azure.azcollection.azure_rm_monitordatacollectionrules module – Create, update and delete Data Collection Rules
Note
This module is part of the azure.azcollection collection (version 3.7.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install azure.azcollection. You need further requirements to be able to use this module, see Requirements for details.
To use it in a playbook, specify: azure.azcollection.azure_rm_monitordatacollectionrules.
New in azure.azcollection 3.7.0
Synopsis
- Create, update and delete Data Collection Rules
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.7
- The host that executes this module must have the azure.azcollection collection installed via galaxy
- All python packages listed in collection’s requirements.txt must be installed via pip on the host that executes modules from azure.azcollection
- Full installation instructions may be found https://galaxy.ansible.com/azure/azcollection
Parameters
Parameter | Comments |
|---|---|
ad_user string | Active Directory username. Use when authenticating with an Active Directory user rather than service principal. |
adfs_authority_url string added in azure.azcollection 0.0.1 | Azure AD authority url. Use when authenticating with Username/password, and has your own ADFS authority. |
api_profile string added in azure.azcollection 0.0.1 | Selects an API profile to use when communicating with Azure services. Default value of Default: |
append_tags boolean | Use to control if tags field is canonical or just appends to existing tags. When canonical, any tags not found in the tags parameter will be removed from the object’s metadata. Choices:
|
auth_source string added in azure.azcollection 0.0.1 | Controls the source of the credentials to use for authentication. Can also be set via the When set to When set to When set to When set to When set to The Choices:
|
cert_validation_mode string added in azure.azcollection 0.0.1 | Controls the certificate validation behavior for Azure endpoints. By default, all modules will validate the server certificate, but when an HTTPS proxy is in use, or against Azure Stack, it may be necessary to disable this behavior by passing Choices:
|
client_id string | Azure client ID. Use when authenticating with a Service Principal or Managed Identity (msi). Can also be set via the |
cloud_environment string added in azure.azcollection 0.0.1 | For cloud environments other than the US public cloud, the environment name (as defined by Azure Python SDK, eg, Default: |
data_collection_endpoint_id string | The resource ID of the data collection endpoint that this rule can be used with |
data_flows list / elements=dictionary | Definition of which streams are sent to which destinations. |
|
built_in_transform string |
The builtIn transform to transform stream data. |
|
destinations list / elements=string |
List of destinations for this data flow. |
|
output_stream string |
The output stream of the transform. Only required if the transform changes data to a different stream. |
|
streams list / elements=string | |
|
transform_kql string |
The KQL query to transform stream data. |
data_sources dictionary | The specification of data sources. This property is optional and can be omitted if the rule is meant to be used via direct calls to the provisioned endpoint. |
|
data_imports dictionary |
Specifications of pull based data sources. |
|
event_hub dictionary |
Definition of Event Hub configuration. |
|
consumer_group string |
Event Hub consumer group name. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
stream string |
The stream to collect from EventHub. |
|
extensions list / elements=dictionary |
Definition of which data will be collected from a separate VM extension that integrates with the Azure Monitor Agent. Collected from either Windows and Linux machines, depending on which extension is defined. |
|
extension_name list / elements=string |
The name of the VM extension. |
|
extension_settings string |
The extension settings. The format is specific for particular extension. |
|
input_data_sources list / elements=string |
The list of data sources this extension needs data from. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. |
|
iis_logs list / elements=dictionary |
Enables IIS logs to be collected by this data collection rule. |
|
log_directories list / elements=string |
Absolute paths file location. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
IIS streams. |
|
log_files list / elements=dictionary |
Definition of which custom log files will be collected by this data collection rule. |
|
file_patterns list / elements=string |
File Patterns where the log files are located |
|
format string |
The data format of the log files. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
settings dictionary |
The log files specific settings. |
|
text string |
Text settings |
|
streams list / elements=string |
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. |
|
performance_counters list / elements=dictionary |
Definition of which performance counters will be collected and how they will be collected by this data collection rule. Collected from both Windows and Linux machines where the counter is present. |
|
counter_specifiers list / elements=string |
A list of specifier names of the performance counters you want to collect. Use a wildcard (*) to collect a counter for all instances. To get a list of performance counters on Windows, run the command ‘typeperf’ |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
sampling_frequency_in_seconds integer |
The number of seconds between consecutive counter measurements (samples). |
|
streams list / elements=string |
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. |
|
platform_telemetry list / elements=dictionary |
Definition of platform telemetry data source configuration. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
List of platform telemetry streams to collect. |
|
prometheus_forwarder list / elements=dictionary |
Definition of Prometheus metrics forwarding configuration. |
|
label_include_filter dictionary |
The list of label inclusion filters in the form of label “name-value” pairs. Currently only one label is supported “microsoft_metrics_include_label”. Label values are matched case-insensitively. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
