Microsoft.Insights dataCollectionRules 2021-09-01-preview

2024-12-09

Bicep resource definition

The dataCollectionRules resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/dataCollectionRules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Insights/dataCollectionRules@2021-09-01-preview' = {
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    dataCollectionEndpointId: 'string'
    dataFlows: [
      {
        destinations: [
          'string'
        ]
        outputStream: 'string'
        streams: [
          'string'
        ]
        transformKql: 'string'
      }
    ]
    dataSources: {
      extensions: [
        {
          extensionName: 'string'
          extensionSettings: any(...)
          inputDataSources: [
            'string'
          ]
          name: 'string'
          streams: [
            'string'
          ]
        }
      ]
      iisLogs: [
        {
          logDirectories: [
            'string'
          ]
          name: 'string'
          streams: [
            'string'
          ]
        }
      ]
      logFiles: [
        {
          filePatterns: [
            'string'
          ]
          format: 'string'
          name: 'string'
          settings: {
            text: {
              recordStartTimestampFormat: 'string'
            }
          }
          streams: [
            'string'
          ]
        }
      ]
      performanceCounters: [
        {
          counterSpecifiers: [
            'string'
          ]
          name: 'string'
          samplingFrequencyInSeconds: int
          streams: [
            'string'
          ]
        }
      ]
      syslog: [
        {
          facilityNames: [
            'string'
          ]
          logLevels: [
            'string'
          ]
          name: 'string'
          streams: [
            'string'
          ]
        }
      ]
      windowsEventLogs: [
        {
          name: 'string'
          streams: [
            'string'
          ]
          xPathQueries: [
            'string'
          ]
        }
      ]
    }
    description: 'string'
    destinations: {
      azureMonitorMetrics: {
        name: 'string'
      }
      logAnalytics: [
        {
          name: 'string'
          workspaceResourceId: 'string'
        }
      ]
    }
    streamDeclarations: {
      {customized property}: {
        columns: [
          {
            name: 'string'
            type: 'string'
          }
        ]
      }
    }
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.Insights/dataCollectionRules

Name	Description	Value
kind	The kind of the resource.	'Linux' 'Windows'
location	The geo-location where the resource lives.	string (required)
name	The resource name	string (required)
properties	Resource properties.	DataCollectionRuleResourceProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

ColumnDefinition

Name	Description	Value
name	The name of the column.	string
type	The type of the column data.	'boolean' 'datetime' 'dynamic' 'int' 'long' 'real' 'string'

DataCollectionRuleDataSources

Name	Description	Value
extensions	The list of Azure VM extension data source configurations.	ExtensionDataSource[]
iisLogs	The list of IIS logs source configurations.	IisLogsDataSource[]
logFiles	The list of Log files source configurations.	LogFilesDataSource[]
performanceCounters	The list of performance counter data source configurations.	PerfCounterDataSource[]
syslog	The list of Syslog data source configurations.	SyslogDataSource[]
windowsEventLogs	The list of Windows Event Log data source configurations.	WindowsEventLogDataSource[]

DataCollectionRuleDestinations

Name	Description	Value
azureMonitorMetrics	Azure Monitor Metrics destination.	DestinationsSpecAzureMonitorMetrics
logAnalytics	List of Log Analytics destinations.	LogAnalyticsDestination[]

DataCollectionRuleResourceProperties

Name	Description	Value
dataCollectionEndpointId	The resource ID of the data collection endpoint that this rule can be used with.	string
dataFlows	The specification of data flows.	DataFlow[]
dataSources	The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint.	DataCollectionRuleDataSources
description	Description of the data collection rule.	string
destinations	The specification of destinations.	DataCollectionRuleDestinations
streamDeclarations	Declaration of custom streams used in this rule.	DataCollectionRuleStreamDeclarations

DataCollectionRuleResourceTags

Name	Description	Value

DataCollectionRuleStreamDeclarations

Name	Description	Value

DataFlow

Name	Description	Value
destinations	List of destinations for this data flow.	string[]
outputStream	The output stream of the transform. Only required if the transform changes data to a different stream.	string
streams	List of streams for this data flow.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'
transformKql	The KQL query to transform stream data.	string

DestinationsSpecAzureMonitorMetrics

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string

ExtensionDataSource

Name	Description	Value
extensionName	The name of the VM extension.	string (required)
extensionSettings	The extension settings. The format is specific for particular extension.	any
inputDataSources	The list of data sources this extension needs data from.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'

IisLogsDataSource

Name	Description	Value
logDirectories	Absolute paths file location	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	IIS streams	string[] (required)

LogAnalyticsDestination

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string
workspaceResourceId	The resource ID of the Log Analytics workspace.	string

