The Microsoft Azure Monitor Data Collection Rules API allows users to define and configure rules that determine how data is collected and processed in their Azure monitor environment. By creating custom data collection rules, users can specify which data sources to collect from, how frequently data should be collected, and how it should be processed and stored.
swagger: '2.0'
info:
title: Microsoft Azure Azure Monitor Data Collection Rules API
description: Provides operations for working with Azure Monitor data collection rules
version: 2021-09-01-preview
x-ms-code-generation-settings:
name: MonitorManagementClient
host: management.azure.com
schemes:
- https
consumes:
- application/json
produces:
- application/json
paths:
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules:
get:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Lists All Data Collection Rules In The Specified Resource Group'
operationId: microsoftAzureDatacollectionrulesListbyresourcegroup
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
responses:
'200':
description: Request completed successfully
schema:
$ref: '#/definitions/DataCollectionRuleResourceListResult'
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-pageable:
nextLinkName: nextLink
x-ms-examples:
List data collection rules by resource group:
$ref: ./examples/DataCollectionRulesListByResourceGroup.json
description: Needs a more full description created.
/subscriptions/{subscriptionId}/providers/Microsoft.Insights/dataCollectionRules:
get:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Lists All Data Collection Rules In The Specified Subscription'
operationId: microsoftAzureDatacollectionrulesListbysubscription
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
responses:
'200':
description: Request completed successfully
schema:
$ref: '#/definitions/DataCollectionRuleResourceListResult'
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-pageable:
nextLinkName: nextLink
x-ms-examples:
List data collection rules by subscription:
$ref: ./examples/DataCollectionRulesListBySubscription.json
description: Needs a more full description created.
? /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}
: get:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Returns The Specified Data Collection Rule'
operationId: microsoftAzureDatacollectionrulesGet
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter
- $ref: '#/parameters/DataCollectionRuleNameParameter'
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
responses:
'200':
description: Request completed successfully
schema:
$ref: '#/definitions/DataCollectionRuleResource'
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-examples:
Get data collection rule:
$ref: ./examples/DataCollectionRulesGet.json
description: Needs a more full description created.
put:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Creates Or Updates A Data Collection Rule'
operationId: microsoftAzureDatacollectionrulesCreate
consumes:
- application/json
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter
- $ref: '#/parameters/DataCollectionRuleNameParameter'
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
- in: body
name: body
description: The payload
schema:
$ref: '#/definitions/DataCollectionRuleResource'
responses:
'200':
description: Data collection rule was successfully updated
schema:
$ref: '#/definitions/DataCollectionRuleResource'
'201':
description: Data collection rule was successfully created
schema:
$ref: '#/definitions/DataCollectionRuleResource'
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-examples:
Create or update data collection rule:
$ref: ./examples/DataCollectionRulesCreate.json
description: Needs a more full description created.
patch:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Updates Part Of A Data Collection Rule'
operationId: microsoftAzureDatacollectionrulesUpdate
consumes:
- application/json
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter
- $ref: '#/parameters/DataCollectionRuleNameParameter'
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
- in: body
name: body
description: The payload
schema:
$ref: '#/definitions/ResourceForUpdate'
responses:
'200':
description: Data collection rule was successfully updated
schema:
$ref: '#/definitions/DataCollectionRuleResource'
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-examples:
Update data collection rule:
$ref: ./examples/DataCollectionRulesUpdate.json
description: Needs a more full description created.
delete:
tags:
- DataCollectionRules
summary: 'Microsoft Azure Deletes A Data Collection Rule'
operationId: microsoftAzureDatacollectionrulesDelete
produces:
- application/json
parameters:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter
- $ref: '#/parameters/DataCollectionRuleNameParameter'
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter
responses:
'200':
description: Data collection rule was successfully deleted
'204':
description: Data collection rule did not exist
default:
description: Error
schema:
$ref: '#/definitions/ErrorResponseCommonV2'
x-ms-examples:
Delete data collection rule:
$ref: ./examples/DataCollectionRulesDelete.json
description: Needs a more full description created.
definitions:
Metadata:
description: Metadata about the resource
type: object
properties:
provisionedBy:
description: Azure offering managing this resource on-behalf-of customer.
type: string
readOnly: true
example: Azure Security Center
x-ms-mutability:
- read
ColumnDefinition:
description: Definition of custom data column.
type: object
properties:
name:
description: The name of the column.