List of streams that this data source will be sent to. |
|
syslog list / elements=dictionary |
Definition of which syslog data will be collected and how it will be collected. Only collected from Linux machines. |
|
facility_names list / elements=string |
The list of facility names. |
|
log_levels list / elements=string |
The log levels to collect. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. |
|
windows_event_logs list / elements=dictionary |
Definition of which Windows Event Log events will be collected and how they will be collected. Only collected from Windows machines. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
List of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. |
|
x_path_queries list / elements=string |
A list of Windows Event Log queries in XPATH format. |
|
windows_firewall_logs list / elements=dictionary |
Enables Firewall logs to be collected by this data collection rule. |
|
name string |
A friendly name for the data source. This name should be unique across all data sources (regardless of type) within the data collection rule. |
|
streams list / elements=string |
Firewall logs streams. |
description string | Description for the data collection rule |
destinations dictionary | |
|
azure_monitor_metrics string | |
|
event_hubs list / elements=dictionary | |
|
event_hub_resource_id string |
The resource ID of the event hub. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
event_hubs_direct list / elements=dictionary |
List of Event Hubs Direct destinations. |
|
event_hub_resource_id string |
The resource ID of the event hub. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
log_analytics list / elements=dictionary |
List of Log Analytics destinations. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
workspace_resource_id string |
The resource ID of the Log Analytics workspace. |
|
monitoring_accounts list / elements=dictionary |
List of monitoring account destinations. |
|
account_resource_id string |
The resource ID of the monitoring account. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
storage_accounts list / elements=dictionary |
List of storage accounts destinations. |
|
container_name string |
The container name of the Storage Blob. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
storage_account_resource_id string |
The resource ID of the storage account. |
|
storage_blobs_direct list / elements=dictionary |
List of Storage Blob Direct destinations. To be used only for sending data directly to store from the agent. |
|
container_name string |
The container name of the Storage Blob. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
storage_account_resource_id string |
The resource ID of the storage account. |
|
storage_tables_direct list / elements=dictionary |
List of Storage Table Direct destinations. |
|
name string |
A friendly name for the destination. This name should be unique across all destinations (regardless of type) within the data collection rule. |
|
storage_account_resource_id string |
The resource ID of the storage account. |
|
table_name string |
The name of the Storage Table. |
disable_instance_discovery boolean added in azure.azcollection 2.3.0 | Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to true will completely disable both instance discovery and authority validation. This functionality is intended for use in scenarios where the metadata endpoint cannot be reached such as in private clouds or Azure Stack. The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority. By setting this to **True**, the validation of the authority is disabled. As a result, it is crucial to ensure that the configured authority host is valid and trustworthy. Set via credential file profile or the Choices:
|
kind string | Kind of the data collection rule Use Use Choices:
|
location string | Location of the data colelction rule defaults to location of exiting data collection rule or location of the resource group if unspecified |
log_mode string | Parent argument. |
log_path string | Parent argument. |
name string / required | The name of the data collection rule you’re creating/changing |
password string | Active Directory user password. Use when authenticating with an Active Directory user rather than service principal. |
profile string | Security profile found in ~/.azure/credentials file. |
resource_group string / required | The name of the resource group |
secret string | Azure client secret. Use when authenticating with a Service Principal. |
state string | State of the data collection rule Use Use Choices:
|
stream_declarations dictionary | Declaration of a custom stream. Sub dict is a list of columns used by data in this stream. top level key is the name of the stream_declaration |
|
name_of_stream dictionary |
Name of the stream |
|
columns list / elements=dictionary |
Declaration of a custom stream. |
|
name string |
The name of the column. |
|
type string |
The type of the column data. Choices:
|
subscription_id string | Your Azure subscription Id. |
tags dictionary | Dictionary of string:string pairs to assign as metadata to the object. Metadata tags on the object will be updated with any provided values. To remove tags set append_tags option to false. Currently, Azure DNS zones and Traffic Manager services also don’t allow the use of spaces in the tag. Azure Front Door doesn’t support the use of Azure Automation and Azure CDN only support 15 tags on resources. |
tenant string | Azure tenant ID. Use when authenticating with a Service Principal. |
thumbprint string added in azure.azcollection 1.14.0 | The thumbprint of the private key specified in x509_certificate_path. Use when authenticating with a Service Principal. Required if x509_certificate_path is defined. |
x509_certificate_path path added in azure.azcollection 1.14.0 | Path to the X509 certificate used to create the service principal in PEM format. The certificate must be appended to the private key. Use when authenticating with a Service Principal. |
Notes
Note
- For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login. - Authentication is also possible using a service principal or Active Directory user.
