New-AzOperationalInsightsWindowsEventDataSource
Collects event logs from computers that run the Windows operating system.
Syntax
ByWorkspaceName (Default)
New-AzOperationalInsightsWindowsEventDataSource
[-ResourceGroupName] <String>
[-WorkspaceName] <String>
[-Name] <String>
[-EventLogName] <String>
[-CollectErrors]
[-CollectWarnings]
[-CollectInformation]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
ByWorkspaceObject
New-AzOperationalInsightsWindowsEventDataSource
[-Workspace] <PSWorkspace>
[-Name] <String>
[-EventLogName] <String>
[-CollectErrors]
[-CollectWarnings]
[-CollectInformation]
[-Force]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzOperationalInsightsWindowsEventDataSource cmdlet adds a data source that collects Windows event logs from connected computers that run the Windows operating system in Azure Operational Insights.
Examples
Example 1: Create system Windows event data source
$EventLogNames = @()
$EventLogNames += 'Directory Service'
$EventLogNames += 'Microsoft-Windows-EventCollector/Operational'
$EventLogNames += 'System'
$ResourceGroupName = 'MyResourceGroup'
$WorkspaceName = 'MyWorkspaceName'
$Count = 0
foreach ($EventLogName in $EventLogNames) {
$Count++
$null = New-AzOperationalInsightsWindowsEventDataSource `
-ResourceGroupName $ResourceGroupName `
-WorkspaceName $WorkspaceName `
-Name "Windows-event-$($Count)" `
-EventLogName $EventLogName `
-CollectErrors `
-CollectWarnings `
-CollectInformation
}
Get-AzOperationalInsightsDataSource `
-ResourceGroupName $ResourceGroupName `
-WorkspaceName $WorkspaceName `
-Kind 'WindowsEvent'
Adds a data source that collects Windows event logs from connected computers that run the Windows operating system in Azure Operational Insights.
Parameters
-CollectErrors
Indicates that Operational Insights collects error messages.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Indicates that Operational Insights collects information messages.
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CollectWarnings
Indicates that Operational Insights collects warning messages.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EventLogName
Specifies the name of the event log.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 4 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Specifies a name for the data source. The name is not exposed in the Azure Portal and any string can be used as long as it is unique.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: 3 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceGroupName
Specifies the name of a resource group that contains computers.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByWorkspaceName
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Workspace
Specifies a workspace in which this cmdlet operates.
Parameter properties
Type: PSWorkspace
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByWorkspaceObject
Position: 0 Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-WorkspaceName
Specifies the name of a workspace in which this cmdlet operates.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByWorkspaceName
Position: 2 Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