type: string
type:
description: The type of the column data.
enum:
- string
- int
- long
- real
- boolean
- datetime
- dynamic
type: string
x-ms-enum:
name: KnownColumnDefinitionType
modelAsString: true
StreamDeclaration:
description: Declaration of a custom stream.
type: object
properties:
columns:
description: List of columns used by data in this stream.
type: array
items:
$ref: '#/definitions/ColumnDefinition'
x-ms-identifiers:
- name
PerfCounterDataSource:
description: "Definition of which performance counters will be collected and how they will be collected by this data collection rule.\r\nCollected from both Windows and Linux machines where the counter is present."
type: object
properties:
streams:
description: "List of streams that this data source will be sent to.\r\nA stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to."
type: array
items:
enum:
- Microsoft-Perf
- Microsoft-InsightsMetrics
type: string
x-ms-enum:
name: KnownPerfCounterDataSourceStreams
modelAsString: true
samplingFrequencyInSeconds:
format: int32
description: >-
The number of seconds between consecutive counter measurements
(samples).
type: integer
example: 15
counterSpecifiers:
description: "A list of specifier names of the performance counters you want to collect.\r\nUse a wildcard (*) to collect a counter for all instances.\r\nTo get a list of performance counters on Windows, run the command 'typeperf'."
type: array
items:
type: string
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
WindowsEventLogDataSource:
description: "Definition of which Windows Event Log events will be collected and how they will be collected.\r\nOnly collected from Windows machines."
type: object
properties:
streams:
description: "List of streams that this data source will be sent to.\r\nA stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to."
type: array
items:
enum:
- Microsoft-WindowsEvent
- Microsoft-Event
type: string
x-ms-enum:
name: KnownWindowsEventLogDataSourceStreams
modelAsString: true
xPathQueries:
description: A list of Windows Event Log queries in XPATH format.
type: array
items:
type: string
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
SyslogDataSource:
description: "Definition of which syslog data will be collected and how it will be collected.\r\nOnly collected from Linux machines."
type: object
properties:
streams:
description: "List of streams that this data source will be sent to.\r\nA stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to."
type: array
items:
enum:
- Microsoft-Syslog
type: string
x-ms-enum:
name: KnownSyslogDataSourceStreams
modelAsString: true
facilityNames:
description: The list of facility names.
type: array
items:
enum:
- auth
- authpriv
- cron
- daemon
- kern
- lpr
- mail
- mark
- news
- syslog
- user
- uucp
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
- '*'
type: string
x-ms-enum:
name: KnownSyslogDataSourceFacilityNames
modelAsString: true
logLevels:
description: The log levels to collect.
type: array
items:
enum:
- Debug
- Info
- Notice
- Warning
- Error
- Critical
- Alert
- Emergency
- '*'
type: string
x-ms-enum:
name: KnownSyslogDataSourceLogLevels
modelAsString: true
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
ExtensionDataSource:
description: "Definition of which data will be collected from a separate VM extension that integrates with the Azure Monitor Agent.\r\nCollected from either Windows and Linux machines, depending on which extension is defined."
required:
- extensionName
type: object
properties:
streams:
description: "List of streams that this data source will be sent to.\r\nA stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to."
type: array
items:
enum:
- Microsoft-Event
- Microsoft-InsightsMetrics
- Microsoft-Perf
- Microsoft-Syslog
- Microsoft-WindowsEvent
type: string
x-ms-enum:
name: KnownExtensionDataSourceStreams
modelAsString: true
extensionName:
description: The name of the VM extension.
type: string
example: AzureSecurityLinuxAgent
extensionSettings:
description: >-
The extension settings. The format is specific for particular
extension.
type: object
inputDataSources:
description: The list of data sources this extension needs data from.
