az monitor log-analytics workspace
Manage Azure log analytics workspace.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor log-analytics workspace create |
Create a workspace instance. |
Core | GA |
| az monitor log-analytics workspace data-export |
Manage data export ruls for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace data-export create |
Create a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export delete |
Delete a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export list |
List all data export ruleses for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export show |
Show a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace data-export update |
Update a data export rule for a given workspace. |
Core | GA |
| az monitor log-analytics workspace delete |
Deletes a workspace resource. |
Core | GA |
| az monitor log-analytics workspace get-schema |
Get the schema for a given workspace. |
Core | GA |
| az monitor log-analytics workspace get-shared-keys |
Get the shared keys for a workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service |
Manage linked service for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service create |
Create a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service delete |
Delete a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service list |
Get all the linked services in a workspace. |
Core | GA |
| az monitor log-analytics workspace linked-service show |
Show the properties of a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service update |
Update a linked service. |
Core | GA |
| az monitor log-analytics workspace linked-service wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az monitor log-analytics workspace linked-storage |
Manage linked storage account for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage add |
Add some linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage create |
Create some linked storage accounts for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage delete |
Delete all linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage list |
List all linked storage accounts for a log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage remove |
Remove some linked storage accounts with specific data source type for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace linked-storage show |
Show all linked storage accounts with specific data source type for a log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace list |
Get a list of workspaces under a resource group or a subscription. |
Core | GA |
| az monitor log-analytics workspace list-available-service-tier |
List the available service tiers for the workspace. |
Core | GA |
| az monitor log-analytics workspace list-deleted-workspaces |
Get a list of deleted workspaces that can be recovered in a subscription or a resource group. |
Core | GA |
| az monitor log-analytics workspace list-link-target |
List a list of workspaces which the current user has administrator privileges and are not associated with an Azure Subscription. |
Core | GA |
| az monitor log-analytics workspace list-management-groups |
Get a list of management groups connected to a workspace. |
Core | GA |
| az monitor log-analytics workspace list-usages |
Get a list of usage metrics for a workspace. |
Core | GA |
| az monitor log-analytics workspace pack |
Manage intelligent packs for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace pack disable |
Disable an intelligence pack for a given workspace. |
Core | GA |
| az monitor log-analytics workspace pack enable |
Enable an intelligence pack for a given workspace. |
Core | GA |
| az monitor log-analytics workspace pack list |
List all the intelligence packs possible and whether they are enabled or disabled for a given workspace. |
Core | GA |
| az monitor log-analytics workspace recover |
Recover a workspace in a soft-delete state within 14 days. |
Core | GA |
| az monitor log-analytics workspace saved-search |
Manage saved search for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search create |
Create a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search delete |
Delete a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search list |
List all saved searches for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search show |
Show a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace saved-search update |
Update a saved search for a given workspace. |
Core | GA |
| az monitor log-analytics workspace show |
Show a workspace instance. |
Core | GA |
| az monitor log-analytics workspace table |
Manage tables for log analytics workspace. |
Core | GA |
| az monitor log-analytics workspace table create |
Create a Log Analytics workspace microsoft/custom log table. The table name needs to end with '_CL'. |
Core | GA |
| az monitor log-analytics workspace table delete |
Delete a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table list |
List all the tables for the given Log Analytics workspace. |
Core | GA |
| az monitor log-analytics workspace table migrate |
Migrate a Log Analytics table from support of the Data Collector API and Custom Fields features to support of Data Collection Rule-based Custom Logs. |
Core | GA |
| az monitor log-analytics workspace table restore |
Manage tables for log analytics workspace restore logs table. |
Core | GA |
| az monitor log-analytics workspace table restore create |
Create a Log Analytics workspace restore logs table. The table name needs to end with '_RST'. |
Core | GA |
| az monitor log-analytics workspace table search-job |
Manage tables for log analytics workspace search results table. |
Core | GA |
| az monitor log-analytics workspace table search-job cancel |
Cancel a log analytics workspace search results table query run. |
Core | GA |
| az monitor log-analytics workspace table search-job create |
Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'. |
Core | GA |
| az monitor log-analytics workspace table show |
Get a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table update |
Update the properties of a Log Analytics workspace table. |
Core | GA |
| az monitor log-analytics workspace table wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az monitor log-analytics workspace update |
Update a workspace instance. |
Core | GA |
| az monitor log-analytics workspace wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az monitor log-analytics workspace create
Create a workspace instance.
az monitor log-analytics workspace create --name
--resource-group
[--capacity-reservation-level {100, 1000, 200, 2000, 300, 400, 500, 5000}]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--ingestion-access {Disabled, Enabled}]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--query-access {Disabled, Enabled}]
[--quota]
[--retention-time]
[--sku {CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard}]
[--tags]
[--user-assigned]Examples
Create a workspace instance
az monitor log-analytics workspace create -g MyResourceGroup -n MyWorkspaceRequired Parameters
Name of the Log Analytics Workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.
