Set up Log Analytics workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install-Module azuread | |
| New-AzureADGroup -Description "Log Analytics Reader Group" -DisplayName "Log Analytics Reader Group" -MailEnabled $false -SecurityEnabled $true -MailNickName "LogAnalyticsReaderGroup" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ORGANIZATION_NAME = "Az Days" | |
| $LOCATION = "Central US" | |
| $LOCATION_ABBR= "cenus" | |
| $SUBSCRIPTION_ID = "7005478c-99cb-4b5d-a56c-d60abc23d6af" | |
| $ENVIRONMENT = "Prod" | |
| $COSTCENTER = "Corporate" | |
| $OWNER = "bruce@azdays.com" | |
| $createdData = Get-Date -Format "yyyy-MM-dd" | |
| $tags = @{"Cost Center"=$COSTCENTER; "Location"=$LOCATION; "Environment"=$ENVIRONMENT; "Project"=$ORGANIZATION_NAME; "Owner"=$OWNER; "Created Date"=$createdData; "Tier"="Management" } | |
| $OrganizationName = $ORGANIZATION_NAME -replace '\s', '' | |
| $OrganizationName = $OrganizationName.ToLower() | |
| if ($SubscriptionId -eq $null) { | |
| $SubscriptionId = (Get-AzContext).Subscription.SubscriptionId | |
| } | |
| Set-AzContext -Name ($OrganizationName + "Context") -SubscriptionId $subscriptionID -Force | |
| ############# | |
| # Create shared resource group for management organization | |
| ############# | |
| $resourceGroupName = "rg-$LOCATION_ABBR-$OrganizationName-$ENVIRONMENT-management" | |
| New-AzResourceGroup ` | |
| -Name $resourceGroupName ` | |
| -Location $Location_lc ` | |
| -Tag $tags | |
| Get-AzResourceGroup -Name $resourceGroupName | |
| Write-Host "Created or updated: " $ResourceGroupName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 7.0 | |
| #Requires -Modules PowerShellGet, Az, Az.Storage, , Az.Resources | |
| <# | |
| .SYNOPSIS | |
| Add-LogAnalytics adds resource group, log analytics workspace as a shared resource, using loganalytics.deploy.json file in the same directory. | |
| .DESCRIPTION | |
| Creates a shared resource group, a storage account attached and a new log analytics workspace resource. | |
| .PARAMETER SubscriptionID | |
| Mandatory. The Azure Subscription ID, such as "9f241d6e-16e2-4b2b-a485-cc546f04799b" | |
| .PARAMETER OrganizationName | |
| Mandatory. Name of organization. (used to create the resource group and the common resources. | |
| .PARAMETER CostCenter | |
| Optional. Cost center for this resource. Used for tags. Default is "Administration" | |
| .PARAMETER Environment | |
| One for each region. So the default is 'mgmt' for the Environment for tags | |
| .PARAMETER Location | |
| You will need to specify the location for regions other than West US 2 | |
| .PARAMETER LocationAbbr | |
| You will need to specify the location for regions other than West US 2 | |
| .PARAMETER Owner | |
| The owner is tagged in the resource group and resource | |
| .RETURN | |
| The name of the resource group created | |
| .NOTES | |
| Version: 1.0.1 | |
| Author: Bruce Kyle | |
| Creation Date: 6/5/2020 | |
| Purpose/Change: Update example | |
| Requires: | |
| - Connection to Azure | |
| Copyright 2020 Stretegic Datatech LLC | |
| License: MIT https://opensource.org/licenses/MIT | |
| .EXAMPLE | |
| $ORGANIZATION_NAME = "AzDays" | |
| $LOCATION = "Central US" | |
| .\Add-LogAnalytics.ps1 -SubscriptionID 9f241d6e-16e2-4b2b-a485-cc546f04799b ` | |
| -OrganizationName $ORGANIZATION_NAME -Location $LOCATION -LocationAbbr 'cus' | |
| #> | |
| [CmdletBinding()] | |
| #--------[Params]--------------- | |
| Param( | |
| [Parameter(Mandatory=$false)] [string] $SubscriptionID, | |
| [Parameter(Mandatory)] [string] $OrganizationName, | |
| [Parameter(Mandatory=$false)] [string] $CostCenter = "Administration", | |
| [Parameter(Mandatory=$false)] [string] $Environment='mgmt', | |