type: array
items:
type: string
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
LogFileTextSettings:
description: Settings for text log files
required:
- recordStartTimestampFormat
type: object
properties:
recordStartTimestampFormat:
description: One of the supported timestamp formats
enum:
- ISO 8601
- YYYY-MM-DD HH:MM:SS
- M/D/YYYY HH:MM:SS AM/PM
- Mon DD, YYYY HH:MM:SS
- yyMMdd HH:mm:ss
- ddMMyy HH:mm:ss
- MMM d hh:mm:ss
- dd/MMM/yyyy:HH:mm:ss zzz
- yyyy-MM-ddTHH:mm:ssK
type: string
example: ISO 8601, yyyy-MM-dd HH:mm:ss
x-ms-enum:
name: KnownLogFileTextSettingsRecordStartTimestampFormat
modelAsString: true
LogFileSettings:
description: Settings for different log file formats
type: object
properties:
text:
description: Text settings
allOf:
- $ref: '#/definitions/LogFileTextSettings'
LogFilesDataSource:
description: >-
Definition of which custom log files will be collected by this data
collection rule
required:
- filePatterns
- format
- streams
type: object
properties:
streams:
description: "List of streams that this data source will be sent to.\r\nA stream indicates what schema will be used for this data source"
type: array
items:
type: string
filePatterns:
description: File Patterns where the log files are located
type: array
items:
type: string
format:
description: The data format of the log files
enum:
- text
type: string
example: text
x-ms-enum:
name: KnownLogFilesDataSourceFormat
modelAsString: true
settings:
description: The log files specific settings.
allOf:
- $ref: '#/definitions/LogFileSettings'
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
IisLogsDataSource:
description: Enables IIS logs to be collected by this data collection rule.
required:
- streams
type: object
properties:
streams:
description: IIS streams
type: array
items:
type: string
logDirectories:
description: Absolute paths file location
type: array
items:
type: string
name:
description: "A friendly name for the data source. \r\nThis name should be unique across all data sources (regardless of type) within the data collection rule."
type: string
example: myDataSource1
DataSourcesSpec:
description: Specification of data sources that will be collected.
type: object
properties:
performanceCounters:
description: The list of performance counter data source configurations.
type: array
items:
$ref: '#/definitions/PerfCounterDataSource'
x-ms-identifiers:
- name
windowsEventLogs:
description: The list of Windows Event Log data source configurations.
type: array
items:
$ref: '#/definitions/WindowsEventLogDataSource'
x-ms-identifiers:
- name
syslog:
description: The list of Syslog data source configurations.
type: array
items:
$ref: '#/definitions/SyslogDataSource'
x-ms-identifiers:
- name
extensions:
description: The list of Azure VM extension data source configurations.
type: array
items:
$ref: '#/definitions/ExtensionDataSource'
x-ms-identifiers:
- name
logFiles:
description: The list of Log files source configurations.
type: array
items:
$ref: '#/definitions/LogFilesDataSource'
x-ms-identifiers:
- name
iisLogs:
description: The list of IIS logs source configurations.
type: array
items:
$ref: '#/definitions/IisLogsDataSource'
x-ms-identifiers:
- name
LogAnalyticsDestination:
description: Log Analytics destination.
type: object
properties:
workspaceResourceId:
description: The resource ID of the Log Analytics workspace.
type: string
example: >-
/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.OperationalInsights/workspaces/centralTeamWorkspace
workspaceId:
description: The Customer ID of the Log Analytics workspace.
type: string
readOnly: true
example: 9ba8bc53-bd36-4156-8667-e983e7ae0e4f
x-ms-mutability:
- read
name:
description: "A friendly name for the destination. \r\nThis name should be unique across all destinations (regardless of type) within the data collection rule."
type: string
example: myDest1
AzureMonitorMetricsDestination:
description: Azure Monitor Metrics destination.
type: object
properties:
name:
description: "A friendly name for the destination. \r\nThis name should be unique across all destinations (regardless of type) within the data collection rule."
type: string
example: myDest1
DestinationsSpec:
description: Specification of destinations that can be used in data flows.
type: object
properties:
logAnalytics:
description: List of Log Analytics destinations.
type: array
items:
$ref: '#/definitions/LogAnalyticsDestination'
x-ms-identifiers:
- name
azureMonitorMetrics:
description: Azure Monitor Metrics destination.
allOf:
- $ref: '#/definitions/AzureMonitorMetricsDestination'
DataFlow:
description: Definition of which streams are sent to which destinations.
type: object
properties:
streams:
description: List of streams for this data flow.
type: array
items:
enum:
- Microsoft-Event
- Microsoft-InsightsMetrics
- Microsoft-Perf
- Microsoft-Syslog
- Microsoft-WindowsEvent
type: string
x-ms-enum:
name: KnownDataFlowStreams
modelAsString: true
destinations:
description: List of destinations for this data flow.
type: array
items:
type: string
transformKql:
description: The KQL query to transform stream data.
type: string
outputStream:
description: >-
The output stream of the transform. Only required if the transform
changes data to a different stream.
