Data
data class DataCollectionRuleArgs(val dataCollectionEndpointId: Output<String>? = null, val dataCollectionRuleName: Output<String>? = null, val dataFlows: Output<List<DataFlowArgs>>? = null, val dataSources: Output<DataCollectionRuleDataSourcesArgs>? = null, val description: Output<String>? = null, val destinations: Output<DataCollectionRuleDestinationsArgs>? = null, val identity: Output<DataCollectionRuleResourceIdentityArgs>? = null, val kind: Output<Either<String, KnownDataCollectionRuleResourceKind>>? = null, val location: Output<String>? = null, val resourceGroupName: Output<String>? = null, val streamDeclarations: Output<Map<String, StreamDeclarationArgs>>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<DataCollectionRuleArgs>
Definition of ARM tracked top level resource. Uses Azure REST API version 2022-06-01. In version 1.x of the Azure Native provider, it used API version 2019-11-01-preview. Other available API versions: 2023-03-11.
Example Usage
Create or update data collection rule
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var dataCollectionRule = new AzureNative.Insights.DataCollectionRule("dataCollectionRule", new()
{
DataCollectionRuleName = "myCollectionRule",
DataFlows = new[]
{
new AzureNative.Insights.Inputs.DataFlowArgs
{
Destinations = new[]
{
"centralWorkspace",
},
Streams = new[]
{
AzureNative.Insights.KnownDataFlowStreams.Microsoft_Perf,
AzureNative.Insights.KnownDataFlowStreams.Microsoft_Syslog,
AzureNative.Insights.KnownDataFlowStreams.Microsoft_WindowsEvent,
},
},
},
DataSources = new AzureNative.Insights.Inputs.DataCollectionRuleDataSourcesArgs
{
PerformanceCounters = new[]
{
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length",
},
Name = "cloudTeamCoreCounters",
SamplingFrequencyInSeconds = 15,
Streams = new[]
{
AzureNative.Insights.KnownPerfCounterDataSourceStreams.Microsoft_Perf,
},
},
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Process(_Total)\\Thread Count",
},
Name = "appTeamExtraCounters",
SamplingFrequencyInSeconds = 30,
Streams = new[]
{
AzureNative.Insights.KnownPerfCounterDataSourceStreams.Microsoft_Perf,
},
},
},
Syslog = new[]
{
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
AzureNative.Insights.KnownSyslogDataSourceFacilityNames.Cron,
},
LogLevels = new[]
{
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Debug,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Critical,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Emergency,
},
Name = "cronSyslog",
Streams = new[]
{
AzureNative.Insights.KnownSyslogDataSourceStreams.Microsoft_Syslog,
},
},
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
AzureNative.Insights.KnownSyslogDataSourceFacilityNames.Syslog,
},
LogLevels = new[]
{
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Alert,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Critical,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Emergency,
},
Name = "syslogBase",
Streams = new[]
{
AzureNative.Insights.KnownSyslogDataSourceStreams.Microsoft_Syslog,
},
},
},
WindowsEventLogs = new[]
{
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "cloudSecurityTeamEvents",
Streams = new[]
{
AzureNative.Insights.KnownWindowsEventLogDataSourceStreams.Microsoft_WindowsEvent,
},
XPathQueries = new[]
{
"Security!",
},
},
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "appTeam1AppEvents",
Streams = new[]
{
AzureNative.Insights.KnownWindowsEventLogDataSourceStreams.Microsoft_WindowsEvent,
},
XPathQueries = new[]
{
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]",
},
},
},
},
Destinations = new AzureNative.Insights.Inputs.DataCollectionRuleDestinationsArgs
{
LogAnalytics = new[]
{
new AzureNative.Insights.Inputs.LogAnalyticsDestinationArgs
{
Name = "centralWorkspace",
WorkspaceResourceId = "/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace",
},
},
},
Location = "eastus",
ResourceGroupName = "myResourceGroup",
});
});Content copied to clipboard
package main
import (
insights "github.com/pulumi/pulumi-azure-native-sdk/insights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := insights.NewDataCollectionRule(ctx, "dataCollectionRule", &insights.DataCollectionRuleArgs{
DataCollectionRuleName: pulumi.String("myCollectionRule"),
DataFlows: insights.DataFlowArray{
&insights.DataFlowArgs{
Destinations: pulumi.StringArray{
pulumi.String("centralWorkspace"),
},
Streams: pulumi.StringArray{
pulumi.String(insights.KnownDataFlowStreams_Microsoft_Perf),
pulumi.String(insights.KnownDataFlowStreams_Microsoft_Syslog),
pulumi.String(insights.KnownDataFlowStreams_Microsoft_WindowsEvent),
},
},
},
DataSources: &insights.DataCollectionRuleDataSourcesArgs{
PerformanceCounters: insights.PerfCounterDataSourceArray{
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Processor(_Total)\\% Processor Time"),
pulumi.String("\\Memory\\Committed Bytes"),
pulumi.String("\\LogicalDisk(_Total)\\Free Megabytes"),
pulumi.String("\\PhysicalDisk(_Total)\\Avg. Disk Queue Length"),
},
Name: pulumi.String("cloudTeamCoreCounters"),
SamplingFrequencyInSeconds: pulumi.Int(15),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownPerfCounterDataSourceStreams_Microsoft_Perf),
},
},
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Process(_Total)\\Thread Count"),
},
Name: pulumi.String("appTeamExtraCounters"),
SamplingFrequencyInSeconds: pulumi.Int(30),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownPerfCounterDataSourceStreams_Microsoft_Perf),
},
},
},
Syslog: insights.SyslogDataSourceArray{
