Data
data class DataCollectionRuleArgs(val dataCollectionEndpointId: Output<String>? = null, val dataCollectionRuleName: Output<String>? = null, val dataFlows: Output<List<DataFlowArgs>>? = null, val dataSources: Output<DataCollectionRuleDataSourcesArgs>? = null, val description: Output<String>? = null, val destinations: Output<DataCollectionRuleDestinationsArgs>? = null, val identity: Output<DataCollectionRuleResourceIdentityArgs>? = null, val kind: Output<Either<String, KnownDataCollectionRuleResourceKind>>? = null, val location: Output<String>? = null, val resourceGroupName: Output<String>? = null, val streamDeclarations: Output<Map<String, StreamDeclarationArgs>>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<DataCollectionRuleArgs>
Definition of ARM tracked top level resource. Azure REST API version: 2022-06-01. Prior API version in Azure Native 1.x: 2019-11-01-preview.
Example Usage
Create or update data collection rule
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var dataCollectionRule = new AzureNative.Insights.DataCollectionRule("dataCollectionRule", new()
{
DataCollectionRuleName = "myCollectionRule",
DataFlows = new[]
{
new AzureNative.Insights.Inputs.DataFlowArgs
{
Destinations = new[]
{
"centralWorkspace",
},
Streams = new[]
{
"Microsoft-Perf",
"Microsoft-Syslog",
"Microsoft-WindowsEvent",
},
},
},
DataSources = new AzureNative.Insights.Inputs.DataCollectionRuleDataSourcesArgs
{
PerformanceCounters = new[]
{
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length",
},
Name = "cloudTeamCoreCounters",
SamplingFrequencyInSeconds = 15,
Streams = new[]
{
"Microsoft-Perf",
},
},
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Process(_Total)\\Thread Count",
},
Name = "appTeamExtraCounters",
SamplingFrequencyInSeconds = 30,
Streams = new[]
{
"Microsoft-Perf",
},
},
},
Syslog = new[]
{
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
"cron",
},
LogLevels = new[]
{
"Debug",
"Critical",
"Emergency",
},
Name = "cronSyslog",
Streams = new[]
{
"Microsoft-Syslog",
},
},
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
"syslog",
},
LogLevels = new[]
{
"Alert",
"Critical",
"Emergency",
},
Name = "syslogBase",
Streams = new[]
{
"Microsoft-Syslog",
},
},
},
WindowsEventLogs = new[]
{
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "cloudSecurityTeamEvents",
Streams = new[]
{
"Microsoft-WindowsEvent",
},
XPathQueries = new[]
{
"Security!",
},
},
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "appTeam1AppEvents",
Streams = new[]
{
"Microsoft-WindowsEvent",
},
XPathQueries = new[]
{
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]",
},
},
},
},
Destinations = new AzureNative.Insights.Inputs.DataCollectionRuleDestinationsArgs
{
LogAnalytics = new[]
{
new AzureNative.Insights.Inputs.LogAnalyticsDestinationArgs
{
Name = "centralWorkspace",
WorkspaceResourceId = "/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace",
},
},
},
Location = "eastus",
ResourceGroupName = "myResourceGroup",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/insights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := insights.NewDataCollectionRule(ctx, "dataCollectionRule", &insights.DataCollectionRuleArgs{
DataCollectionRuleName: pulumi.String("myCollectionRule"),
DataFlows: []insights.DataFlowArgs{
{
Destinations: pulumi.StringArray{
pulumi.String("centralWorkspace"),
},
Streams: pulumi.StringArray{
pulumi.String("Microsoft-Perf"),
pulumi.String("Microsoft-Syslog"),
pulumi.String("Microsoft-WindowsEvent"),
},
},
},
DataSources: insights.DataCollectionRuleResponseDataSources{
PerformanceCounters: insights.PerfCounterDataSourceArray{
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Processor(_Total)\\% Processor Time"),
pulumi.String("\\Memory\\Committed Bytes"),
pulumi.String("\\LogicalDisk(_Total)\\Free Megabytes"),
pulumi.String("\\PhysicalDisk(_Total)\\Avg. Disk Queue Length"),
},
Name: pulumi.String("cloudTeamCoreCounters"),
SamplingFrequencyInSeconds: pulumi.Int(15),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-Perf"),
},
},
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Process(_Total)\\Thread Count"),
},
Name: pulumi.String("appTeamExtraCounters"),
SamplingFrequencyInSeconds: pulumi.Int(30),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-Perf"),
},
},
},
Syslog: insights.SyslogDataSourceArray{
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String("cron"),
},
LogLevels: pulumi.StringArray{
pulumi.String("Debug"),
pulumi.String("Critical"),
pulumi.String("Emergency"),
},
Name: pulumi.String("cronSyslog"),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-Syslog"),
},
},
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String("syslog"),
},
LogLevels: pulumi.StringArray{
pulumi.String("Alert"),
pulumi.String("Critical"),
pulumi.String("Emergency"),
},
Name: pulumi.String("syslogBase"),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-Syslog"),
},
},
},
WindowsEventLogs: insights.WindowsEventLogDataSourceArray{
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("cloudSecurityTeamEvents"),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-WindowsEvent"),
},
XPathQueries: pulumi.StringArray{
pulumi.String("Security!"),
},
},
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("appTeam1AppEvents"),
Streams: pulumi.StringArray{
pulumi.String("Microsoft-WindowsEvent"),
},
XPathQueries: pulumi.StringArray{
pulumi.String("System![System[(Level = 1 or Level = 2 or Level = 3)]]"),
pulumi.String("Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"),
},
},
},
},
Destinations: insights.DataCollectionRuleResponseDestinations{
LogAnalytics: insights.LogAnalyticsDestinationArray{
&insights.LogAnalyticsDestinationArgs{
Name: pulumi.String("centralWorkspace"),
WorkspaceResourceId: pulumi.String("/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace"),
},
},
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.insights.DataCollectionRule;
import com.pulumi.azurenative.insights.DataCollectionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataCollectionRule = new DataCollectionRule("dataCollectionRule", DataCollectionRuleArgs.builder()
.dataCollectionRuleName("myCollectionRule")
.dataFlows(Map.ofEntries(
Map.entry("destinations", "centralWorkspace"),
Map.entry("streams",
"Microsoft-Perf",
"Microsoft-Syslog",
"Microsoft-WindowsEvent")
))
.dataSources(Map.ofEntries(
Map.entry("performanceCounters",
Map.ofEntries(
Map.entry("counterSpecifiers",
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length"),
Map.entry("name", "cloudTeamCoreCounters"),
Map.entry("samplingFrequencyInSeconds", 15),
Map.entry("streams", "Microsoft-Perf")
),
Map.ofEntries(
Map.entry("counterSpecifiers", "\\Process(_Total)\\Thread Count"),
Map.entry("name", "appTeamExtraCounters"),
Map.entry("samplingFrequencyInSeconds", 30),
Map.entry("streams", "Microsoft-Perf")
)),
Map.entry("syslog",
Map.ofEntries(
Map.entry("facilityNames", "cron"),
Map.entry("logLevels",
"Debug",
"Critical",
"Emergency"),
Map.entry("name", "cronSyslog"),
Map.entry("streams", "Microsoft-Syslog")
),
Map.ofEntries(
Map.entry("facilityNames", "syslog"),
Map.entry("logLevels",
"Alert",
"Critical",
"Emergency"),
Map.entry("name", "syslogBase"),
Map.entry("streams", "Microsoft-Syslog")
)),
Map.entry("windowsEventLogs",
Map.ofEntries(
Map.entry("name", "cloudSecurityTeamEvents"),
Map.entry("streams", "Microsoft-WindowsEvent"),
Map.entry("xPathQueries", "Security!")
),
Map.ofEntries(
Map.entry("name", "appTeam1AppEvents"),
Map.entry("streams", "Microsoft-WindowsEvent"),
Map.entry("xPathQueries",
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]")
))
))
.destinations(Map.of("logAnalytics", Map.ofEntries(
Map.entry("name", "centralWorkspace"),
Map.entry("workspaceResourceId", "/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace")
)))
.location("eastus")
.resourceGroupName("myResourceGroup")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:insights:DataCollectionRule myCollectionRule /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}Content copied to clipboard
Constructors
Link copied to clipboard
fun DataCollectionRuleArgs(dataCollectionEndpointId: Output<String>? = null, dataCollectionRuleName: Output<String>? = null, dataFlows: Output<List<DataFlowArgs>>? = null, dataSources: Output<DataCollectionRuleDataSourcesArgs>? = null, description: Output<String>? = null, destinations: Output<DataCollectionRuleDestinationsArgs>? = null, identity: Output<DataCollectionRuleResourceIdentityArgs>? = null, kind: Output<Either<String, KnownDataCollectionRuleResourceKind>>? = null, location: Output<String>? = null, resourceGroupName: Output<String>? = null, streamDeclarations: Output<Map<String, StreamDeclarationArgs>>? = null, tags: Output<Map<String, String>>? = null)