type: string
example: '"Microsoft-SecurityEvent"'
DataCollectionRule:
description: >-
Definition of what monitoring data to collect and where that data should
be sent.
type: object
properties:
description:
description: Description of the data collection rule.
type: string
immutableId:
description: >-
The immutable ID of this data collection rule. This property is
READ-ONLY.
type: string
readOnly: true
example: dcr-b74e0d383fc9415abaa584ec41adece3
x-ms-mutability:
- read
dataCollectionEndpointId:
description: >-
The resource ID of the data collection endpoint that this rule can be
used with.
type: string
example: >-
/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.Insights/dataCollectionEndpoints/myCollectionEndpoint
metadata:
description: Metadata about the resource
allOf:
- $ref: '#/definitions/Metadata'
readOnly: true
x-ms-mutability:
- read
streamDeclarations:
description: Declaration of custom streams used in this rule.
type: object
additionalProperties:
$ref: '#/definitions/StreamDeclaration'
dataSources:
description: "The specification of data sources. \r\nThis property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint."
allOf:
- $ref: '#/definitions/DataSourcesSpec'
destinations:
description: The specification of destinations.
allOf:
- $ref: '#/definitions/DestinationsSpec'
dataFlows:
description: The specification of data flows.
type: array
items:
$ref: '#/definitions/DataFlow'
x-ms-identifiers: []
provisioningState:
description: The resource provisioning state.
enum:
- Creating
- Updating
- Deleting
- Succeeded
- Failed
type: string
readOnly: true
example: Creating
x-ms-enum:
name: KnownDataCollectionRuleProvisioningState
modelAsString: true
x-ms-mutability:
- read
DataCollectionRuleResource:
description: Definition of ARM tracked top level resource.
required:
- location
type: object
properties:
properties:
description: Resource properties.
allOf:
- $ref: '#/definitions/DataCollectionRule'
x-ms-client-flatten: true
location:
description: The geo-location where the resource lives.
type: string
x-ms-mutability:
- create
- read
tags:
description: Resource tags.
type: object
additionalProperties:
type: string
kind:
description: The kind of the resource.
enum:
- Linux
- Windows
type: string
example: Linux
x-ms-enum:
name: KnownDataCollectionRuleResourceKind
modelAsString: true
id:
description: Fully qualified ID of the resource.
type: string
readOnly: true
example: >-
/subscriptions/703362b3-f278-4e4b-9179-c76eaf41ffc2/resourceGroups/myResourceGroup/providers/Microsoft.Insights/dataCollectionRules/myCollectionRule
x-ms-mutability:
- read
name:
description: The name of the resource.
type: string
readOnly: true
example: myCollectionRule
x-ms-mutability:
- read
type:
description: The type of the resource.
type: string
readOnly: true
example: Microsoft.Insights/dataCollectionRules
x-ms-mutability:
- read
etag:
description: Resource entity tag (ETag).
type: string
readOnly: true
x-ms-mutability:
- read
systemData:
description: Metadata pertaining to creation and last modification of the resource.
allOf:
- $ref: >-
../../../../../common-types/resource-management/v2/types.json#/definitions/systemData
readOnly: true
x-ms-mutability:
- read
x-ms-azure-resource: true
DataCollectionRuleResourceListResult:
description: A pageable list of resources.
required:
- value
type: object
properties:
value:
description: A list of resources.
type: array
items:
$ref: '#/definitions/DataCollectionRuleResource'
nextLink:
description: The URL to use for getting the next set of results.
type: string
ResourceForUpdate:
description: >-
Definition of ARM tracked top level resource properties for update
operation.
type: object
properties:
tags:
description: Resource tags.
type: object
additionalProperties:
type: string
ErrorResponseCommonV2:
title: Error response
description: >-
Common error response for all Azure Resource Manager APIs to return error
details for failed operations. (This also follows the OData error response
format.).
type: object
properties:
error:
description: The error object.
$ref: >-
../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorDetail
parameters:
DataCollectionRuleNameParameter:
in: path
name: dataCollectionRuleName
description: The name of the data collection rule. The name is case insensitive.
required: true
type: string
x-ms-parameter-location: method
securityDefinitions:
azure_auth:
type: oauth2
flow: implicit
authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
scopes:
user_impersonation: impersonate your user account
description: Azure Active Directory OAuth2 Flow
security:
- azure_auth:
- user_impersonation
tags:
- name: DataCollectionRules