-
Notifications
You must be signed in to change notification settings - Fork 0
/
DcrCustomLogForAmamdsdQos.json
117 lines (117 loc) · 4.84 KB
/
DcrCustomLogForAmamdsdQos.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"dataCollectionRuleName": {
"type": "string",
"metadata": {
"description": "Get Azure Monitor mdsd.qos custom log for the DCR. "
}
},
"dataCollectionEndpointResourceId": {
"type": "string",
"metadata": {
"description": "Resource ID of the data collection endpoint (DCE)."
}
},
"filePatterns": {
"type": "string",
"defaultValue": "/var/opt/microsoft/azuremonitoragent/log/mdsd.qos",
"metadata": {
"description": "Path on the local disk for the log file to collect. May include wildcards.Enter multiple file patterns separated by commas (AMA version 1.26 or higher required for multiple file patterns on Linux)."
}
},
"tableName": {
"type": "string",
"metadata": {
"description": "Name of destination table in your Log Analytics workspace."
}
},
"workspaceName": {
"type": "string",
"metadata": {
"description": "Name of your Log Analytics workspace."
}
},
"workspaceResourceId": {
"type": "string",
"metadata": {
"description": "Resource ID of the Log Analytics workspace with the target table."
}
},
"timeFormat": {
"type": "string",
"defaultValue": "ISO 8601",
"metadata": {
"discription": "The time format that you would like to use to split multi line imput"
}
}
},
"variables": {
"tableOutputStream": "[concat('Custom-', parameters('tableName'))]"
},
"resources": [
{
"type": "Microsoft.Insights/dataCollectionRules",
"apiVersion": "2023-03-11",
"name": "[parameters('dataCollectionRuleName')]",
"location": "[resourceGroup().location]",
"properties": {
"dataCollectionEndpointId": "[parameters('dataCollectionEndpointResourceId')]",
"streamDeclarations": {
"Custom-Text-stream": {
"columns": [
{
"name": "TimeGenerated",
"type": "datetime"
},
{
"name": "RawData",
"type": "string"
}
]
}
},
"dataSources": {
"logFiles": [
{
"streams": [
"Custom-Text-stream"
],
"filePatterns": [
"[parameters('filePatterns')]"
],
"format": "text",
"settings": {
"text": {
"recordStartTimestampFormat": "[parameters('timeFormat')]"
}
},
"name": "[variables('tableOutputStream')]"
}
]
},
"destinations": {
"logAnalytics": [
{
"workspaceResourceId": "[parameters('workspaceResourceId')]",
"name": "[parameters('workspaceName')]"
}
]
},
"dataFlows": [
{
"streams": [
"[variables('tableOutputStream')]"
],
"destinations": [
"[parameters('workspaceName')]"
],
"transformKql": "source | extend CSVFields = split(RawData, ',') | extend Operation = tostring(CSVFields[0]) | extend Object = tostring(CSVFields[1]) | extend TotalCount = toint(CSVFields[2]) | extend SuccessCount = toint(CSVFields[3]) | extend Retries = toint(CSVFields[4]) | extend AverageDuration = toint(CSVFields[5]) | extend AverageSize = toint(CSVFields[6]) | extend AverageDelay = toint(CSVFields[7]) | extend TotalSize = toint(CSVFields[8]) | extend TotalRowsRead = toint(CSVFields[9]) | extend TotalRowsSent = toint(CSVFields[10]) | project-away RawData",
"outputStream": "[variables('tableOutputStream')]"
}
]
}
}
]
}