az monitor log-analytics workspace

Manage Azure log analytics workspace.

Commands

az monitor log-analytics workspace create	Create a workspace instance.
az monitor log-analytics workspace data-export	Manage data export ruls for log analytics workspace.
az monitor log-analytics workspace data-export create	Create a data export rule for a given workspace.
az monitor log-analytics workspace data-export delete	Delete a data export rule for a given workspace.
az monitor log-analytics workspace data-export list	List all data export ruleses for a given workspace.
az monitor log-analytics workspace data-export show	Show a data export rule for a given workspace.
az monitor log-analytics workspace data-export update	Update a data export rule for a given workspace.
az monitor log-analytics workspace delete	Deletes a workspace resource.
az monitor log-analytics workspace get-schema	Get the schema for a given workspace.
az monitor log-analytics workspace get-shared-keys	Get the shared keys for a workspace.
az monitor log-analytics workspace linked-service	Manage linked service for log analytics workspace.
az monitor log-analytics workspace linked-service create	Create a linked service.
az monitor log-analytics workspace linked-service delete	Delete a linked service.
az monitor log-analytics workspace linked-service list	Get all the linked services in a workspace.
az monitor log-analytics workspace linked-service show	Show the properties of a linked service.
az monitor log-analytics workspace linked-service update	Update a linked service.
az monitor log-analytics workspace linked-service wait	Place the CLI in a waiting state until a condition is met.
az monitor log-analytics workspace linked-storage	Manage linked storage account for log analytics workspace.
az monitor log-analytics workspace linked-storage add	Add some linked storage accounts with specific data source type for log analytics workspace.
az monitor log-analytics workspace linked-storage create	Create some linked storage accounts for log analytics workspace.
az monitor log-analytics workspace linked-storage delete	Delete all linked storage accounts with specific data source type for log analytics workspace.
az monitor log-analytics workspace linked-storage list	List all linked storage accounts for a log analytics workspace.
az monitor log-analytics workspace linked-storage remove	Remove some linked storage accounts with specific data source type for log analytics workspace.
az monitor log-analytics workspace linked-storage show	Show all linked storage accounts with specific data source type for a log analytics workspace.
az monitor log-analytics workspace list	Get a list of workspaces under a resource group or a subscription.
az monitor log-analytics workspace list-deleted-workspaces	Get a list of deleted workspaces that can be recovered in a subscription or a resource group.
az monitor log-analytics workspace list-management-groups	Get a list of management groups connected to a workspace.
az monitor log-analytics workspace list-usages	Get a list of usage metrics for a workspace.
az monitor log-analytics workspace pack	Manage intelligent packs for log analytics workspace.
az monitor log-analytics workspace pack disable	Disable an intelligence pack for a given workspace.
az monitor log-analytics workspace pack enable	Enable an intelligence pack for a given workspace.
az monitor log-analytics workspace pack list	List all the intelligence packs possible and whether they are enabled or disabled for a given workspace.
az monitor log-analytics workspace recover	Recover a workspace in a soft-delete state within 14 days.
az monitor log-analytics workspace saved-search	Manage saved search for log analytics workspace.
az monitor log-analytics workspace saved-search create	Create a saved search for a given workspace.
az monitor log-analytics workspace saved-search delete	Delete a saved search for a given workspace.
az monitor log-analytics workspace saved-search list	List all saved searches for a given workspace.
az monitor log-analytics workspace saved-search show	Show a saved search for a given workspace.
az monitor log-analytics workspace saved-search update	Update a saved search for a given workspace.
az monitor log-analytics workspace show	Show a workspace instance.
az monitor log-analytics workspace table	Manage tables for log analytics workspace.
az monitor log-analytics workspace table create	Create a Log Analytics workspace microsoft/custom log table. The table name needs to end with '_CL'.
az monitor log-analytics workspace table delete	Delete a Log Analytics workspace table.
az monitor log-analytics workspace table list	List all the tables for the given Log Analytics workspace.
az monitor log-analytics workspace table migrate	Migrate a Log Analytics table from support of the Data Collector API and Custom Fields features to support of Data Collection Rule-based Custom Logs.
az monitor log-analytics workspace table restore	Manage tables for log analytics workspace restore logs table.
az monitor log-analytics workspace table restore create	Create a Log Analytics workspace restore logs table. The table name needs to end with '_RST'.
az monitor log-analytics workspace table search-job	Manage tables for log analytics workspace search results table.
az monitor log-analytics workspace table search-job create	Create a Log Analytics workspace search results table. The table name needs to end with '_SRCH'.
az monitor log-analytics workspace table show	Get a Log Analytics workspace table.
az monitor log-analytics workspace table update	Update the properties of a Log Analytics workspace table.
az monitor log-analytics workspace table wait	Place the CLI in a waiting state until a condition is met.
az monitor log-analytics workspace update	Update a workspace instance.
az monitor log-analytics workspace wait	Place the CLI in a waiting state until a condition is met.

