az monitor data-collection rule
Note
This reference is part of the monitor-control-service extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az monitor data-collection rule command. Learn more about extensions.
Manage data collection rule for monitor control service.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor data-collection rule association |
Manage data collection rule association for monitor control service. |
Extension | GA |
| az monitor data-collection rule association create |
Create an association. |
Extension | GA |
| az monitor data-collection rule association delete |
Delete an association. |
Extension | GA |
| az monitor data-collection rule association list |
Lists associations for the specified data collection rule. And Lists associations for the specified data collection endpoint. And Lists associations for the specified resource. |
Extension | GA |
| az monitor data-collection rule association list-by-resource |
List associations for the specified resource. |
Extension | GA |
| az monitor data-collection rule association show |
Get the specified association. |
Extension | GA |
| az monitor data-collection rule association update |
Update an association. |
Extension | GA |
| az monitor data-collection rule create |
Create a data collection rule. |
Extension | GA |
| az monitor data-collection rule data-flow |
Manage data flows. |
Extension | GA |
| az monitor data-collection rule data-flow add |
Add a data flow. |
Extension | GA |
| az monitor data-collection rule data-flow list |
List data flows. |
Extension | GA |
| az monitor data-collection rule delete |
Delete a data collection rule. |
Extension | GA |
| az monitor data-collection rule list |
List all data collection rules in the specified resource group. And Lists all data collection rules in the specified subscription. |
Extension | GA |
| az monitor data-collection rule log-analytics |
Manage Log Analytics destinations. |
Extension | GA |
| az monitor data-collection rule log-analytics add |
Add Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics delete |
Delete a Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics list |
List Log Analytics destinations of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics show |
Show a Log Analytics destination of a data collection rule. |
Extension | GA |
| az monitor data-collection rule log-analytics update |
Update a Log Analytics destination of a data collection rule. |
Extension | GA |
| az monitor data-collection rule performance-counter |
Manage Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter add |
Add a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter delete |
Delete a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter list |
List Log performance counter data sources. |
Extension | GA |
| az monitor data-collection rule performance-counter show |
Show a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule performance-counter update |
Update a Log performance counter data source. |
Extension | GA |
| az monitor data-collection rule show |
Return the specified data collection rule. |
Extension | GA |
| az monitor data-collection rule syslog |
Manage Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog add |
Add a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog delete |
Delete a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog list |
List Syslog data sources. |
Extension | GA |
| az monitor data-collection rule syslog show |
Show a Syslog data source. |
Extension | GA |
| az monitor data-collection rule syslog update |
Update a Syslog data source. |
Extension | GA |
| az monitor data-collection rule update |
Update a data collection rule. |
Extension | GA |
| az monitor data-collection rule windows-event-log |
Manage Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log add |
Add a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log delete |
Delete a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log list |
List Windows Event Log data sources. |
Extension | GA |
| az monitor data-collection rule windows-event-log show |
Show a Windows Event Log data source. |
Extension | GA |
| az monitor data-collection rule windows-event-log update |
Update a Windows Event Log data source. |
Extension | GA |
az monitor data-collection rule create
Create a data collection rule.
az monitor data-collection rule create --data-collection-rule-name --name --rule-name
--resource-group
[--agent-settings]
[--data-collection-endpoint-id --endpoint-id]
[--data-flows]
[--data-sources]
[--description]
[--destinations]
[--identity]
[--kind]
[--location]
[--references]
[--rule-file]
[--stream-declarations]
[--tags]Examples
Create data collection rule
az monitor data-collection rule create --resource-group "myResourceGroup" --location "eastus" --name "myCollectionRule" --rule-file "C:\samples\dcrEx1.json"Required Parameters
The name of the data collection rule. The name is case insensitive.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Agent settings used to modify agent behavior on a given host Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The resource ID of the data collection endpoint that is to be associated.
The specification of data flows. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Description of the association.
The specification of destinations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Managed service identity of the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The kind of the resource. Allowed values: Linux, Windows.
The geo-location where the resource lives.
Defines all the references that may be used in other sections of the DCR Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The json file for rule parameters. If provided, corresponding parameter will be overwrited by value from rule file Usage: --rule-file sample.json rule json file should be rule parameters organized as json format, like below: { "properties": { "destinations": { "azureMonitorMetrics": { "name": "azureMonitorMetrics-default" } }, "dataFlows": [ { "streams": [ "Microsoft-InsightsMetrics" ], "destinations": [ "azureMonitorMetrics-default" ] } ] } }.