Type of managed service identity.
The public network access type to access workspace ingestion.
The geo-location where the resource lives When not specified, the location of the resource group will be used.
Do not wait for the long-running operation to finish.
The public network access type to access workspace query.
The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.
The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.
The name of the SKU.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace delete
Deletes a workspace resource.
The name is kept for 14 days and cannot be used for another workspace. To remove the workspace completely and release the name, use the --force flag.
az monitor log-analytics workspace delete [--force {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]
[--yes]Examples
Soft delete a workspace instance.
az monitor log-analytics workspace delete --resource-group MyResourceGroup --workspace-name MyWorkspaceCompletely delete a workspace instance.
az monitor log-analytics workspace delete --force --resource-group MyResourceGroup --workspace-name MyWorkspaceOptional Parameters
Deletes the workspace without the recovery option. A workspace that was deleted with this flag cannot be recovered.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Log Analytics Workspace.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace get-schema
Get the schema for a given workspace.
Schema represents the internal structure of the workspace, which can be used during the query. For more information, visit: https://docs.microsoft.com/en-us/rest/api/loganalytics/workspace-schema/get.
az monitor log-analytics workspace get-schema --name
--resource-groupExamples
Get the schema for a given workspace.
az monitor log-analytics workspace get-schema --resource-group MyResourceGroup --workspace-name MyWorkspaceRequired Parameters
The name of the workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace get-shared-keys
Get the shared keys for a workspace.
az monitor log-analytics workspace get-shared-keys --name
--resource-groupExamples
Get the shared keys for a workspace.
az monitor log-analytics workspace get-shared-keys --resource-group MyResourceGroup --workspace-name MyWorkspaceRequired Parameters
The name of the workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list
Get a list of workspaces under a resource group or a subscription.
az monitor log-analytics workspace list [--resource-group]Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list-available-service-tier
List the available service tiers for the workspace.
az monitor log-analytics workspace list-available-service-tier [--ids]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list-deleted-workspaces
Get a list of deleted workspaces that can be recovered in a subscription or a resource group.
az monitor log-analytics workspace list-deleted-workspaces [--resource-group]Examples
Get a list of deleted workspaces that can be recovered in a resource group
az monitor log-analytics workspace list-deleted-workspaces --resource-group MyResourceGroupOptional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list-link-target
List a list of workspaces which the current user has administrator privileges and are not associated with an Azure Subscription.
az monitor log-analytics workspace list-link-targetGlobal Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list-management-groups
Get a list of management groups connected to a workspace.
az monitor log-analytics workspace list-management-groups --name
--resource-groupExamples
Get a list of management groups connected to a workspace.
az monitor log-analytics workspace list-management-groups --resource-group MyResourceGroup --workspace-name MyWorkspaceRequired Parameters
The name of the workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace list-usages
Get a list of usage metrics for a workspace.
az monitor log-analytics workspace list-usages --name
--resource-groupExamples
Get a list of usage metrics for a workspace.
az monitor log-analytics workspace list-usages --resource-group MyResourceGroup --workspace-name MyWorkspaceRequired Parameters
The name of the workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace recover
Recover a workspace in a soft-delete state within 14 days.
az monitor log-analytics workspace recover --workspace-name
[--no-wait]
[--resource-group]Examples
Recover a workspace in a soft-delete state within 14 days
az monitor log-analytics workspace recover --resource-group MyResourceGroup -n MyWorkspaceRequired Parameters
Name of the Log Analytics Workspace.
Optional Parameters
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace show
Show a workspace instance.
az monitor log-analytics workspace show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Show a workspace instance.
az monitor log-analytics workspace show --resource-group MyResourceGroup --workspace-name MyWorkspaceOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the Log Analytics Workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace update
Update a workspace instance.
az monitor log-analytics workspace update [--add]
[--capacity-reservation-level {100, 1000, 200, 2000, 300, 400, 500, 5000}]
[--data-collection-rule]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--identity-type {None, SystemAssigned, UserAssigned}]
[--ids]
[--ingestion-access {Disabled, Enabled}]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--query-access {Disabled, Enabled}]
[--quota]
[--remove]
[--resource-group]
[--retention-time]
[--set]
[--subscription]
[--tags]
[--user-assigned]Examples
Update a workspace instance.
az monitor log-analytics workspace update --resource-group myresourcegroup --retention-time 30 --workspace-name myworkspaceUpdate the defaultDataCollectionRuleResourceId of the workspace
az monitor log-analytics workspace update --resource-group myresourcegroup --workspace-name myworkspace --data-collection-rule "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}".Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.
The resource ID of the default Data Collection Rule to use for this workspace. Expected format is - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Type of managed service identity.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The public network access type to access workspace ingestion.
Name of the Log Analytics Workspace.
Do not wait for the long-running operation to finish.
The public network access type to access workspace query.
The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az monitor log-analytics workspace wait
Place the CLI in a waiting state until a condition is met.
az monitor log-analytics workspace wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the Log Analytics Workspace.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for