az monitor log-analytics workspace create

Create a workspace instance.

az monitor log-analytics workspace create --name
                                          --resource-group
                                          [--capacity-reservation-level {100, 1000, 200, 2000, 300, 400, 500, 5000}]
                                          [--ingestion-access {Disabled, Enabled}]
                                          [--location]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--query-access {Disabled, Enabled}]
                                          [--quota]
                                          [--retention-time]
                                          [--sku {CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard}]
                                          [--tags]

Examples

Create a workspace instance

az monitor log-analytics workspace create -g MyResourceGroup -n MyWorkspace

Required Parameters

--name --workspace-name -n

Name of the Log Analytics Workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--capacity-reservation-level --level

The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.

accepted values: 100, 1000, 200, 2000, 300, 400, 500, 5000

--ingestion-access

The public network access type to access workspace ingestion.

accepted values: Disabled, Enabled

--location -l

The geo-location where the resource lives.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--query-access

The public network access type to access workspace query.

accepted values: Disabled, Enabled

--quota

The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.

--retention-time

The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

default value: 30

--sku --sku-name

The name of the SKU.

accepted values: CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard

default value: PerGB2018

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace delete

Deletes a workspace resource.

The name is kept for 14 days and cannot be used for another workspace. To remove the workspace completely and release the name, use the --force flag.

az monitor log-analytics workspace delete [--force {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--ids]
                                          [--name]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--resource-group]
                                          [--subscription]
                                          [--yes]

Examples

Soft delete a workspace instance.

az monitor log-analytics workspace delete --resource-group MyResourceGroup --workspace-name MyWorkspace

Completely delete a workspace instance.

az monitor log-analytics workspace delete --force --resource-group MyResourceGroup --workspace-name MyWorkspace

Optional Parameters

--force -f

Deletes the workspace without the recovery option. A workspace that was deleted with this flag cannot be recovered.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --workspace-name -n

Name of the Log Analytics Workspace.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace get-schema

Get the schema for a given workspace.

Schema represents the internal structure of the workspace, which can be used during the query. For more information, visit: https://docs.microsoft.com/en-us/rest/api/loganalytics/workspace-schema/get.

az monitor log-analytics workspace get-schema --name
                                              --resource-group

Examples

Get the schema for a given workspace.

az monitor log-analytics workspace get-schema --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace get-shared-keys

Get the shared keys for a workspace.

az monitor log-analytics workspace get-shared-keys --name
                                                   --resource-group

Examples

Get the shared keys for a workspace.

az monitor log-analytics workspace get-shared-keys --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace list

Get a list of workspaces under a resource group or a subscription.

az monitor log-analytics workspace list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace list-deleted-workspaces

Get a list of deleted workspaces that can be recovered in a subscription or a resource group.

az monitor log-analytics workspace list-deleted-workspaces [--resource-group]