| [Parameter(Mandatory=$false)] [string] $Location="West US 2", | |
| [Parameter(Mandatory=$false)] [string] $LocationAbbr='wus2', | |
| [Parameter(Mandatory=$false)] [string] $Owner = $env:UserName | |
| ) | |
| Set-StrictMode -Version Latest | |
| $ErrorActionPreference = "Stop" | |
| try | |
| { | |
| Set-AzContext -Name ($OrganizationName + "Context") -SubscriptionId $subscriptionID -Force | |
| $Location_lc = $LOCATION -replace '\s', '' | |
| $Location_lc = $Location_lc.ToLower() | |
| ############# | |
| # Deploy log analytics with storage account | |
| ############# | |
| $deploymentName = $ResourceGroupName.substring(3) + "-management-deployment" | |
| Write-Host "Deployment name: " $deploymentName | |
| # accepting the defaults for the other items | |
| $paramObject = @{ | |
| 'organization' = $OrganizationName | |
| } | |
| $parameters = @{ | |
| 'Name' = $deploymentName | |
| 'ResourceGroupName' = $ResourceGroupName | |
| 'TemplateFile' = '.\loganalytics-deploy.json' | |
| 'TemplateParameterObject' = $paramObject | |
| 'Verbose' = $true | |
| } | |
| New-AzResourceGroupDeployment @parameters | |
| $loganalyticsResourceID = @(Get-AzResourceGroupDeployment ` | |
| -ResourceGroupName $ResourceGroupName ` | |
| -Name $ResourceGroupName).Outputs.resourceID.value | |
| } | |
| catch | |
| { | |
| $loganalyticsResourceID = $null; | |
| echo "Completed Log analytics failed" | |
| } | |
| finally | |
| { | |
| echo "Completed Log analytics creation: $loganalyticsResourceID" | |
| } | |
| return $loganalyticsResourceID |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $LOG_ANALYTICS_RESOURCE_ID = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/oi-default-east-us/providers/microsoft.operationalinsights/workspaces/myworkspace" | |
| $KEY_VAULE_RESOURCE_ID = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeyvault" | |
| Set-AzDiagnosticSetting -Name KeyVault-Diagnostics -ResourceId $KEY_VAULE_RESOURCE_ID ` | |
| -Category AuditEvent -MetricCategory AllMetrics -Enabled $true ` | |
| -WorkspaceId $LOG_ANALYTICS_RESOURCE_ID |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "organization": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Organization name. For example: AzDays" | |
| } | |
| }, | |
| "service-tier": { | |
| "type": "string", | |
| "defaultValue": "PerNode", | |
| "allowedValues": [ | |
| "Free", | |
| "Standalone", | |
| "PerNode", | |
| "PerGB2018" | |
| ], | |
| "metadata": { | |
| "description": "Service Tier: Free, Standalone, or PerNode" | |
| } | |
| }, | |
| "data-retention": { | |
| "type": "int", | |
| "defaultValue": 365, | |
| "minValue": 0, | |
| "maxValue": 365, | |
| "metadata": { | |
| "description": "Number of days data will be retained for." | |
| } | |
| }, | |
| "location": { | |
| "type": "string", | |
| "defaultValue": "West US 2", | |
| "allowedValues": [ | |
| "australiacentral", | |
| "australiaeast", | |
| "australiasoutheast", | |
| "brazilsouth", | |
| "canadacentral", | |
| "centralindia", | |
| "centralus", | |
| "eastasia", | |
| "eastus", | |
| "eastus2", | |
| "francecentral", | |
| "japaneast", | |
| "koreacentral", | |
| "northcentralus", | |
| "northeurope", | |
| "southafricanorth", | |
| "southcentralus", | |
| "southeastasia", | |
| "uksouth", | |
| "ukwest", | |
| "westcentralus", | |
| "westeurope", | |
| "westus", | |
| "westus2" | |
| ], | |
| "metadata": { | |
| "description": "Region used when establishing the workspace." | |
| } | |
| }, | |
| "tags": { | |
| "type": "object", | |
| "defaultValue": { | |
| "Cost Center": "[resourceGroup().tags['Cost Center']]", | |
| "Location": "[resourceGroup().tags['Location']]", | |
| "Environment": "[resourceGroup().tags['Environment']]", | |
