I have created a log analytics workspace and table using the following commands in my pipeline :-
az monitor log-analytics workspace create --resource-group $(ResourceGroupName) --workspace-name $(LogAnalyticsWorkspaceName)
az monitor log-analytics workspace table create --resource-group $(ResourceGroupName)
--workspace-name $(LogAnalyticsWorkspaceName) -n $(LogAnalyticsGWCustomTableName)
--columns RawData=string TimeGenerated=datetime LogLevel=string --retention-time 90
where the variables are defined in the environment files.
I am trying to create a data collection rule as below :-
az monitor data-collection rule create --resource-group $(ResourceGroupName) --location $(Location) --name 'gw-d-dcr' --rule-file '/resourcegroup-deployments/custom-loganalytics/customlogsgatewayvm-$(parameters.environment).parameters.json'
where the –rule file has below content :-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dataCollectionRules_gw_d_dcr_name": {
"defaultValue": "gw-d-dcr",
"type": "String"
},
"dataCollectionEndpoints_cre_gw_d_dce_externalid": {
"defaultValue": "/subscriptions/ea273087-6293-4fc2-bfe7-aa29ea8ab4bf/resourceGroups/lz-cre-d-rg/providers/Microsoft.Insights/dataCollectionEndpoints/cre-gw-d-dce",
"type": "String"
},
"workspaces_cre_d_law_externalid": {
"defaultValue": "/subscriptions/ea273087-6293-4fc2-bfe7-aa29ea8ab4bf/resourceGroups/lz-cre-d-rg/providers/Microsoft.OperationalInsights/workspaces/cre-d-law",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2023-03-11",
"name": "[parameters('dataCollectionRules_gw_d_dcr_name')]",
"location": "westeurope",
"tags": {
"AppName": "CRE",
"Billing code": "NL02264",
"Business Application CI": "CI0030939",
"CIA": "112",
"ContactMail": "[email protected]",
"ContactPhone": "+31624536181",
"Environment": "Development",
"Owner": "[email protected]",
"Provider": "CBSP Azure"
},
"kind": "Linux",
"properties": {
"dataCollectionEndpointId": "[parameters('dataCollectionEndpoints_cre_gw_d_dce_externalid')]",
"streamDeclarations": {
"Custom-Text-gw_customlogs_CL": {
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "RawData",
"type": "string"
}
]
}
},
"dataSources": {
"logFiles": [
{
"streams": [
"Custom-Text-gw_customlogs_CL"
],
"filePatterns": [
"/data/web/cre/LogFiles/ACBS/*.log",
"/data/web/cre/LogFiles/ACBS/*.err",
"/data/web/cre/LogFiles/CRAS/*.log",
"/data/web/cre/LogFiles/CRAS/*.err",
"/data/web/cre/LogFiles/RAPID/*.log",
"/data/web/cre/LogFiles/RAPID/*.err",
"/home/ctrmazure/software/ctm/dailylog/daily*"
],
"format": "text",
"settings": {
"text": {
"recordStartTimestampFormat": "ISO 8601"
}
},
"name": "Custom-Text-gw_customlogs_CL"
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "[parameters('workspaces_cre_d_law_externalid')]",
"name": "la--771413343"
}
]
},
"dataFlows": [
{
"streams": [
"Custom-Text-gw_customlogs_CL"
],
"destinations": [
"la--771413343"
],
"transformKql": "source",
"outputStream": "Custom-gw_customlogs_CL"
}
]
}
}
] }
There is an already defined data collection endpoint in our environemnt. But i want to create a new one but not able to find the correct way. Please help in setting it all up in correct manner. Thanks.