Declaration of custom streams used in this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor data-collection rule delete
Delete a data collection rule.
az monitor data-collection rule delete [--data-collection-rule-name --name --rule-name]
[--delete-associations {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--resource-group]
[--subscription]
[--yes]Examples
Delete data collection rule
az monitor data-collection rule delete --name "myCollectionRule" --resource-group "myResourceGroup"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the data collection rule. The name is case insensitive.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
If set to 'true' then all associations of this data collection rule will also be deleted.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor data-collection rule list
List all data collection rules in the specified resource group. And Lists all data collection rules in the specified subscription.
az monitor data-collection rule list [--max-items]
[--next-token]
[--resource-group]Examples
List data collection rules by resource group
az monitor data-collection rule list --resource-group "myResourceGroup"List data collection rules by subscription
az monitor data-collection rule listOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor data-collection rule show
Return the specified data collection rule.
az monitor data-collection rule show [--data-collection-rule-name --name --rule-name]
[--ids]
[--resource-group]
[--subscription]Examples
Get data collection rule
az monitor data-collection rule show --name "myCollectionRule" --resource-group "myResourceGroup"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The name of the data collection rule. The name is case insensitive.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor data-collection rule update
Update a data collection rule.
az monitor data-collection rule update [--add]
[--agent-settings]
[--data-collection-endpoint-id --endpoint-id]
[--data-collection-rule-name --name --rule-name]
[--data-flows --data-flows-remain]
[--data-flows-raw]
[--data-sources]
[--description]
[--destinations]
[--extensions]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--identity]
[--ids]
[--kind]
[--log-analytics]
[--monitor-metrics]
[--performance-counters]
[--references]
[--remove]
[--resource-group]
[--set]
[--stream-declarations]
[--subscription]
[--syslog]
[--tags]
[--windows-event-logs]Examples
Update data collection rule
az monitor data-collection rule update --resource-group "myResourceGroup" --name "myCollectionRule" --data-flows destinations="centralWorkspace" streams="Microsoft-Perf" streams="Microsoft-Syslog" streams="Microsoft-WindowsEvent" --log-analytics name="centralWorkspace" resource-id="/subscriptions/703362b3-f278-4e4b-9179- c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspac es/centralTeamWorkspace" --performance-counters name="appTeamExtraCounters" counter- specifiers="\Process(_Total)\Thread Count" sampling-frequency=30 streams="Microsoft-Perf" --syslog name="cronSyslog" facility-names="cron" log-levels="Debug" log-levels="Critical" log-levels="Emergency" streams="Microsoft-Syslog" --windows-event-logs name="cloudSecurityTeamEvents" streams="Microsoft-WindowsEvent" x-path-queries="Security!"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Agent settings used to modify agent behavior on a given host Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The resource ID of the data collection endpoint that is to be associated.
The name of the data collection rule. The name is case insensitive.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The specification of data flows. Usage: --data-flows streams=XX1 streams=XX2 destinations=XX1 destinations=XX2 streams: Required. List of streams for this data flow. destinations: Required. List of destinations for this data flow. Multiple actions can be specified by using more than one --data-flows argument. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Data Flow Arguments |
The specification of data flows. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Description of the association.
The specification of destinations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The list of Azure VM extension data source configurations. Expected value: json-string/@json-file.
| Property | Value |
|---|---|
| Parameter group: | Data Sources Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Managed service identity of the resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The kind of the resource. Allowed values: Linux, Windows.
List of Log Analytics destinations. Usage: --log-analytics resource-id=XX name=XX resource-id: Required. The resource ID of the Log Analytics workspace. name: Required. A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. Multiple actions can be specified by using more than one --log-analytics argument. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Destinations Arguments |
Azure Monitor Metrics destination. Usage: --monitor-metrics name=XX name: Required. A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Destinations Arguments |
The list of performance counter data source configurations. Usage: --performance-counters streams=XX1 streams=XX2 sampling-frequency=XX counter-specifiers=XX1 counter-specifiers=XX2 name=XX streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. sampling-frequency: Required. The number of seconds between consecutive counter measurements(samples). counter-specifiers: Required. A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command 'typeperf'. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. Multiple actions can be specified by using more than one --performance-counters argument. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Data Sources Arguments |
Defines all the references that may be used in other sections of the DCR Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Declaration of custom streams used in this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The list of Syslog data source configurations. Usage: --syslog streams=XX1 streams=XX2 facility-names=XX1 facility-names=XX2 log-levels=XX1 log-levels=XX2 name=XX streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. facility-names: Required. The list of facility names. log-levels: The log levels to collect. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. Multiple actions can be specified by using more than one --syslog argument. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Data Sources Arguments |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The list of Windows Event Log data source configurations. Usage: --windows-event-logs streams=XX1 streams=XX2 x-path-queries=XX1 x-path-queries=XX2 name=XX streams: Required. List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. x-path-queries: Required. A list of Windows Event Log queries in XPATH format. name: Required. A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. Multiple actions can be specified by using more than one --windows-event-logs argument. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Data Sources Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