| "Owner": "[resourceGroup().tags['Owner']]", | |
| "Organization": "[parameters('organization')]", | |
| "Created Date": "[resourceGroup().tags['Created Date']]", | |
| "Tier": "[resourceGroup().tags['Tier']]" | |
| } | |
| }, | |
| }, | |
| "variables": { | |
| "deployment-prefix": "[concat('workload-', parameters('organization'))]", | |
| "uniqueString": "[uniqueString(subscription().id, concat(variables('deployment-prefix'), '-log'))]", | |
| "diagnostic-storageAccount-prefix": "[concat(, 'diag', replace(variables('deployment-prefix'), '-', ''))]", | |
| "diagnostic-storageAccount-name": "[toLower(substring(replace(concat(variables('diagnostic-storageAccount-prefix'), variables('uniqueString'), variables('uniqueString')), '-', ''), 0, 23) )]", | |
| "oms-workspace-name": "[concat('log-', variables('deployment-prefix'))]" | |
| }, | |
| "resources": [ | |
| { | |
| "comments": "----DIAGNOSTICS STORAGE ACCOUNT-----", | |
| "type": "Microsoft.Storage/storageAccounts", | |
| "name": "[variables('diagnostic-storageAccount-name')]", | |
| "apiVersion": "2019-06-01", | |
| "location": "[resourceGroup().location]", | |
| "kind": "StorageV2", | |
| "sku": { | |
| "name": "Standard_LRS", | |
| "tier": "Standard" | |
| }, | |
| "tags": "[parameters('tags')]", | |
| "properties": { | |
| "supportsHttpsTrafficOnly": true, | |
| "networkAcls": { | |
| "bypass": "AzureServices", | |
| "defaultAction": "Deny" | |
| } | |
| } | |
| }, | |
| { | |
| "type": "Microsoft.Storage/storageAccounts/providers/locks", | |
| "apiVersion": "2016-09-01", | |
| "name": "[concat(variables('diagnostic-storageAccount-name'), '/Microsoft.Authorization/storageDoNotDelete')]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.Storage/storageAccounts/', variables('diagnostic-storageAccount-name'))]" | |
| ], | |
| "comments": "Resource lock on diagnostic storage account", | |
| "properties": { | |
| "level": "CannotDelete" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "location": "[parameters('location')]", | |
| "name": "[variables('oms-workspace-name')]", | |
| "properties": { | |
| "sku": { | |
| "Name": "[parameters('service-tier')]" | |
| }, | |
| "retention": "[parameters('data-retention')]" | |
| }, | |
| "tags": {}, | |
| "type": "Microsoft.OperationalInsights/workspaces" | |
| }, | |
| { | |
| "type": "Microsoft.OperationalInsights/workspaces/providers/locks", | |
| "apiVersion": "2016-09-01", | |
| "name": "[concat(variables('oms-workspace-name'), '/Microsoft.Authorization/logAnalyticsDoNotDelete')]", | |
| "dependsOn": [ | |
| "[variables('oms-workspace-name')]" | |
| ], | |
| "comments": "Resource lock on Log Analytics", | |
| "properties": { | |
| "level": "CannotDelete" | |
| } | |
| } | |
| ], | |
| "outputs": { | |
| "resourceID": { | |
| "type": "string", | |
| "value": "[resourceId('Microsoft.OperationalInsights/workspaces/', variables('oms-workspace-name'))]" | |
| }, | |
| "workspaceName":{ | |
| "type": "string", | |
| "value": "[variables('omsWorkspaceName')]" | |
| }, | |
| "workspaceId":{ | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces/', variables('omsWorkspaceName')), '2017-04-26-preview').customerId]" | |
| }, | |
| "workspaceKey":{ | |
| "type": "string", | |
| "value": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces/', variables('omsWorkspaceName')), '2017-04-26-preview').primarySharedKey]" | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logs | |
| | where Level == "Critical" | |
| | count |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "workspaceName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Workspace name" | |
| } | |
| }, | |
| "sku": { | |
| "type": "string", | |
| "allowedValues": [ | |
