The failover operation is asynchronous and can take up to 30 minutes to complete.The status of the operation can be checked using the operationId returned in the response.

az monitor log-analytics workspace failover [--ids]
                                            [--location]
                                            [--name --workspace-name]
                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                            [--resource-group]
                                            [--subscription]

Examples

Activates failover for the specified workspace

az monitor log-analytics workspace failover --resource-group oiautorest6685 --location eastus --workspace-name oiautorest6685

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>. When not specified, the location of the resource group will be used.

Property	Value
Parameter group:	Resource Id Arguments

--name --workspace-name

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace get-schema

Get the schema for a given workspace.

Schema represents the internal structure of the workspace, which can be used during the query. For more information, visit: https://learn.microsoft.com/en-us/rest/api/loganalytics/workspace-schema/get.

az monitor log-analytics workspace get-schema --name --workspace-name
                                              --resource-group

Examples

Get the schema for a given workspace.

az monitor log-analytics workspace get-schema --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace get-shared-keys

Get the shared keys for a workspace.

az monitor log-analytics workspace get-shared-keys --name --workspace-name
                                                   --resource-group

Examples

Get the shared keys for a workspace.

az monitor log-analytics workspace get-shared-keys --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list

Get a list of workspaces under a resource group or a subscription.

az monitor log-analytics workspace list [--resource-group]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list-available-service-tier

List the available service tiers for the workspace.

az monitor log-analytics workspace list-available-service-tier [--ids]
                                                               [--resource-group]
                                                               [--subscription]
                                                               [--workspace-name]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--workspace-name -n

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list-deleted-workspaces

Get a list of deleted workspaces that can be recovered in a subscription or a resource group.

az monitor log-analytics workspace list-deleted-workspaces [--resource-group]

Examples

Get a list of deleted workspaces that can be recovered in a resource group

az monitor log-analytics workspace list-deleted-workspaces --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list-link-target

List a list of workspaces which the current user has administrator privileges and are not associated with an Azure Subscription.

az monitor log-analytics workspace list-link-target

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list-management-groups

Get a list of management groups connected to a workspace.

az monitor log-analytics workspace list-management-groups --name --workspace-name
                                                          --resource-group

Examples

Get a list of management groups connected to a workspace.

az monitor log-analytics workspace list-management-groups --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace list-usages

Get a list of usage metrics for a workspace.

az monitor log-analytics workspace list-usages --name --workspace-name
                                               --resource-group

Examples

Get a list of usage metrics for a workspace.

az monitor log-analytics workspace list-usages --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace recover

Recover a workspace in a soft-delete state within 14 days.

az monitor log-analytics workspace recover --workspace-name
                                           [--no-wait]
                                           [--resource-group]

Examples

Recover a workspace in a soft-delete state within 14 days

az monitor log-analytics workspace recover --resource-group MyResourceGroup -n MyWorkspace

Required Parameters

--workspace-name -n

Name of the Log Analytics Workspace.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Default value:	False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace show

Show a workspace instance.

az monitor log-analytics workspace show [--ids]
                                        [--name --workspace-name]
                                        [--resource-group]
                                        [--subscription]

Examples

Show a workspace instance.

az monitor log-analytics workspace show --resource-group MyResourceGroup --workspace-name MyWorkspace

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name --workspace-name -n

Name of the Log Analytics Workspace.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace update

Update a workspace instance.

az monitor log-analytics workspace update [--add]
                                          [--capacity-reservation-level --level {100, 1000, 10000, 200, 2000, 25000, 300, 400, 500, 5000, 50000}]
                                          [--data-collection-rule]
                                          [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--identity-type --type {None, SystemAssigned, UserAssigned}]
                                          [--ids]
                                          [--ingestion-access {Disabled, Enabled}]
                                          [--name --workspace-name]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--query-access {Disabled, Enabled}]
                                          [--quota]
                                          [--remove]
                                          [--replication-enabled {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--resource-group]
                                          [--retention-time]
                                          [--set]
                                          [--sku --sku-name {CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard}]
                                          [--subscription]
                                          [--tags]
                                          [--user-assigned]

Examples

Update a workspace instance.

az monitor log-analytics workspace update --resource-group myresourcegroup --retention-time 30 --workspace-name myworkspace

Update the defaultDataCollectionRuleResourceId of the workspace

az monitor log-analytics workspace update --resource-group myresourcegroup --workspace-name myworkspace --data-collection-rule "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}".

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property	Value
Parameter group:	Generic Update Arguments

--capacity-reservation-level --level

The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.

Property	Value
Parameter group:	Sku Arguments
Accepted values:	100, 1000, 10000, 200, 2000, 25000, 300, 400, 500, 5000, 50000

--data-collection-rule

The resource ID of the default Data Collection Rule to use for this workspace. Expected format is - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}.

Property	Value
Parameter group:	Properties Arguments

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property	Value
Parameter group:	Generic Update Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--identity-type --type

Type of managed service identity.

Property	Value
Parameter group:	Identity Arguments
Accepted values:	None, SystemAssigned, UserAssigned

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--ingestion-access

The public network access type to access workspace ingestion.

Property	Value
Parameter group:	Properties Arguments
Accepted values:	Disabled, Enabled

--name --workspace-name -n

Name of the Log Analytics Workspace.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--query-access

The public network access type to access workspace query.

Property	Value
Parameter group:	Properties Arguments
Accepted values:	Disabled, Enabled

--quota

The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.

Property	Value
Parameter group:	Properties Arguments

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property	Value
Parameter group:	Generic Update Arguments

--replication-enabled

Specifies whether the replication is enabled or not. When true, workspace configuration and data is replicated to the specified location. If replication is been enabled, location must be provided.

Property	Value
Parameter group:	Replication Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--retention-time

The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

Property	Value
Parameter group:	Properties Arguments

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property	Value
Parameter group:	Generic Update Arguments

--sku --sku-name

The name of the SKU.

Property	Value
Parameter group:	Sku Arguments
Accepted values:	CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Parameters Arguments

--user-assigned

The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Identity Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az monitor log-analytics workspace wait

Place the CLI in a waiting state until a condition is met.

az monitor log-analytics workspace wait [--created]
                                        [--custom]
                                        [--deleted]
                                        [--exists]
                                        [--ids]
                                        [--interval]
                                        [--name --workspace-name]
                                        [--resource-group]
                                        [--subscription]
                                        [--timeout]
                                        [--updated]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

Property	Value
Parameter group:	Wait Condition Arguments

--deleted

Wait until deleted.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--exists

Wait until the resource exists.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--interval

Polling interval in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	30

--name --workspace-name -n

Name of the Log Analytics Workspace.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--timeout

Maximum wait in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False