你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

New-AzOperationalInsightsCustomLogDataSource

  • 参考
模块:
Az.OperationalInsights

定义自定义日志收集策略。

语法

New-AzOperationalInsightsCustomLogDataSource
   [-ResourceGroupName] <String>
   [-WorkspaceName] <String>
   [-Name] <String>
   [-CustomLogRawJson] <String>
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzOperationalInsightsCustomLogDataSource
   [-Workspace] <PSWorkspace>
   [-Name] <String>
   [-CustomLogRawJson] <String>
   [-Force]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

说明

New-AzOperationalInsightsCustomLogDataSource cmdlet 定义自定义日志收集策略。

示例

示例 1:定义自定义日志收集策略

$customLogRawJson = '{"customLogName":"Validation_CL","description":"test","inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"regexDelimiter":{"pattern":"\\n","matchIndex":0}}}],"extractions":[{"extractionName":"TimeGenerated","extractionType":"DateTime","extractionProperties":{"dateTimeExtraction":{"regex":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]","joinStringRegex":null}}}]}'
New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName rg-name -WorkspaceName workspace-name -CustomLogRawJson $customLogRawJson -Name "MyCustomLog"

Name              : MyCustomLog
ResourceGroupName : rg-name
WorkspaceName     : workspace-name
ResourceId        : /subscriptions/sub-id/resourceGroups/rg-name/providers/Microsoft.OperationalInsights/workspaces/workspace-name/datasources/MyCustomLog
Kind              : CustomLog
Properties        : {"customLogName":"Validation_CL","description":"test","extractions":[{"extractionName":"TimeGenerated","extractionProperties":{"dateTimeExtraction":{"joinStringRegex":null,"regex":[{"m
                    atchIndex":0,"numberdGroup":null,"pattern":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]"}],"formatString":null}},"extractionTy
                    pe":"DateTime"}],"inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"rege
                    xDelimiter":{"matchIndex":0,"numberdGroup":null,"pattern":"\\n"}}}]}

定义自定义日志收集策略后收到的响应

参数

-Confirm

提示你在运行 cmdlet 之前进行确认。

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CustomLogRawJson

将自定义集合策略指定为原始 JavaScript 对象表示法 (JSON) 字符串。

Type:String
Position:4
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

用于与 azure 通信的凭据、帐户、租户和订阅

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

强制运行命令而不要求用户确认。

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

指定数据源的名称。

Type:String
Position:3
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceGroupName

指定包含计算机的资源组的名称。

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Workspace

指定运行此 cmdlet 的工作区。

Type:PSWorkspace
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WorkspaceName

指定运行此 cmdlet 的工作区的名称。

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

输入

PSWorkspace

String

输出

PSDataSource