LogFilesDataSource

Name	Description	Value
filePatterns	File Patterns where the log files are located	string[] (required)
format	The data format of the log files	'text' (required)
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
settings	The log files specific settings.	LogFilesDataSourceSettings
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data source	string[] (required)

LogFilesDataSourceSettings

Name	Description	Value
text	Text settings	LogFileSettingsText

LogFileSettingsText

Name	Description	Value
recordStartTimestampFormat	One of the supported timestamp formats	'dd/MMM/yyyy:HH:mm:ss zzz' 'ddMMyy HH:mm:ss' 'ISO 8601' 'M/D/YYYY HH:MM:SS AM/PM' 'MMM d hh:mm:ss' 'Mon DD, YYYY HH:MM:SS' 'yyMMdd HH:mm:ss' 'YYYY-MM-DD HH:MM:SS' 'yyyy-MM-ddTHH:mm:ssK' (required)

PerfCounterDataSource

Name	Description	Value
counterSpecifiers	A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command 'typeperf'.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
samplingFrequencyInSeconds	The number of seconds between consecutive counter measurements (samples).	int
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-InsightsMetrics' 'Microsoft-Perf'

StreamDeclaration

Name	Description	Value
columns	List of columns used by data in this stream.	ColumnDefinition[]

SyslogDataSource

Name	Description	Value
facilityNames	The list of facility names.	String array containing any of: '*' 'auth' 'authpriv' 'cron' 'daemon' 'kern' 'local0' 'local1' 'local2' 'local3' 'local4' 'local5' 'local6' 'local7' 'lpr' 'mail' 'mark' 'news' 'syslog' 'user' 'uucp'
logLevels	The log levels to collect.	String array containing any of: '*' 'Alert' 'Critical' 'Debug' 'Emergency' 'Error' 'Info' 'Notice' 'Warning'
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Syslog'

WindowsEventLogDataSource

Name	Description	Value
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-WindowsEvent'
xPathQueries	A list of Windows Event Log queries in XPATH format.	string[]

Usage Examples

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module	Description
Data Collection Rule	AVM Resource Module for Data Collection Rule

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File	Description
Deploy Secure AI Foundry with a managed virtual network	This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.

ARM template resource definition

The dataCollectionRules resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/dataCollectionRules resource, add the following JSON to your template.

{
  "type": "Microsoft.Insights/dataCollectionRules",
  "apiVersion": "2021-09-01-preview",
  "name": "string",
  "kind": "string",
  "location": "string",
  "properties": {
    "dataCollectionEndpointId": "string",
    "dataFlows": [
      {
        "destinations": [ "string" ],
        "outputStream": "string",
        "streams": [ "string" ],
        "transformKql": "string"
      }
    ],
    "dataSources": {
      "extensions": [
        {
          "extensionName": "string",
          "extensionSettings": {},
          "inputDataSources": [ "string" ],
          "name": "string",
          "streams": [ "string" ]
        }
      ],
      "iisLogs": [
        {
          "logDirectories": [ "string" ],
          "name": "string",
          "streams": [ "string" ]
        }
      ],
      "logFiles": [
        {
          "filePatterns": [ "string" ],
          "format": "string",
          "name": "string",
          "settings": {
            "text": {
              "recordStartTimestampFormat": "string"
            }
          },
          "streams": [ "string" ]
        }
      ],
      "performanceCounters": [
        {
          "counterSpecifiers": [ "string" ],
          "name": "string",
          "samplingFrequencyInSeconds": "int",
          "streams": [ "string" ]
        }
      ],
      "syslog": [
        {
          "facilityNames": [ "string" ],
          "logLevels": [ "string" ],
          "name": "string",
          "streams": [ "string" ]
        }
      ],
      "windowsEventLogs": [
        {
          "name": "string",
          "streams": [ "string" ],
          "xPathQueries": [ "string" ]
        }
      ]
    },
    "description": "string",
    "destinations": {
      "azureMonitorMetrics": {
        "name": "string"
      },
      "logAnalytics": [
        {
          "name": "string",
          "workspaceResourceId": "string"
        }
      ]
    },
    "streamDeclarations": {
      "{customized property}": {
        "columns": [
          {
            "name": "string",
            "type": "string"
          }
        ]
      }
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.Insights/dataCollectionRules

Name	Description	Value
apiVersion	The api version	'2021-09-01-preview'
kind	The kind of the resource.	'Linux' 'Windows'
location	The geo-location where the resource lives.	string (required)
name	The resource name	string (required)
properties	Resource properties.	DataCollectionRuleResourceProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Insights/dataCollectionRules'

ColumnDefinition

Name	Description	Value
name	The name of the column.	string
type	The type of the column data.	'boolean' 'datetime' 'dynamic' 'int' 'long' 'real' 'string'

DataCollectionRuleDataSources

Name	Description	Value
extensions	The list of Azure VM extension data source configurations.	ExtensionDataSource[]
iisLogs	The list of IIS logs source configurations.	IisLogsDataSource[]
logFiles	The list of Log files source configurations.	LogFilesDataSource[]
performanceCounters	The list of performance counter data source configurations.	PerfCounterDataSource[]
syslog	The list of Syslog data source configurations.	SyslogDataSource[]
windowsEventLogs	The list of Windows Event Log data source configurations.	WindowsEventLogDataSource[]

DataCollectionRuleDestinations

Name	Description	Value
azureMonitorMetrics	Azure Monitor Metrics destination.	DestinationsSpecAzureMonitorMetrics
logAnalytics	List of Log Analytics destinations.	LogAnalyticsDestination[]

DataCollectionRuleResourceProperties

Name	Description	Value
dataCollectionEndpointId	The resource ID of the data collection endpoint that this rule can be used with.	string
dataFlows	The specification of data flows.	DataFlow[]
dataSources	The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint.	DataCollectionRuleDataSources
description	Description of the data collection rule.	string
destinations	The specification of destinations.	DataCollectionRuleDestinations
streamDeclarations	Declaration of custom streams used in this rule.	DataCollectionRuleStreamDeclarations

DataCollectionRuleResourceTags

Name	Description	Value

DataCollectionRuleStreamDeclarations

Name	Description	Value

DataFlow

Name	Description	Value
destinations	List of destinations for this data flow.	string[]
outputStream	The output stream of the transform. Only required if the transform changes data to a different stream.	string
streams	List of streams for this data flow.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'
transformKql	The KQL query to transform stream data.	string

DestinationsSpecAzureMonitorMetrics

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string

ExtensionDataSource

Name	Description	Value
extensionName	The name of the VM extension.	string (required)
extensionSettings	The extension settings. The format is specific for particular extension.	any
inputDataSources	The list of data sources this extension needs data from.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'

IisLogsDataSource

Name	Description	Value
logDirectories	Absolute paths file location	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	IIS streams	string[] (required)

LogAnalyticsDestination

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string
workspaceResourceId	The resource ID of the Log Analytics workspace.	string

LogFilesDataSource

Name	Description	Value
filePatterns	File Patterns where the log files are located	string[] (required)
format	The data format of the log files	'text' (required)
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
settings	The log files specific settings.	LogFilesDataSourceSettings
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data source	string[] (required)

LogFilesDataSourceSettings

Name	Description	Value
text	Text settings	LogFileSettingsText

LogFileSettingsText

Name	Description	Value
recordStartTimestampFormat	One of the supported timestamp formats	'dd/MMM/yyyy:HH:mm:ss zzz' 'ddMMyy HH:mm:ss' 'ISO 8601' 'M/D/YYYY HH:MM:SS AM/PM' 'MMM d hh:mm:ss' 'Mon DD, YYYY HH:MM:SS' 'yyMMdd HH:mm:ss' 'YYYY-MM-DD HH:MM:SS' 'yyyy-MM-ddTHH:mm:ssK' (required)

PerfCounterDataSource

Name	Description	Value
counterSpecifiers	A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command 'typeperf'.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
samplingFrequencyInSeconds	The number of seconds between consecutive counter measurements (samples).	int
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-InsightsMetrics' 'Microsoft-Perf'

StreamDeclaration

Name	Description	Value
columns	List of columns used by data in this stream.	ColumnDefinition[]

SyslogDataSource

Name	Description	Value
facilityNames	The list of facility names.	String array containing any of: '*' 'auth' 'authpriv' 'cron' 'daemon' 'kern' 'local0' 'local1' 'local2' 'local3' 'local4' 'local5' 'local6' 'local7' 'lpr' 'mail' 'mark' 'news' 'syslog' 'user' 'uucp'
logLevels	The log levels to collect.	String array containing any of: '*' 'Alert' 'Critical' 'Debug' 'Emergency' 'Error' 'Info' 'Notice' 'Warning'
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Syslog'

WindowsEventLogDataSource

Name	Description	Value
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-WindowsEvent'
xPathQueries	A list of Windows Event Log queries in XPATH format.	string[]

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template	Description
Data Collection Rule for Syslog	This template creates a data collection rule defining the data source (Syslog) and the destination workspace.
Deploy Darktrace Autoscaling vSensors	This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors
Deploy Secure AI Foundry with a managed virtual network	This template creates a secure Azure AI Foundry environment with robust network and identity security restrictions.

Terraform (AzAPI provider) resource definition

The dataCollectionRules resource type can be deployed with operations that target:

Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/dataCollectionRules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Insights/dataCollectionRules@2021-09-01-preview"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    kind = "string"
    properties = {
      dataCollectionEndpointId = "string"
      dataFlows = [
        {
          destinations = [
            "string"
          ]
          outputStream = "string"
          streams = [
            "string"
          ]
          transformKql = "string"
        }
      ]
      dataSources = {
        extensions = [
          {
            extensionName = "string"
            extensionSettings = ?
            inputDataSources = [
              "string"
            ]
            name = "string"
            streams = [
              "string"
            ]
          }
        ]
        iisLogs = [
          {
            logDirectories = [
              "string"
            ]
            name = "string"
            streams = [
              "string"
            ]
          }
        ]
        logFiles = [
          {
            filePatterns = [
              "string"
            ]
            format = "string"
            name = "string"
            settings = {
              text = {
                recordStartTimestampFormat = "string"
              }
            }
            streams = [
              "string"
            ]
          }
        ]
        performanceCounters = [
          {
            counterSpecifiers = [
              "string"
            ]
            name = "string"
            samplingFrequencyInSeconds = int
            streams = [
              "string"
            ]
          }
        ]
        syslog = [
          {
            facilityNames = [
              "string"
            ]
            logLevels = [
              "string"
            ]
            name = "string"
            streams = [
              "string"
            ]
          }
        ]
        windowsEventLogs = [
          {
            name = "string"
            streams = [
              "string"
            ]
            xPathQueries = [
              "string"
            ]
          }
        ]
      }
      description = "string"
      destinations = {
        azureMonitorMetrics = {
          name = "string"
        }
        logAnalytics = [
          {
            name = "string"
            workspaceResourceId = "string"
          }
        ]
      }
      streamDeclarations = {
        {customized property} = {
          columns = [
            {
              name = "string"
              type = "string"
            }
          ]
        }
      }
    }
  }
}

Property Values

Microsoft.Insights/dataCollectionRules

Name	Description	Value
kind	The kind of the resource.	'Linux' 'Windows'
location	The geo-location where the resource lives.	string (required)
name	The resource name	string (required)
properties	Resource properties.	DataCollectionRuleResourceProperties
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Insights/dataCollectionRules@2021-09-01-preview"

ColumnDefinition

Name	Description	Value
name	The name of the column.	string
type	The type of the column data.	'boolean' 'datetime' 'dynamic' 'int' 'long' 'real' 'string'

DataCollectionRuleDataSources

Name	Description	Value
extensions	The list of Azure VM extension data source configurations.	ExtensionDataSource[]
iisLogs	The list of IIS logs source configurations.	IisLogsDataSource[]
logFiles	The list of Log files source configurations.	LogFilesDataSource[]
performanceCounters	The list of performance counter data source configurations.	PerfCounterDataSource[]
syslog	The list of Syslog data source configurations.	SyslogDataSource[]
windowsEventLogs	The list of Windows Event Log data source configurations.	WindowsEventLogDataSource[]

DataCollectionRuleDestinations

Name	Description	Value
azureMonitorMetrics	Azure Monitor Metrics destination.	DestinationsSpecAzureMonitorMetrics
logAnalytics	List of Log Analytics destinations.	LogAnalyticsDestination[]

DataCollectionRuleResourceProperties

Name	Description	Value
dataCollectionEndpointId	The resource ID of the data collection endpoint that this rule can be used with.	string
dataFlows	The specification of data flows.	DataFlow[]
dataSources	The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint.	DataCollectionRuleDataSources
description	Description of the data collection rule.	string
destinations	The specification of destinations.	DataCollectionRuleDestinations
streamDeclarations	Declaration of custom streams used in this rule.	DataCollectionRuleStreamDeclarations

DataCollectionRuleResourceTags

Name	Description	Value

DataCollectionRuleStreamDeclarations

Name	Description	Value

DataFlow

Name	Description	Value
destinations	List of destinations for this data flow.	string[]
outputStream	The output stream of the transform. Only required if the transform changes data to a different stream.	string
streams	List of streams for this data flow.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'
transformKql	The KQL query to transform stream data.	string

DestinationsSpecAzureMonitorMetrics

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string

ExtensionDataSource

Name	Description	Value
extensionName	The name of the VM extension.	string (required)
extensionSettings	The extension settings. The format is specific for particular extension.	any
inputDataSources	The list of data sources this extension needs data from.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-InsightsMetrics' 'Microsoft-Perf' 'Microsoft-Syslog' 'Microsoft-WindowsEvent'