- To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
- To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
- Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also
See also
- Sign in with Azure CLI
-
How to authenticate using the
az logincommand.
Examples
- name: Add a data collection rule
azure.azcollection.azure_rm_monitordatacollectionrules:
state: present
name: data_collection_rule_name
resource_group: resource_group_name
location: westeurope
kind: Linux
description: This is an example description of a data collection rule
data_sources:
performance_counters:
- name: perfCounterDataSource
streams:
- Microsoft-Perf
sampling_frequency_in_seconds: 60
counter_specifiers:
- Processor(*)\% Processor Time
- Processor(*)\% Idle Time
destinations:
log_analytics:
- workspace_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resougce_group_name_log_analytics_workspace/providers/Microsoft.OperationalInsights/workspaces/log_analytics_workspace_name
name: log_analytics_workspace_name
data_flows:
- destinations:
- log_analytics_workspace_name
streams:
- Microsoft-Perf
append_tags: false
tags:
ThisIsAnExampleTag: ExampleValue
- name: Add a data collection rule
azure.azcollection.azure_rm_monitordatacollectionrules:
state: present
name: data_collection_rule_name
resource_group: resource_group_name
append_tags: true
tags:
ThisIsAnAddedExampleTag: ExampleValue
# Note this needs a DCR endpoint, not sure why, creating one via portal does not need that
# Also the table in your log analytics workspace has to already exist
- name: Add a data collection rule for collecting a custom log
azure.azcollection.azure_rm_monitordatacollectionrules:
name: data_collection_rule_name
resource_group: resource_group_name
location: westeurope
kind: Linux
data_sources:
log_files:
- file_patterns:
- /var/log/dnf.rpm.log
format: text
name: Custom-Text-CustomLogs_CL
streams:
- Custom-Text-CustomLogs_CL
destinations:
log_analytics:
- workspace_resource_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resougce_group_name_log_analytics_workspace/providers/Microsoft.OperationalInsights/workspaces/log_analytics_workspace_name
name: log_analytics_workspace_name
data_flows:
- destinations:
- log_analytics_workspace_name
output_stream: Custom-CustomLogs_CL
streams:
- Custom-Text-CustomLogs_CL
transform_kql: source
data_collection_endpoint_id: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resougce_group_name_log_analytics_workspace/providers/Microsoft.Insights/dataCollectionEndpoints/dcr-endpoint
stream_declarations:
Custom-Text-CustomLogs_CL:
columns:
- name: TimeGenerated
type: datetime
- name: RawData
type: string
- name: FilePath
type: string
- name: Computer
type: string
- name: Delete a data collection rule
azure.azcollection.azure_rm_monitordatacollectionrules:
state: present
name: data_collection_rule_name
resource_group: resource_group_name
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Description |
|---|---|
datacollectionrule dictionary | Details of the data collection rule Is null on state==absent (data collection rule does not exist or will be deleted) Assumes you make legal changes in check mode Returned: always Sample: |
Collection links
© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_monitordatacollectionrules_module.html