New-AzOperationalInsightsAzureActivityLogDataSource
Collect Azure Activity log from given subscription.
Syntax
New-AzOperationalInsightsAzureActivityLogDataSource
[-ResourceGroupName] <String>
[-WorkspaceName] <String>
[-Name] <String>
[-SubscriptionId] <String>
[-BackfillStartTime <DateTimeOffset>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzOperationalInsightsAzureActivityLogDataSource
[-Workspace] <PSWorkspace>
[-Name] <String>
[-SubscriptionId] <String>
[-BackfillStartTime <DateTimeOffset>]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzOperationalInsightsAzureActivityLogDataSource cmdlet enables Log Analytics to collect Azure activity log from given subscription.
Examples
Example 1
New-AzOperationalInsightsAzureActivityLogDataSource -ResourceGroupName testrg -WorkspaceName LogAnalyticsworkspace -Name test -SubscriptionId 0b1f6471-1bf0-4dda-aec3-cb9272f09590
Name : test
ResourceGroupName : testrg
WorkspaceName : LogAnalyticsworkspace
ResourceId : /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/testrg/providers/Microsoft.OperationalInsights/workspaces/LogAnalyticsworkspace/datasources/test
Kind : AzureActivityLog
Properties : {"linkedResourceId":"/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/providers/microsoft.insights/eventtypes/management","backfillStartTime":"0001-01-01T00:00:00+00:00"}
This command enables Log Analytics to collect Azure activity log from given subscription.
Parameters
-BackfillStartTime
You can choose to backfill logs from a week ago.
| Type: | DateTimeOffset |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
| Type: | String |
| Position: | 3 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SubscriptionId
| Type: | String |
| Position: | 4 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Workspace
| Type: | PSWorkspace |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WorkspaceName
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
PSWorkspace
String
DateTimeOffset
Outputs
PSDataSource