| "PerGB2018", | |
| "Free", | |
| "Standalone", | |
| "PerNode", | |
| "Standard", | |
| "Premium" | |
| ], | |
| "defaultValue": "pergb2018", | |
| "metadata": { | |
| "description": "Pricing tier: pergb2018 or legacy tiers (Free, Standalone, PerNode, Standard or Premium) which are not available to all customers." | |
| } | |
| }, | |
| "dataRetention": { | |
| "type": "int", | |
| "defaultValue": 30, | |
| "minValue": 7, | |
| "maxValue": 730, | |
| "metadata": { | |
| "description": "Number of days of retention. Workspaces in the legacy Free pricing tier can only have 7 days." | |
| } | |
| }, | |
| "immediatePurgeDataOn30Days": { | |
| "type": "bool", | |
| "defaultValue": "[bool('false')]", | |
| "metadata": { | |
| "description": "If set to true, changing retention to 30 days will immediately delete older data. Use this with extreme caution. This only applies when retention is being set to 30 days." | |
| } | |
| }, | |
| "location": { | |
| "type": "string", | |
| "allowedValues": [ | |
| "australiacentral", | |
| "australiaeast", | |
| "australiasoutheast", | |
| "brazilsouth", | |
| "canadacentral", | |
| "centralindia", | |
| "centralus", | |
| "eastasia", | |
| "eastus", | |
| "eastus2", | |
| "francecentral", | |
| "japaneast", | |
| "koreacentral", | |
| "northcentralus", | |
| "northeurope", | |
| "southafricanorth", | |
| "southcentralus", | |
| "southeastasia", | |
| "uksouth", | |
| "ukwest", | |
| "westcentralus", | |
| "westeurope", | |
| "westus", | |
| "westus2" | |
| ], | |
| "metadata": { | |
| "description": "Specifies the location in which to create the workspace." | |
| } | |
| }, | |
| "applicationDiagnosticsStorageAccountName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Name of the storage account with Azure diagnostics output" | |
| } | |
| }, | |
| "applicationDiagnosticsStorageAccountResourceGroup": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The resource group name containing the storage account with Azure diagnostics output" | |
| } | |
| }, | |
| "customLogName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "The custom log name" | |
| } | |
| } | |
| }, | |
| "variables": { | |
| "Updates": { | |
| "Name": "[Concat('Updates', '(', parameters('workspaceName'), ')')]", | |
| "GalleryName": "Updates" | |
| }, | |
| "AntiMalware": { | |
| "Name": "[concat('AntiMalware', '(', parameters('workspaceName'), ')')]", | |
| "GalleryName": "AntiMalware" | |
| }, | |
| "SQLAssessment": { | |
| "Name": "[Concat('SQLAssessment', '(', parameters('workspaceName'), ')')]", | |
| "GalleryName": "SQLAssessment" | |
| }, | |
| "diagnosticsStorageAccount": "[resourceId(parameters('applicationDiagnosticsStorageAccountResourceGroup'), 'Microsoft.Storage/storageAccounts', parameters('applicationDiagnosticsStorageAccountName'))]" | |
| }, | |
| "resources": [ | |
| { | |
| "apiVersion": "2017-03-15-preview", | |
| "type": "Microsoft.OperationalInsights/workspaces", | |
| "name": "[parameters('workspaceName')]", | |
| "location": "[parameters('location')]", | |
| "properties": { | |
| "retentionInDays": "[parameters('dataRetention')]", | |
| "features": { | |
| "immediatePurgeDataOn30Days": "[parameters('immediatePurgeDataOn30Days')]" | |
| }, | |
| "sku": { | |
| "name": "[parameters('sku')]" | |
| } | |
| }, | |
| "resources": [ | |
| { | |
| "apiVersion": "2015-03-20", | |
| "name": "VMSS Queries2", | |
| "type": "savedSearches", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "eTag": "*", | |
| "category": "VMSS", | |
| "displayName": "VMSS Instance Count", | |
| "query": "Event | where Source == \"ServiceFabricNodeBootstrapAgent\" | summarize AggregatedValue = count() by Computer", | |
| "version": 1 | |
