New-AzOperationalInsightsAzureActivityLogDataSource

Module:

Az.OperationalInsights

Collect Azure Activity log from given subscription.

Syntax

New-AzOperationalInsightsAzureActivityLogDataSource
   [-ResourceGroupName] <String>
   [-WorkspaceName] <String>
   [-Name] <String>
   [-SubscriptionId] <String>
   [-BackfillStartTime <DateTimeOffset>]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzOperationalInsightsAzureActivityLogDataSource
   [-Workspace] <PSWorkspace>
   [-Name] <String>
   [-SubscriptionId] <String>
   [-BackfillStartTime <DateTimeOffset>]
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzOperationalInsightsAzureActivityLogDataSource cmdlet enables Log Analytics to collect Azure activity log from given subscription.

Examples

Example 1

New-AzOperationalInsightsAzureActivityLogDataSource -ResourceGroupName testrg -WorkspaceName LogAnalyticsworkspace -Name test -SubscriptionId 0b1f6471-1bf0-4dda-aec3-cb9272f09590

Name              : test
ResourceGroupName : testrg
WorkspaceName     : LogAnalyticsworkspace
ResourceId        : /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/testrg/providers/Microsoft.OperationalInsights/workspaces/LogAnalyticsworkspace/datasources/test
Kind              : AzureActivityLog
Properties        : {"linkedResourceId":"/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/providers/microsoft.insights/eventtypes/management","backfillStartTime":"0001-01-01T00:00:00+00:00"}

This command enables Log Analytics to collect Azure activity log from given subscription.

Parameters

-BackfillStartTime

You can choose to backfill logs from a week ago.

Type:	DateTimeOffset
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Force

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

Type:	String
Position:	3
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-ResourceGroupName

Type:	String
Position:	1
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-SubscriptionId

Type:	String
Position:	4
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Workspace

Type:	PSWorkspace
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-WorkspaceName

Type:	String
Position:	2
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

Inputs

PSWorkspace

String

DateTimeOffset

Outputs

PSDataSource