Data
Definition of ARM tracked top level resource. Uses Azure REST API version 2022-06-01. In version 1.x of the Azure Native provider, it used API version 2019-11-01-preview. Other available API versions: 2023-03-11.
Example Usage
Create or update data collection rule
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var dataCollectionRule = new AzureNative.Insights.DataCollectionRule("dataCollectionRule", new()
{
DataCollectionRuleName = "myCollectionRule",
DataFlows = new[]
{
new AzureNative.Insights.Inputs.DataFlowArgs
{
Destinations = new[]
{
"centralWorkspace",
},
Streams = new[]
{
AzureNative.Insights.KnownDataFlowStreams.Microsoft_Perf,
AzureNative.Insights.KnownDataFlowStreams.Microsoft_Syslog,
AzureNative.Insights.KnownDataFlowStreams.Microsoft_WindowsEvent,
},
},
},
DataSources = new AzureNative.Insights.Inputs.DataCollectionRuleDataSourcesArgs
{
PerformanceCounters = new[]
{
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length",
},
Name = "cloudTeamCoreCounters",
SamplingFrequencyInSeconds = 15,
Streams = new[]
{
AzureNative.Insights.KnownPerfCounterDataSourceStreams.Microsoft_Perf,
},
},
new AzureNative.Insights.Inputs.PerfCounterDataSourceArgs
{
CounterSpecifiers = new[]
{
"\\Process(_Total)\\Thread Count",
},
Name = "appTeamExtraCounters",
SamplingFrequencyInSeconds = 30,
Streams = new[]
{
AzureNative.Insights.KnownPerfCounterDataSourceStreams.Microsoft_Perf,
},
},
},
Syslog = new[]
{
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
AzureNative.Insights.KnownSyslogDataSourceFacilityNames.Cron,
},
LogLevels = new[]
{
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Debug,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Critical,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Emergency,
},
Name = "cronSyslog",
Streams = new[]
{
AzureNative.Insights.KnownSyslogDataSourceStreams.Microsoft_Syslog,
},
},
new AzureNative.Insights.Inputs.SyslogDataSourceArgs
{
FacilityNames = new[]
{
AzureNative.Insights.KnownSyslogDataSourceFacilityNames.Syslog,
},
LogLevels = new[]
{
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Alert,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Critical,
AzureNative.Insights.KnownSyslogDataSourceLogLevels.Emergency,
},
Name = "syslogBase",
Streams = new[]
{
AzureNative.Insights.KnownSyslogDataSourceStreams.Microsoft_Syslog,
},
},
},
WindowsEventLogs = new[]
{
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "cloudSecurityTeamEvents",
Streams = new[]
{
AzureNative.Insights.KnownWindowsEventLogDataSourceStreams.Microsoft_WindowsEvent,
},
XPathQueries = new[]
{
"Security!",
},
},
new AzureNative.Insights.Inputs.WindowsEventLogDataSourceArgs
{
Name = "appTeam1AppEvents",
Streams = new[]
{
AzureNative.Insights.KnownWindowsEventLogDataSourceStreams.Microsoft_WindowsEvent,
},
XPathQueries = new[]
{
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]",
},
},
},
},
Destinations = new AzureNative.Insights.Inputs.DataCollectionRuleDestinationsArgs
{
LogAnalytics = new[]
{
new AzureNative.Insights.Inputs.LogAnalyticsDestinationArgs
{
Name = "centralWorkspace",
WorkspaceResourceId = "/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace",
},
},
},
Location = "eastus",
ResourceGroupName = "myResourceGroup",
});
});Content copied to clipboard
package main
import (
insights "github.com/pulumi/pulumi-azure-native-sdk/insights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := insights.NewDataCollectionRule(ctx, "dataCollectionRule", &insights.DataCollectionRuleArgs{
DataCollectionRuleName: pulumi.String("myCollectionRule"),
DataFlows: insights.DataFlowArray{
&insights.DataFlowArgs{
Destinations: pulumi.StringArray{
pulumi.String("centralWorkspace"),
},
Streams: pulumi.StringArray{
pulumi.String(insights.KnownDataFlowStreams_Microsoft_Perf),
pulumi.String(insights.KnownDataFlowStreams_Microsoft_Syslog),
pulumi.String(insights.KnownDataFlowStreams_Microsoft_WindowsEvent),
},
},
},
DataSources: &insights.DataCollectionRuleDataSourcesArgs{
PerformanceCounters: insights.PerfCounterDataSourceArray{
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Processor(_Total)\\% Processor Time"),
pulumi.String("\\Memory\\Committed Bytes"),
pulumi.String("\\LogicalDisk(_Total)\\Free Megabytes"),
pulumi.String("\\PhysicalDisk(_Total)\\Avg. Disk Queue Length"),
},
Name: pulumi.String("cloudTeamCoreCounters"),
SamplingFrequencyInSeconds: pulumi.Int(15),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownPerfCounterDataSourceStreams_Microsoft_Perf),
},
},
&insights.PerfCounterDataSourceArgs{
CounterSpecifiers: pulumi.StringArray{
pulumi.String("\\Process(_Total)\\Thread Count"),
},
Name: pulumi.String("appTeamExtraCounters"),
SamplingFrequencyInSeconds: pulumi.Int(30),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownPerfCounterDataSourceStreams_Microsoft_Perf),
},
},
},
Syslog: insights.SyslogDataSourceArray{
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceFacilityNamesCron),
},
LogLevels: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceLogLevelsDebug),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsCritical),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsEmergency),
},
Name: pulumi.String("cronSyslog"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceStreams_Microsoft_Syslog),
},
},
&insights.SyslogDataSourceArgs{
FacilityNames: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceFacilityNamesSyslog),
},
LogLevels: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceLogLevelsAlert),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsCritical),
pulumi.String(insights.KnownSyslogDataSourceLogLevelsEmergency),
},
Name: pulumi.String("syslogBase"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownSyslogDataSourceStreams_Microsoft_Syslog),
},
},
},
WindowsEventLogs: insights.WindowsEventLogDataSourceArray{
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("cloudSecurityTeamEvents"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownWindowsEventLogDataSourceStreams_Microsoft_WindowsEvent),
},
XPathQueries: pulumi.StringArray{
pulumi.String("Security!"),
},
},
&insights.WindowsEventLogDataSourceArgs{
Name: pulumi.String("appTeam1AppEvents"),
Streams: pulumi.StringArray{
pulumi.String(insights.KnownWindowsEventLogDataSourceStreams_Microsoft_WindowsEvent),
},
XPathQueries: pulumi.StringArray{
pulumi.String("System![System[(Level = 1 or Level = 2 or Level = 3)]]"),
pulumi.String("Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]"),
},
},
},
},
Destinations: &insights.DataCollectionRuleDestinationsArgs{
LogAnalytics: insights.LogAnalyticsDestinationArray{
&insights.LogAnalyticsDestinationArgs{
Name: pulumi.String("centralWorkspace"),
WorkspaceResourceId: pulumi.String("/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace"),
},
},
},
Location: pulumi.String("eastus"),
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.insights.DataCollectionRule;
import com.pulumi.azurenative.insights.DataCollectionRuleArgs;
import com.pulumi.azurenative.insights.inputs.DataFlowArgs;
import com.pulumi.azurenative.insights.inputs.DataCollectionRuleDataSourcesArgs;
import com.pulumi.azurenative.insights.inputs.DataCollectionRuleDestinationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataCollectionRule = new DataCollectionRule("dataCollectionRule", DataCollectionRuleArgs.builder()
.dataCollectionRuleName("myCollectionRule")
.dataFlows(DataFlowArgs.builder()
.destinations("centralWorkspace")
.streams(
"Microsoft-Perf",
"Microsoft-Syslog",
"Microsoft-WindowsEvent")
.build())
.dataSources(DataCollectionRuleDataSourcesArgs.builder()
.performanceCounters(
PerfCounterDataSourceArgs.builder()
.counterSpecifiers(
"\\Processor(_Total)\\% Processor Time",
"\\Memory\\Committed Bytes",
"\\LogicalDisk(_Total)\\Free Megabytes",
"\\PhysicalDisk(_Total)\\Avg. Disk Queue Length")
.name("cloudTeamCoreCounters")
.samplingFrequencyInSeconds(15)
.streams("Microsoft-Perf")
.build(),
PerfCounterDataSourceArgs.builder()
.counterSpecifiers("\\Process(_Total)\\Thread Count")
.name("appTeamExtraCounters")
.samplingFrequencyInSeconds(30)
.streams("Microsoft-Perf")
.build())
.syslog(
SyslogDataSourceArgs.builder()
.facilityNames("cron")
.logLevels(
"Debug",
"Critical",
"Emergency")
.name("cronSyslog")
.streams("Microsoft-Syslog")
.build(),
SyslogDataSourceArgs.builder()
.facilityNames("syslog")
.logLevels(
"Alert",
"Critical",
"Emergency")
.name("syslogBase")
.streams("Microsoft-Syslog")
.build())
.windowsEventLogs(
WindowsEventLogDataSourceArgs.builder()
.name("cloudSecurityTeamEvents")
.streams("Microsoft-WindowsEvent")
.xPathQueries("Security!")
.build(),
WindowsEventLogDataSourceArgs.builder()
.name("appTeam1AppEvents")
.streams("Microsoft-WindowsEvent")
.xPathQueries(
"System![System[(Level = 1 or Level = 2 or Level = 3)]]",
"Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]")
.build())
.build())
.destinations(DataCollectionRuleDestinationsArgs.builder()
.logAnalytics(LogAnalyticsDestinationArgs.builder()
.name("centralWorkspace")
.workspaceResourceId("/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace")
.build())
.build())
.location("eastus")
.resourceGroupName("myResourceGroup")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:insights:DataCollectionRule myCollectionRule /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}Content copied to clipboard
Properties
Link copied to clipboard
The resource ID of the data collection endpoint that this rule can be used with.
Link copied to clipboard
The specification of data flows.
Link copied to clipboard
The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint.
Link copied to clipboard
Description of the data collection rule.
Link copied to clipboard
The specification of destinations.
Link copied to clipboard
Managed service identity of the resource.
Link copied to clipboard
The immutable ID of this data collection rule. This property is READ-ONLY.
Link copied to clipboard
Metadata about the resource
Link copied to clipboard
The resource provisioning state.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Declaration of custom streams used in this rule.
Link copied to clipboard
Metadata pertaining to creation and last modification of the resource.