| } | |
| }, | |
| { | |
| "apiVersion": "2017-04-26-preview", | |
| "name": "Cross workspace function", | |
| "type": "savedSearches", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "etag": "*", | |
| "displayName": "failedLogOnEvents", | |
| "category": "Security", | |
| "FunctionAlias": "failedlogonsecurityevents", | |
| "query": " | |
| union withsource=SourceWorkspace | |
| workspace('workspace1').SecurityEvent, | |
| workspace('workspace2').SecurityEvent, | |
| workspace('workspace3').SecurityEvent, | |
| | where EventID == 4625" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleWindowsEvent1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "WindowsEvent", | |
| "properties": { | |
| "eventLogName": "Application", | |
| "eventTypes": [ | |
| { | |
| "eventType": "Error" | |
| }, | |
| { | |
| "eventType": "Warning" | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleWindowsPerfCounter1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "WindowsPerformanceCounter", | |
| "properties": { | |
| "objectName": "Memory", | |
| "instanceName": "*", | |
| "intervalSeconds": 10, | |
| "counterName": "Available MBytes" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleIISLog1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "IISLogs", | |
| "properties": { | |
| "state": "OnPremiseEnabled" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleSyslog1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "LinuxSyslog", | |
| "properties": { | |
| "syslogName": "kern", | |
| "syslogSeverities": [ | |
| { | |
| "severity": "emerg" | |
| }, | |
| { | |
| "severity": "alert" | |
| }, | |
| { | |
| "severity": "crit" | |
| }, | |
| { | |
| "severity": "err" | |
| }, | |
| { | |
| "severity": "warning" | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleSyslogCollection1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "LinuxSyslogCollection", | |
| "properties": { | |
| "state": "Enabled" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleLinuxPerf1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "LinuxPerformanceObject", | |
| "properties": { | |
| "performanceCounters": [ | |
| { | |
| "counterName": "% Used Inodes" | |
| }, | |
| { | |
| "counterName": "Free Megabytes" | |
| }, | |
| { | |
| "counterName": "% Used Space" | |
| }, | |
| { | |
| "counterName": "Disk Transfers/sec" | |
| }, | |
| { | |
| "counterName": "Disk Reads/sec" | |
| }, | |
| { | |
| "counterName": "Disk Writes/sec" | |
| } | |
| ], | |
| "objectName": "Logical Disk", | |
| "instanceName": "*", | |
| "intervalSeconds": 10 | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "dataSources", | |
| "name": "[concat(parameters('workspaceName'), parameters('customLogName'))]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', '/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "CustomLog", | |
| "properties": { | |
| "customLogName": "[parameters('customLogName')]", | |
| "description": "this is a description", | |
| "extractions": [ | |
| { | |
| "extractionName": "TimeGenerated", | |
| "extractionProperties": { | |
| "dateTimeExtraction": { | |
| "regex": [ | |
| { | |
| "matchIndex": 0, | |
| "numberdGroup": null, | |
| "pattern": "((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]" | |
| } | |
| ] | |
| } | |
| }, | |
| "extractionType": "DateTime" | |
| } | |
| ], | |
| "inputs": [ | |
| { | |
| "location": { | |
| "fileSystemLocations": { | |
| "linuxFileTypeLogPaths": null, | |
| "windowsFileTypeLogPaths": [ | |
| "[concat('c:\\Windows\\Logs\\',parameters('customLogName'))]" | |
| ] | |
| } | |
| }, | |
| "recordDelimiter": { | |
| "regexDelimiter": { | |
| "matchIndex": 0, | |
| "numberdGroup": null, | |