Examples

Get a list of deleted workspaces that can be recovered in a resource group

az monitor log-analytics workspace list-deleted-workspaces --resource-group MyResourceGroup

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace list-management-groups

Get a list of management groups connected to a workspace.

az monitor log-analytics workspace list-management-groups --name
                                                          --resource-group

Examples

Get a list of management groups connected to a workspace.

az monitor log-analytics workspace list-management-groups --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace list-usages

Get a list of usage metrics for a workspace.

az monitor log-analytics workspace list-usages --name
                                               --resource-group

Examples

Get a list of usage metrics for a workspace.

az monitor log-analytics workspace list-usages --resource-group MyResourceGroup --workspace-name MyWorkspace

Required Parameters

--name --workspace-name -n

The name of the workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace recover

Recover a workspace in a soft-delete state within 14 days.

az monitor log-analytics workspace recover --workspace-name
                                           [--no-wait]
                                           [--resource-group]

Examples

Recover a workspace in a soft-delete state within 14 days

az monitor log-analytics workspace recover --resource-group MyResourceGroup -n MyWorkspace

Required Parameters

--workspace-name -n

Name of the Log Analytics Workspace.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace show

Show a workspace instance.

az monitor log-analytics workspace show [--ids]
                                        [--name]
                                        [--resource-group]
                                        [--subscription]

Examples

Show a workspace instance.

az monitor log-analytics workspace show --resource-group MyResourceGroup --workspace-name MyWorkspace

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name --workspace-name -n

Name of the Log Analytics Workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace update

Update a workspace instance.

az monitor log-analytics workspace update [--add]
                                          [--capacity-reservation-level {100, 1000, 200, 2000, 300, 400, 500, 5000}]
                                          [--data-collection-rule]
                                          [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--ids]
                                          [--ingestion-access {Disabled, Enabled}]
                                          [--name]
                                          [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                          [--query-access {Disabled, Enabled}]
                                          [--quota]
                                          [--remove]
                                          [--resource-group]
                                          [--retention-time]
                                          [--set]
                                          [--subscription]
                                          [--tags]

Examples

Update a workspace instance.

az monitor log-analytics workspace update --resource-group myresourcegroup --retention-time 30 --workspace-name myworkspace

Update the defaultDataCollectionRuleResourceId of the workspace

az monitor log-analytics workspace update --resource-group myresourcegroup --workspace-name myworkspace --data-collection-rule "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}".

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--capacity-reservation-level --level

The capacity reservation level for this workspace, when CapacityReservation sku is selected. The maximum value is 1000 and must be in multiples of 100. If you want to increase the limit, please contact LAIngestionRate@microsoft.com.

accepted values: 100, 1000, 200, 2000, 300, 400, 500, 5000

--data-collection-rule

The resource ID of the default Data Collection Rule to use for this workspace. Expected format is - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dcrName}.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ingestion-access

The public network access type to access workspace ingestion.

accepted values: Disabled, Enabled

--name --workspace-name -n

Name of the Log Analytics Workspace.

--no-wait

Do not wait for the long-running operation to finish.

accepted values: 0, 1, f, false, n, no, t, true, y, yes

--query-access

The public network access type to access workspace query.

accepted values: Disabled, Enabled

--quota

The workspace daily quota for ingestion in gigabytes. The minimum value is 0.023 and default is -1 which means unlimited.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--retention-time

The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try ?? to show more.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor log-analytics workspace wait

Place the CLI in a waiting state until a condition is met.

az monitor log-analytics workspace wait [--created]
                                        [--custom]
                                        [--deleted]
                                        [--exists]
                                        [--ids]
                                        [--interval]
                                        [--name]
                                        [--resource-group]
                                        [--subscription]
                                        [--timeout]
                                        [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

default value: False

--exists

Wait until the resource exists.

default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

default value: 30

--name --workspace-name -n

Name of the Log Analytics Workspace.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.