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceFacilityNamesCron),
},
LogLevels: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceLogLevelsDebug),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsCritical),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsEmergency),
},
Name: pulumi.String("cronSyslog"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceStreams_Microsoft_Syslog),
},
},
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceFacilityNamesSyslog),
},
LogLevels: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceLogLevelsAlert),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsCritical),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsEmergency),
},
Name: pulumi.String("syslogBase"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceStreams_Microsoft_Syslog),
},
},
},
WindowsEventLogs: insights.WindowsEventLogDataSourceArray{
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("cloudSecurityTeamEvents"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownWindowsEventLogDataSourceStreams_Microsoft_WindowsEvent),
},
XPathQueries: pulumi.StringArray{
pulumi.String("Security!"),
},
},
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("appTeam1AppEvents"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownWindowsEventLogDataSourceStreams_Microsoft_WindowsEvent),
},
XPathQueries: pulumi.StringArray{
pulumi.String("System![System[(Level = 1 or Level = 2 or Level = 3)]]"),
pulumi.String("Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"),
},
},
},
},
Destinations: &insights.DataCollectionRuleDestinationsArgs{
LogAnalytics: insights.LogAnalyticsDestinationArray{
&insights.LogAnalyticsDestinationArgs{
Name: pulumi.String("centralWorkspace"),
WorkspaceResourceId: pulumi.String("/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace"),
},
},
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.insights.DataCollectionRule;
import com.pulumi.azurenative.insights.DataCollectionRuleArgs;
import com.pulumi.azurenative.insights.inputs.DataFlowArgs;
import com.pulumi.azurenative.insights.inputs.DataCollectionRuleDataSourcesArgs;
import com.pulumi.azurenative.insights.inputs.DataCollectionRuleDestinationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataCollectionRule = new DataCollectionRule("dataCollectionRule", DataCollectionRuleArgs.builder()
.dataCollectionRuleName("myCollectionRule")
.dataFlows(DataFlowArgs.builder()
.destinations("centralWorkspace")
.streams(
"Microsoft-Perf",
"Microsoft-Syslog",
"Microsoft-WindowsEvent")
.build())
.dataSources(DataCollectionRuleDataSourcesArgs.builder()
.performanceCounters(
PerfCounterDataSourceArgs.builder()
.counterSpecifiers(
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length")
.name("cloudTeamCoreCounters")
.samplingFrequencyInSeconds(15)
.streams("Microsoft-Perf")
.build(),
PerfCounterDataSourceArgs.builder()
.counterSpecifiers("\\Process(_Total)\\Thread Count")
.name("appTeamExtraCounters")
.samplingFrequencyInSeconds(30)
.streams("Microsoft-Perf")
.build())
.syslog(
SyslogDataSourceArgs.builder()
.facilityNames("cron")
.logLevels(
"Debug",
"Critical",
"Emergency")
.name("cronSyslog")
.streams("Microsoft-Syslog")
.build(),
SyslogDataSourceArgs.builder()
.facilityNames("syslog")
.logLevels(
"Alert",
"Critical",
"Emergency")
.name("syslogBase")
.streams("Microsoft-Syslog")
.build())
.windowsEventLogs(
WindowsEventLogDataSourceArgs.builder()
.name("cloudSecurityTeamEvents")
.streams("Microsoft-WindowsEvent")
.xPathQueries("Security!")
.build(),
WindowsEventLogDataSourceArgs.builder()
.name("appTeam1AppEvents")
.streams("Microsoft-WindowsEvent")
.xPathQueries(
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]")
.build())
.build())
.destinations(DataCollectionRuleDestinationsArgs.builder()
.logAnalytics(LogAnalyticsDestinationArgs.builder()
.name("centralWorkspace")
.workspaceResourceId("/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace")
.build())
.build())
.location("eastus")
.resourceGroupName("myResourceGroup")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:insights:DataCollectionRule myCollectionRule /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(dataCollectionEndpointId: Output<String>? = null, dataCollectionRuleName: Output<String>? = null, dataFlows: Output<List<DataFlowArgs>>? = null, dataSources: Output<DataCollectionRuleDataSourcesArgs>? = null, description: Output<String>? = null, destinations: Output<DataCollectionRuleDestinationsArgs>? = null, identity: Output<DataCollectionRuleResourceIdentityArgs>? = null, kind: Output<Either<String, KnownDataCollectionRuleResourceKind>>? = null, location: Output<String>? = null, resourceGroupName: Output<String>? = null, streamDeclarations: Output<Map<String, StreamDeclarationArgs>>? = null, tags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
The resource ID of the data collection endpoint that this rule can be used with.
Link copied to clipboard
The name of the data collection rule. The name is case insensitive.
Link copied to clipboard
The specification of data flows.
Link copied to clipboard
The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint.
Link copied to clipboard
Description of the data collection rule.
Link copied to clipboard
The specification of destinations.
Link copied to clipboard
Managed service identity of the resource.
Link copied to clipboard
The kind of the resource.
Link copied to clipboard
The name of the resource group. The name is case insensitive.
Link copied to clipboard
Declaration of custom streams used in this rule.