New-AzOperationalInsightsCustomLogDataSource
定義自定義記錄收集原則。
Syntax
New-AzOperationalInsightsCustomLogDataSource
[-ResourceGroupName] <String>
[-WorkspaceName] <String>
[-Name] <String>
[-CustomLogRawJson] <String>
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzOperationalInsightsCustomLogDataSource
[-Workspace] <PSWorkspace>
[-Name] <String>
[-CustomLogRawJson] <String>
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
New-AzOperationalInsightsCustomLogDataSource Cmdlet 會定義自定義記錄收集原則。
範例
範例 1:定義自定義記錄收集原則
$customLogRawJson = '{"customLogName":"Validation_CL","description":"test","inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"regexDelimiter":{"pattern":"\\n","matchIndex":0}}}],"extractions":[{"extractionName":"TimeGenerated","extractionType":"DateTime","extractionProperties":{"dateTimeExtraction":{"regex":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]","joinStringRegex":null}}}]}'
New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName rg-name -WorkspaceName workspace-name -CustomLogRawJson $customLogRawJson -Name "MyCustomLog"
Name : MyCustomLog
ResourceGroupName : rg-name
WorkspaceName : workspace-name
ResourceId : /subscriptions/sub-id/resourceGroups/rg-name/providers/Microsoft.OperationalInsights/workspaces/workspace-name/datasources/MyCustomLog
Kind : CustomLog
Properties : {"customLogName":"Validation_CL","description":"test","extractions":[{"extractionName":"TimeGenerated","extractionProperties":{"dateTimeExtraction":{"joinStringRegex":null,"regex":[{"m
atchIndex":0,"numberdGroup":null,"pattern":"((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]"}],"formatString":null}},"extractionTy
pe":"DateTime"}],"inputs":[{"location":{"fileSystemLocations":{"linuxFileTypeLogPaths":null,"windowsFileTypeLogPaths":["C:\\e2e\\Evan\\ArubaSECURITY\\*.log"]}},"recordDelimiter":{"rege
xDelimiter":{"matchIndex":0,"numberdGroup":null,"pattern":"\\n"}}}]}定義自定義記錄收集原則之後收到的回應
參數
-Confirm
執行 Cmdlet 之前先提示您確認。
| 類型: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| 預設值: | False |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CustomLogRawJson
將自訂集合原則指定為原始 JavaScript 物件表示法 (JSON) 字串。
| 類型: | String |
| Position: | 4 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
用於與 azure 通訊的認證、帳戶、租用戶和訂用帳戶
| 類型: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
強制命令執行,而不要求使用者確認。
| 類型: | SwitchParameter |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
指定數據來源的名稱。
| 類型: | String |
| Position: | 3 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
指定包含計算機的資源群組名稱。
| 類型: | String |
| Position: | 1 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
| 類型: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| 預設值: | False |
| 必要: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Workspace
指定此 Cmdlet 運作所在的工作區。
| 類型: | PSWorkspace |
| Position: | 0 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WorkspaceName
指定此 Cmdlet 運作所在的工作區名稱。
| 類型: | String |
| Position: | 2 |
| 預設值: | None |
| 必要: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |