azurermMonitorDataCollectionRule
Manages a Data Collection Rule.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermLogAnalyticsWorkspaceExample =
new azurerm.logAnalyticsWorkspace.LogAnalyticsWorkspace(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-workspace",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsWorkspaceExample.overrideLogicalId("example");
const azurermLogAnalyticsSolutionExample =
new azurerm.logAnalyticsSolution.LogAnalyticsSolution(this, "example_2", {
location: azurermResourceGroupExample.location,
plan: [
{
product: "OMSGallery/WindowsEventForwarding",
publisher: "Microsoft",
},
],
resource_group_name: azurermResourceGroupExample.name,
solution_name: "WindowsEventForwarding",
workspace_name: azurermLogAnalyticsWorkspaceExample.name,
workspace_resource_id: azurermLogAnalyticsWorkspaceExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsSolutionExample.overrideLogicalId("example");
const azurermMonitorDataCollectionRuleExample =
new azurerm.monitorDataCollectionRule.MonitorDataCollectionRule(
this,
"example_3",
{
data_flow: [
{
destinations: ["test-destination-metrics"],
streams: ["Microsoft-InsightsMetrics"],
},
{
destinations: ["test-destination-log"],
streams: [
"Microsoft-InsightsMetrics",
"Microsoft-Syslog",
"Microsoft-Perf",
],
},
],
data_sources: [
{
extension: [
{
extension_json:
'${jsonencode({\n a = 1\n b = "hello"\n })}',
extension_name: "test-extension-name",
input_data_sources: ["test-datasource-wineventlog"],
name: "test-datasource-extension",
streams: ["Microsoft-WindowsEvent"],
},
],
performance_counter: [
{
counter_specifiers: ["Processor(*)\\% Processor Time"],
name: "test-datasource-perfcounter",
sampling_frequency_in_seconds: 60,
streams: ["Microsoft-Perf", "Microsoft-InsightsMetrics"],
},
],
syslog: [
{
facility_names: ["*"],
log_levels: ["*"],
name: "test-datasource-syslog",
},
],
windows_event_log: [
{
name: "test-datasource-wineventlog",
streams: ["Microsoft-WindowsEvent"],
x_path_queries: ["*![System/Level=1]"],
},
],
},
],
depends_on: [`\${${azurermLogAnalyticsSolutionExample.fqn}}`],
description: "data collection rule example",
destinations: [
{
azure_monitor_metrics: [
{
name: "test-destination-metrics",
},
],
log_analytics: [
{
name: "test-destination-log",
workspace_resource_id: azurermLogAnalyticsWorkspaceExample.id,
},
],
},
],
location: azurermResourceGroupExample.location,
name: "example-rule",
resource_group_name: azurermResourceGroupExample.name,
tags: {
foo: "bar",
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermMonitorDataCollectionRuleExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
dataFlow
- (Required) One or moredataFlow
blocks as defined below. -
destinations
- (Required) Adestinations
block as defined below. -
location
- (Required) The Azure Region where the Data Collection Rule should exist. Changing this forces a new Data Collection Rule to be created. -
name
- (Required) The name which should be used for this Data Collection Rule. Changing this forces a new Data Collection Rule to be created. -
resourceGroupName
- (Required) The name of the Resource Group where the Data Collection Rule should exist. Changing this forces a new Data Collection Rule to be created.
-
dataSources
- (Optional) AdataSources
block as defined below. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint. -
description
- (Optional) The description of the Data Collection Rule. -
kind
- (Optional) The kind of the Data Collection Rule. Possible values arelinux
andwindows
. A rule of kindlinux
does not allow forwindowsEventLog
data sources. And a rule of kindwindows
does not allow forsyslog
data sources. If kind is not specified, all kinds of data sources are allowed. -
tags
- (Optional) A mapping of tags which should be assigned to the Data Collection Rule.
A azureMonitorMetrics
block supports the following:
name
- (Required) The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule.
A dataFlow
block supports the following:
-
destinations
- (Required) Specifies a list of destination names. AazureMonitorMetrics
data source only allows for stream of kindmicrosoftInsightsMetrics
. -
streams
- (Required) Specifies a list of streams. Possible values include but not limited tomicrosoftEvent
,microsoftInsightsMetrics
,microsoftPerf
,microsoftSyslog
,andmicrosoftWindowsEvent
.
A dataSources
block supports the following:
-
extension
- (Optional) One or moreextension
blocks as defined below. -
performanceCounter
- (Optional) One or moreperformanceCounter
blocks as defined below. -
syslog
- (Optional) One or moresyslog
blocks as defined below. -
windowsEventLog
- (Optional) One or morewindowsEventLog
blocks as defined below.
A destinations
block supports the following:
-
azureMonitorMetrics
- (Optional) AazureMonitorMetrics
block as defined above. -
logAnalytics
- (Optional) One or morelogAnalytics
blocks as defined below.
-> NOTE At least one of azureMonitorMetrics
and logAnalytics
blocks must be specified.
A extension
block supports the following:
-
extensionName
- (Required) The name of the VM extension. -
name
- (Required) The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. -
streams
- (Required) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited tomicrosoftEvent
,microsoftInsightsMetrics
,microsoftPerf
,microsoftSyslog
,microsoftWindowsEvent
. -
extensionJson
- (Optional) A JSON String which specifies the extension setting. -
inputDataSources
- (Optional) Specifies a list of data sources this extension needs data from. An item should be a name of a supported data source which produces only one stream. Supported data sources type:performanceCounter
,windowsEventLog
,andsyslog
.
A logAnalytics
block supports the following:
-
name
- (Required) The name which should be used for this destination. This name should be unique across all destinations regardless of type within the Data Collection Rule. -
workspaceResourceId
- (Required) The ID of a Log Analytic Workspace resource.
A performanceCounter
block supports the following:
-
counterSpecifiers
- (Required) Specifies a list of specifier names of the performance counters you want to collect. To get a list of performance counters on Windows, run the commandtypeperf
. Please see this document for more information. -
name
- (Required) The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. -
samplingFrequencyInSeconds
- (Required) The number of seconds between consecutive counter measurements (samples). The value should be integer between1
and300
inclusive.samplingFrequencyInSeconds
must be equal to60
seconds for counters collected withmicrosoftInsightsMetrics
stream. -
streams
- (Required) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited tomicrosoftInsightsMetrics
,andmicrosoftPerf
.
A syslog
block supports the following:
-
facilityNames
- (Required) Specifies a list of facility names. Use a wildcard*
to collect logs for all facility names. Possible values areauth
,authpriv
,cron
,daemon
,kern
,lpr
,mail
,mark
,news
,syslog
,user
,uucp
,local0
,local1
,local2
,local3
,local4
,local5
,local6
,local7
,and*
. -
logLevels
- (Required) Specifies a list of log levels. Use a wildcard*
to collect logs for all log levels. Possible values aredebug
,info
,notice
,warning
,error
,critical
,alert
,emergency
,and*
. -
name
- (Required) The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. -
streams
- (Optional) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited tomicrosoftSyslog
,andmicrosoftCiscoAsa
, andmicrosoftCommonSecurityLog
.
-> Note: In 4.0 or later version of the provider, streams
will be required. In 3.x version of provider, if streams
is not specified in creation, it is default to ["microsoftSyslog"]
. if streams
need to be modified (include change other value to the default value), it must be explicitly specified.
A windowsEventLog
block supports the following:
-
name
- (Required) The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule. -
streams
- (Required) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited tomicrosoftEvent
,andmicrosoftWindowsEvent
,microsoftRomeDetectionEvent
, andmicrosoftSecurityEvent
. -
xPathQueries
- (Required) Specifies a list of Windows Event Log queries in XPath expression. Please see this document for more information.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Data Collection Rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Data Collection Rule.read
- (Defaults to 5 minutes) Used when retrieving the Data Collection Rule.update
- (Defaults to 30 minutes) Used when updating the Data Collection Rule.delete
- (Defaults to 30 minutes) Used when deleting the Data Collection Rule.
Import
Data Collection Rules can be imported using the resourceId
, e.g.