Skip to content

Instantly share code, notes, and snippets.

@machv

machv/README.md

Created March 21, 2025 12:24
Show Gist options
  • Save machv/92cd67fa2022f941310b88ec1a3c08c4 to your computer and use it in GitHub Desktop.
Save machv/92cd67fa2022f941310b88ec1a3c08c4 to your computer and use it in GitHub Desktop.
Download ZIP
Custom Data Collection Rule for VM Insights and event logging
Raw
README.md

Deploy

az deployment group create --resource-group "rg-data" --template-file dcr.bicep --parameters "workspaceName=log-arc-001" "dcrName=dcr-test-001" "workspaceResourceGroupName=rg-arc" "location=westeurope"
Raw
dcr.bicep
param workspaceName string
param dcrName string
param location string = resourceGroup().location
param workspaceResourceGroupName string = resourceGroup().name
resource workspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
name: workspaceName
scope: resourceGroup(workspaceResourceGroupName)
}
resource dcr 'Microsoft.Insights/dataCollectionRules@2022-06-01' = {
properties: {
description: 'Custom Data collection rule with VM Insights'
dataSources: {
windowsEventLogs: [
{
streams: [
'Microsoft-Event'
]
xPathQueries: [
'Application!*[System[(Level=1)]]'
]
name: 'eventLogsDataSource'
}
]
performanceCounters: [
{
streams: [
'Microsoft-InsightsMetrics'
]
samplingFrequencyInSeconds: 60
counterSpecifiers: [
'\\VmInsights\\DetailedMetrics'
]
name: 'VMInsightsPerfCounters'
}
]
}
destinations: {
logAnalytics: [
{
workspaceResourceId: workspace.id
name: 'workspace'
}
]
}
dataFlows: [
{
streams: [
'Microsoft-Event'
]
destinations: [
'workspace'
]
transformKql: 'source'
outputStream: 'Microsoft-Event'
}
{
streams: [
'Microsoft-InsightsMetrics'
]
destinations: [
'workspace'
]
}
]
}
location: location
kind: 'Windows'
name: dcrName
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment