你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzOperationalInsightsCustomLogDataSource
定义自定义日志收集策略。
语法
New-AzOperationalInsightsCustomLogDataSource
[-ResourceGroupName] <String>
[-WorkspaceName] <String>
[-Name] <String>
[-CustomLogRawJson] <String>
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzOperationalInsightsCustomLogDataSource
[-Workspace] <PSWorkspace>
[-Name] <String>
[-CustomLogRawJson] <String>
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
说明
New-AzOperationalInsightsCustomLogDataSource cmdlet 定义自定义日志收集策略。
示例
示例 1:定义自定义日志收集策略
$customLogRawJson = '{"customLogName":"Validation_CL","description":"test","inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"regexDelimiter":{"pattern":"\\n","matchIndex":0}}}],"extractions":[{"extractionName":"TimeGenerated","extractionType":"DateTime","extractionProperties":{"dateTimeExtraction":{"regex":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]","joinStringRegex":null}}}]}'
New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName rg-name -WorkspaceName workspace-name -CustomLogRawJson $customLogRawJson -Name "MyCustomLog"
Name : MyCustomLog
ResourceGroupName : rg-name
WorkspaceName : workspace-name
ResourceId : /subscriptions/sub-id/resourceGroups/rg-name/providers/Microsoft.OperationalInsights/workspaces/workspace-name/datasources/MyCustomLog
Kind : CustomLog
Properties : {"customLogName":"Validation_CL","description":"test","extractions":[{"extractionName":"TimeGenerated","extractionProperties":{"dateTimeExtraction":{"joinStringRegex":null,"regex":[{"m
atchIndex":0,"numberdGroup":null,"pattern":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]"}],"formatString":null}},"extractionTy
pe":"DateTime"}],"inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"rege
xDelimiter":{"matchIndex":0,"numberdGroup":null,"pattern":"\\n"}}}]}
定义自定义日志收集策略后收到的响应
参数
-Confirm
提示你在运行 cmdlet 之前进行确认。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CustomLogRawJson
将自定义集合策略指定为原始 JavaScript 对象表示法 (JSON) 字符串。
Type: | String |
Position: | 4 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DefaultProfile
用于与 azure 通信的凭据、帐户、租户和订阅
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
强制运行命令而不要求用户确认。
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
指定数据源的名称。
Type: | String |
Position: | 3 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
指定包含计算机的资源组的名称。
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Workspace
指定运行此 cmdlet 的工作区。
Type: | PSWorkspace |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WorkspaceName
指定运行此 cmdlet 的工作区的名称。
Type: | String |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
输入
输出
相关链接
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