New-AzWindowsEventLogDataSourceObject
Create an in-memory object for WindowsEventLogDataSource.
Syntax
Default (Default)
New-AzWindowsEventLogDataSourceObject
[-Name <String>]
[-Stream <String[]>]
[-XPathQuery <String[]>]
[<CommonParameters>]
Description
Create an in-memory object for WindowsEventLogDataSource.
Examples
Example 1: Create a windows event log data source object
New-AzWindowsEventLogDataSourceObject -Name cloudSecurityTeamEvents -Stream Microsoft-WindowsEvent -XPathQuery "Security!"
Name Stream XPathQuery
---- ------ ----------
cloudSecurityTeamEvents {Microsoft-WindowsEvent} {Security!}
This command creates a windows event log data source object with XPathQuery.
Example 2: Create a windows event log data source object
New-AzWindowsEventLogDataSourceObject -Name appTeam1AppEvents -Stream Microsoft-WindowsEvent -XPathQuery "System![System[(Level = 1 or Level = 2 or Level = 3)]]","Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"
Name Stream XPathQuery
---- ------ ----------
appTeam1AppEvents {Microsoft-WindowsEvent} {System![System[(Level = 1 or Level = 2 or Level = 3)]], Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]}
This command creates a windows event log data source object with XPathQueries.
Parameters
-Name
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Stream
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-XPathQuery
A list of Windows Event Log queries in XPATH format.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
