Purge Assessment Data in Log Analytics (health)

Deletes in Log Analytics are destructive and non-reversible! Please use extreme caution in their execution.

If you are seeing data from previous runs of the assessment that you want to delete in the Log Analytics, we recommend to use below solution.

  1. First we need to have Data Purger role to perform this activity. Refer to this aricle regarding Adding Role Assignments to get the Data Purger role assignment.

Screenshot of the Access control I A M page. Data Purger is selected.

  1. Review the policies and process to purge data here.

  2. Click the Try It button here

Screenshot of the Try It button.

4. After successful sign with user account having **Data Purger** role, fill the Parameters (subscriptionId, resourceGroupName and workspaceName) highlighted in GREEN box.

Screenshot of the Parameters dialog box. The Parameters subscription I D, resource Group Name and workspace Name are highlighted.

  1. Update the Request Body to specify filters to be applied while purging the data.

Screenshot of the Request Body dialog box. Filters are specified in the body box.

Code present in the Body parameter above will Purge all data generated after "2019-05-06T00:00:00" from "ADAssessmentRecommendation" table.

{ "table": "ADAssessmentRecommendation", "filters": [ { "column": "TimeGenerated", "operator": ">", "value": "2019-05-06T00:00:00" } ] }

A list of all the tables name like ADAssessmentRecommendation can be found in your Log Analytics workspace in the Logs tab.

Screenshot of the Microsoft Azure page. An arrow from the query box to the Logs tab is shown.

6. After filling all details as mentioned above, click the **Run** button present at bottom of the screen.

Screenshot of the Run button at the bottom of the Request Preview page.

  1. If we get Response code as 202 and we get operation id back, we are good and data will be purged soon.

Screenshot of the Response code highlighted in green. The Body box is also highlighted in green.

**Important:**

In order to manage system resources, purge requests are throttled at 50 requests per hour. You should batch the execution of purge requests by sending a single command whose predicate includes all user identities that require purging. Use the in operator to specify multiple identities. You should run the query before executing the purge request to verify that the results are expected.

If you face any issues while performing this activity, feel free to create a support ticket in the Azure Portal.

For general feedback on the Resource Center or content, please submit your feedback to your Microsoft representative. For specific requests and content updates regarding the Services Hub, contact our Support Team to submit a case.