IisLogsDataSource

Name	Description	Value
logDirectories	Absolute paths file location	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	IIS streams	string[] (required)

LogAnalyticsDestination

Name	Description	Value
name	A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule.	string
workspaceResourceId	The resource ID of the Log Analytics workspace.	string

LogFilesDataSource

Name	Description	Value
filePatterns	File Patterns where the log files are located	string[] (required)
format	The data format of the log files	'text' (required)
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
settings	The log files specific settings.	LogFilesDataSourceSettings
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data source	string[] (required)

LogFilesDataSourceSettings

Name	Description	Value
text	Text settings	LogFileSettingsText

LogFileSettingsText

Name	Description	Value
recordStartTimestampFormat	One of the supported timestamp formats	'dd/MMM/yyyy:HH:mm:ss zzz' 'ddMMyy HH:mm:ss' 'ISO 8601' 'M/D/YYYY HH:MM:SS AM/PM' 'MMM d hh:mm:ss' 'Mon DD, YYYY HH:MM:SS' 'yyMMdd HH:mm:ss' 'YYYY-MM-DD HH:MM:SS' 'yyyy-MM-ddTHH:mm:ssK' (required)

PerfCounterDataSource

Name	Description	Value
counterSpecifiers	A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command 'typeperf'.	string[]
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
samplingFrequencyInSeconds	The number of seconds between consecutive counter measurements (samples).	int
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-InsightsMetrics' 'Microsoft-Perf'

StreamDeclaration

Name	Description	Value
columns	List of columns used by data in this stream.	ColumnDefinition[]

SyslogDataSource

Name	Description	Value
facilityNames	The list of facility names.	String array containing any of: '*' 'auth' 'authpriv' 'cron' 'daemon' 'kern' 'local0' 'local1' 'local2' 'local3' 'local4' 'local5' 'local6' 'local7' 'lpr' 'mail' 'mark' 'news' 'syslog' 'user' 'uucp'
logLevels	The log levels to collect.	String array containing any of: '*' 'Alert' 'Critical' 'Debug' 'Emergency' 'Error' 'Info' 'Notice' 'Warning'
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Syslog'

WindowsEventLogDataSource

Name	Description	Value
name	A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule.	string
streams	List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to.	String array containing any of: 'Microsoft-Event' 'Microsoft-WindowsEvent'
xPathQueries	A list of Windows Event Log queries in XPATH format.	string[]

Share via

Microsoft.Insights dataCollectionRules 2021-09-01-preview

Bicep resource definition

Resource format

Property Values

Microsoft.Insights/dataCollectionRules

ColumnDefinition

DataCollectionRuleDataSources

DataCollectionRuleDestinations

DataCollectionRuleResourceProperties

DataCollectionRuleResourceTags

DataCollectionRuleStreamDeclarations

DataFlow

DestinationsSpecAzureMonitorMetrics

ExtensionDataSource

IisLogsDataSource

LogAnalyticsDestination

LogFilesDataSource

LogFilesDataSourceSettings

LogFileSettingsText

PerfCounterDataSource

StreamDeclaration

SyslogDataSource

WindowsEventLogDataSource

Usage Examples

Azure Verified Modules

Azure Quickstart Samples

ARM template resource definition

Resource format

Property Values

Microsoft.Insights/dataCollectionRules

ColumnDefinition

DataCollectionRuleDataSources

DataCollectionRuleDestinations

DataCollectionRuleResourceProperties

DataCollectionRuleResourceTags

DataCollectionRuleStreamDeclarations

DataFlow

DestinationsSpecAzureMonitorMetrics

ExtensionDataSource

IisLogsDataSource

LogAnalyticsDestination

LogFilesDataSource

LogFilesDataSourceSettings

LogFileSettingsText

PerfCounterDataSource

StreamDeclaration

SyslogDataSource

WindowsEventLogDataSource

Usage Examples

Azure Quickstart Templates

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.Insights/dataCollectionRules

ColumnDefinition

DataCollectionRuleDataSources

DataCollectionRuleDestinations

DataCollectionRuleResourceProperties

DataCollectionRuleResourceTags

DataCollectionRuleStreamDeclarations

DataFlow

DestinationsSpecAzureMonitorMetrics

ExtensionDataSource

IisLogsDataSource

LogAnalyticsDestination

LogFilesDataSource

LogFilesDataSourceSettings

LogFileSettingsText

PerfCounterDataSource

StreamDeclaration

SyslogDataSource

WindowsEventLogDataSource

Feedback

Additional resources