| "pattern": "(^.*((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9].*$)" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "type": "datasources", | |
| "name": "sampleLinuxPerfCollection1", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "kind": "LinuxPerformanceCollection", | |
| "properties": { | |
| "state": "Enabled" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-03-20", | |
| "name": "[concat(parameters('applicationDiagnosticsStorageAccountName'),parameters('workspaceName'))]", | |
| "type": "storageinsightconfigs", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "containers": [ | |
| "wad-iis-logfiles" | |
| ], | |
| "tables": [ | |
| "WADWindowsEventLogsTable" | |
| ], | |
| "storageAccount": { | |
| "id": "[variables('diagnosticsStorageAccount')]", | |
| "key": "[listKeys(variables('diagnosticsStorageAccount'),'2015-06-15').key1]" | |
| } | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "location": "[parameters('location')]", | |
| "name": "[variables('Updates').Name]", | |
| "type": "Microsoft.OperationsManagement/solutions", | |
| "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('Updates').Name)]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| }, | |
| "plan": { | |
| "name": "[variables('Updates').Name]", | |
| "publisher": "Microsoft", | |
| "product": "[Concat('OMSGallery/', variables('Updates').GalleryName)]", | |
| "promotionCode": "" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "location": "[parameters('location')]", | |
| "name": "[variables('AntiMalware').Name]", | |
| "type": "Microsoft.OperationsManagement/solutions", | |
| "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('AntiMalware').Name)]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| }, | |
| "plan": { | |
| "name": "[variables('AntiMalware').Name]", | |
| "publisher": "Microsoft", | |
| "product": "[Concat('OMSGallery/', variables('AntiMalware').GalleryName)]", | |
| "promotionCode": "" | |
| } | |
| }, | |
| { | |
| "apiVersion": "2015-11-01-preview", | |
| "location": "[parameters('location')]", | |
| "name": "[variables('SQLAssessment').Name]", | |
| "type": "Microsoft.OperationsManagement/solutions", | |
| "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('SQLAssessment').Name)]", | |
| "dependsOn": [ | |
| "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| ], | |
| "properties": { | |
| "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]" | |
| }, | |
| "plan": { | |
| "name": "[variables('SQLAssessment').Name]", | |
| "publisher": "Microsoft", | |
| "product": "[Concat('OMSGallery/', variables('SQLAssessment').GalleryName)]", | |
| "promotionCode": "" | |
| } | |
| } | |
| ] | |
| } | |
| ], | |
| "outputs": { | |
| "workspaceName": { | |
| "type": "string", | |
| "value": "[parameters('workspaceName')]" | |
| }, | |
| "provisioningState": { | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').provisioningState]" | |
| }, | |
| "source": { | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').source]" | |
| }, | |
| "customerId": { | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').customerId]" | |
| }, | |
| "sku": { | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').sku.name]" | |
| }, | |
| "retentionInDays": { | |
| "type": "int", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').retentionInDays]" | |
| }, | |
| "immediatePurgeDataOn30Days": { | |
| "type": "bool", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').features.immediatePurgeDataOn30Days]" | |
| }, | |
| "portalUrl": { | |
| "type": "string", | |
| "value": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName')), '2015-11-01-preview').portalUrl]" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment