Azure Monitor PowerShell 快速启动示例Azure Monitor PowerShell quick start samples

本文说明可帮助访问 Azure Monitor 功能的示例 PowerShell 命令。This article shows you sample PowerShell commands to help you access Azure Monitor features.

备注

“Azure Insights”在 2016 年 9 月 25 日后称为 Azure Monitor。Azure Monitor is the new name for what was called "Azure Insights" until Sept 25th, 2016. 但是,命名空间及以下命令仍包含“insights”一词。However, the namespaces and thus the following commands still contain the word "insights."

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

设置 PowerShellSet up PowerShell

如果尚未安装,请在计算机上安装要运行的 PowerShell。If you haven't already, set up PowerShell to run on your computer. 有关详细信息,请参阅如何安装和配置 PowerShellFor more information, see How to Install and Configure PowerShell.

本文中的示例Examples in this article

本文中的示例演示如何使用 Azure Monitor cmdlet。The examples in the article illustrate how you can use Azure Monitor cmdlets. 还可以在 Azure Monitor (Insights) Cmdlet 上查看 Azure Monitor PowerShell cmdlet 的完整列表。You can also review the entire list of Azure Monitor PowerShell cmdlets at Azure Monitor (Insights) Cmdlets.

登录并使用订阅Sign in and use subscriptions

首先,登录到 Azure 订阅。First, log in to your Azure subscription.

Connect-AzAccount -Environment AzureChinaCloud

会出现登录界面。You'll see a sign in screen. 登录帐户后,会出现 TenantID 和默认订阅 ID。Once you sign in your Account, TenantID, and default Subscription ID are displayed. 所有 Azure cmdlet 都可用于默认订阅的上下文。All the Azure cmdlets work in the context of your default subscription. 若要查看有权访问的订阅的列表,请使用以下命令:To view the list of subscriptions you have access to, use the following command:

Get-AzSubscription

若要查看工作上下文(运行命令所针对的订阅),请使用以下命令:To see your working context (which subscription your commands are run against), use the following command:

Get-AzContext

若要将工作环境更改为另一订阅,请使用以下命令:To change your working context to a different subscription, use the following command:

Set-AzContext -SubscriptionId <subscriptionid>

检索订阅的活动日志Retrieve Activity log for a subscription

使用 Get-AzLog cmdlet。Use the Get-AzLog cmdlet. 下面是一些常见示例。The following are some common examples. 活动日志保留过去 90 天的操作。The Activity Log holds the last 90 days of operations. 使用此时间之前的日期会生成错误消息。Using dates before this time results in an error message.

查看当前日期/时间,以确认要在以下命令中使用的时间:See what the current date/time are to verify what times to use in the commands below:

Get-Date

从此时间/日期中获取要显示的日志条目︰Get log entries from this time/date to present:

Get-AzLog -StartTime 2019-03-01T10:30

在一个时间/日期范围中获取日志条目︰Get log entries between a time/date range:

Get-AzLog -StartTime 2019-01-01T10:30 -EndTime 2015-01-01T11:30

从特定资源组中获取日志条目︰Get log entries from a specific resource group:

Get-AzLog -ResourceGroup 'myrg1'

在一个时间/日期范围中从特定资源提供程序获取日志条目︰Get log entries from a specific resource provider between a time/date range:

Get-AzLog -ResourceProvider 'Microsoft.Web' -StartTime 2015-01-01T10:30 -EndTime 2015-01-01T11:30

获取特定调用方的所有日志项︰Get all log entries with a specific caller:

Get-AzLog -Caller 'myname@company.com'

以下命令从活动日志中检索最后 1000 个事件:The following command retrieves the last 1000 events from the activity log:

Get-AzLog -MaxRecord 10

Get-AzLog 支持许多其他参数。Get-AzLog supports many other parameters. 有关详细信息,请参阅 Get-AzLog 参考文档。See the Get-AzLog reference for more information.

备注

Get-AzLog 仅提供 15 天的历史记录。Get-AzLog only provides 15 days of history. 使用 -MaxEvents 参数可查询 15 天之外的最后 N 个事件。Using the -MaxEvents parameter allows you to query the last N events, beyond 15 days. 若要访问超过 15 天的事件,请使用 REST API 或 SDK(使用 SDK 的 C# 示例)。To access events older than 15 days, use the REST API or SDK (C# sample using the SDK). 如果不包括 StartTime,则默认值为 EndTime 减去一小时。If you do not include StartTime, then the default value is EndTime minus one hour. 如果不包括 EndTime,则默认值为当前时间。If you do not include EndTime, then the default value is current time. 所有时间均是 UTC 时间。All times are in UTC.

检索警报历史记录Retrieve alerts history

若要查看所有警报事件,可以使用以下示例查询 Azure Resource Manager 日志。To view all alert events, you can query the Azure Resource Manager logs using the following examples.

Get-AzLog -Caller "Microsoft.Insights/alertRules" -DetailedOutput -StartTime 2015-03-01

若要查看特定警报规则的历史记录,可以使用 Get-AzAlertHistory cmdlet,同时会传入警报规则的资源 ID。To view the history for a specific alert rule, you can use the Get-AzAlertHistory cmdlet, passing in the resource ID of the alert rule.

Get-AzAlertHistory -ResourceId /subscriptions/s1/resourceGroups/rg1/providers/microsoft.insights/alertrules/myalert -StartTime 2016-03-1 -Status Activated

Get-AzAlertHistory cmdlet 支持各种参数。The Get-AzAlertHistory cmdlet supports various parameters. 有关详细信息,请参阅 Get-AlertHistoryMore information, see Get-AlertHistory.

检索关于警报规则的信息Retrieve information on alert rules

下面的所有命令可用于名为“montest”的资源组。All of the following commands act on a Resource Group named "montest".

查看警报规则的所有属性︰View all the properties of the alert rule:

Get-AzAlertRule -Name simpletestCPU -ResourceGroup montest -DetailedOutput

检索某个资源组的所有警报︰Retrieve all alerts on a resource group:

Get-AzAlertRule -ResourceGroup montest

检索目标资源的所有警报规则设置。Retrieve all alert rules set for a target resource. 例如,虚拟机上的所有警报规则设置。For example, all alert rules set on a VM.

Get-AzAlertRule -ResourceGroup montest -TargetResourceId /subscriptions/s1/resourceGroups/montest/providers/Microsoft.Compute/virtualMachines/testconfig

Get-AzAlertRule 支持其他参数。Get-AzAlertRule supports other parameters. 有关详细信息,请参阅 Get-AlertRuleSee Get-AlertRule for more information.

创建指标警报Create metric alerts

可使用 Add-AlertRule cmdlet 来创建、更新或禁用警报规则。You can use the Add-AlertRule cmdlet to create, update, or disable an alert rule.

可以分别使用 New-AzAlertRuleEmailNew-AzAlertRuleWebhook 创建电子邮件和 webhook 属性。You can create email and webhook properties using New-AzAlertRuleEmail and New-AzAlertRuleWebhook, respectively. 在警报规则 cmdlet 中,将这些属性作为操作分配给警报规则的“操作”属性。In the Alert rule cmdlet, assign these properties as actions to the Actions property of the Alert Rule.

下表描述了用于使用指标创建警报的参数和值。The following table describes the parameters and values used to create an alert using a metric.

参数parameter valuevalue
名称Name simpletestdiskwritesimpletestdiskwrite
此警报规则的位置Location of this alert rule 中国东部China East
resourceGroupResourceGroup montestmontest
TargetResourceIdTargetResourceId /subscriptions/s1/resourceGroups/montest/providers/Microsoft.Compute/virtualMachines/testconfig/subscriptions/s1/resourceGroups/montest/providers/Microsoft.Compute/virtualMachines/testconfig
创建的警报的 MetricNameMetricName of the alert that is created \PhysicalDisk(_Total)\Disk Writes/sec。See the Get-MetricDefinitions cmdlet about how to retrieve the exact metric names\PhysicalDisk(_Total)\Disk Writes/sec. See the Get-MetricDefinitions cmdlet about how to retrieve the exact metric names
operatoroperator GreaterThanGreaterThan
阈值(此指标的计数/秒)Threshold value (count/sec in for this metric) 11
WindowSize(hh:mm:ss 格式)WindowSize (hh:mm:ss format) 00:05:0000:05:00
聚合(在这种情况下使用平均计数的指标的统计信息)aggregator (statistic of the metric, which uses Average count, in this case) 平均值Average
自定义电子邮件(字符串数组)custom emails (string array) 'foo@example.com','bar@example.com''foo@example.com','bar@example.com'
将电子邮件发送给所有者、参与者和读者send email to owners, contributors and readers -SendToServiceOwners-SendToServiceOwners

创建电子邮件操作Create an Email action

$actionEmail = New-AzAlertRuleEmail -CustomEmail myname@company.com

创建 Webhook 操作Create a Webhook action

$actionWebhook = New-AzAlertRuleWebhook -ServiceUri https://example.com?token=mytoken

在经典虚拟机上创建关于 CPU %指标的警报规则Create the alert rule on the CPU% metric on a classic VM

Add-AzMetricAlertRule -Name vmcpu_gt_1 -Location "China East 2" -ResourceGroup myrg1 -TargetResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.ClassicCompute/virtualMachines/my_vm1 -MetricName "Percentage CPU" -Operator GreaterThan -Threshold 1 -WindowSize 00:05:00 -TimeAggregationOperator Average -Action $actionEmail, $actionWebhook -Description "alert on CPU > 1%"

检索警报规则Retrieve the alert rule

Get-AzAlertRule -Name vmcpu_gt_1 -ResourceGroup myrg1 -DetailedOutput

如果给定属性已存在警报规则,则添加警报 cmdlet 还会更新该规则。The Add alert cmdlet also updates the rule if an alert rule already exists for the given properties. 若要禁用警报规则,请包括 -DisableRule参数。To disable an alert rule, include the parameter -DisableRule.

获取警报的可用指标的列表Get a list of available metrics for alerts

可以使用 Get-AzMetricDefinition cmdlet 来查看针对特定资源的所有指标的列表。You can use the Get-AzMetricDefinition cmdlet to view the list of all metrics for a specific resource.

Get-AzMetricDefinition -ResourceId <resource_id>

以下示例会生成一张表,其中包含指标名称和单位。The following example generates a table with the metric Name and the Unit for it.

Get-AzMetricDefinition -ResourceId <resource_id> | Format-Table -Property Name,Unit

Get-AzMetricDefinition 的可用选项的完整列表位于 Get MetricDefinitions中。A full list of available options for Get-AzMetricDefinition is available at Get-MetricDefinitions.

创建和管理活动日志警报Create and manage Activity Log alerts

可以使用 Set-AzActivityLogAlert cmdlet 来设置活动日志警报。You can use the Set-AzActivityLogAlert cmdlet to set an Activity Log alert. 活动日志警报会要求你首先将条件定义为条件字典,然后创建使用这些条件的警报。An Activity Log alert requires that you first define your conditions as a dictionary of conditions, then create an alert that uses those conditions.


$condition1 = New-AzActivityLogAlertCondition -Field 'category' -Equal 'Administrative'
$condition2 = New-AzActivityLogAlertCondition -Field 'operationName' -Equal 'Microsoft.Compute/virtualMachines/write'
$additionalWebhookProperties = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]"
$additionalWebhookProperties.Add('customProperty', 'someValue')
$actionGrp1 = New-AzActionGroup -ActionGroupId '/subscriptions/<subid>/providers/Microsoft.Insights/actiongr1' -WebhookProperty $additionalWebhookProperties
Set-AzActivityLogAlert -Location 'Global' -Name 'alert on VM create' -ResourceGroupName 'myResourceGroup' -Scope '/subscriptions/<subid>' -Action $actionGrp1 -Condition $condition1, $condition2

其他 Webhook 属性都是可选的。The additional webhook properties are optional. 可以使用 Get-AzActivityLogAlert 返回活动日志警报的内容。You can get back the contents of an Activity Log Alert using Get-AzActivityLogAlert.

创建和管理自动缩放设置Create and manage AutoScale settings

资源(例如 Web 应用、VM、云服务或虚拟机规模集)只能有一种为其配置的自动缩放设置。A resource (a Web app, VM, Cloud Service, or Virtual Machine Scale Set) can have only one autoscale setting configured for it. 但是,每个自动缩放设置可具有多个配置文件。However, each autoscale setting can have multiple profiles. 例如,一个用于基于性能的缩放配置文件,另一个用于基于计划的配置文件。For example, one for a performance-based scale profile and a second one for a schedule-based profile. 每个配置文件可以为其配置多个规则。Each profile can have multiple rules configured on it. 有关自动缩放的详细信息,请参阅 如何自动缩放应用程序For more information about Autoscale, see How to Autoscale an Application.

请使用以下步骤:Here are the steps to use:

  1. 创建规则。Create rule(s).
  2. 创建配置文件,将之前创建的规则映射到这些配置文件。Create profile(s) mapping the rules that you created previously to the profiles.
  3. 可选:通过配置 webhook 和电子邮件属性,创建自动缩放通知。Optional: Create notifications for autoscale by configuring webhook and email properties.
  4. 通过映射在前面步骤中创建的配置文件和通知,创建自动缩放设置,并使用目标资源上的名称。Create an autoscale setting with a name on the target resource by mapping the profiles and notifications that you created in the previous steps.

以下示例演示了如何使用 CPU 使用率指标为基于 Windows 操作系统的虚拟机规模集创建自动缩放设置。The following examples show you how you can create an Autoscale setting for a Virtual Machine Scale Set for a Windows operating system based by using the CPU utilization metric.

首先,创建向外扩展规则,实例计数增加。First, create a rule to scale out, with an instance count increase.

$rule1 = New-AzAutoscaleRule -MetricName "Percentage CPU" -MetricResourceId /subscriptions/s1/resourceGroups/big2/providers/Microsoft.Compute/virtualMachineScaleSets/big2 -Operator GreaterThan -MetricStatistic Average -Threshold 60 -TimeGrain 00:01:00 -TimeWindow 00:10:00 -ScaleActionCooldown 00:10:00 -ScaleActionDirection Increase -ScaleActionValue 1

随后,创建横向缩减规则,实例计数减少。Next, create a rule to scale in, with an instance count decrease.

$rule2 = New-AzAutoscaleRule -MetricName "Percentage CPU" -MetricResourceId /subscriptions/s1/resourceGroups/big2/providers/Microsoft.Compute/virtualMachineScaleSets/big2 -Operator GreaterThan -MetricStatistic Average -Threshold 30 -TimeGrain 00:01:00 -TimeWindow 00:10:00 -ScaleActionCooldown 00:10:00 -ScaleActionDirection Decrease -ScaleActionValue 1

然后,为规则创建配置文件。Then, create a profile for the rules.

$profile1 = New-AzAutoscaleProfile -DefaultCapacity 2 -MaximumCapacity 10 -MinimumCapacity 2 -Rules $rule1,$rule2 -Name "My_Profile"

创建 webhook 属性。Create a webhook property.

$webhook_scale = New-AzAutoscaleWebhook -ServiceUri "https://example.com?mytoken=mytokenvalue"

创建自动缩放设置的通知属性,包括电子邮件和之前创建的 webhook。Create the notification property for the autoscale setting, including email and the webhook that you created previously.

$notification1= New-AzAutoscaleNotification -CustomEmails ashwink@microsoft.com -SendEmailToSubscriptionAdministrators SendEmailToSubscriptionCoAdministrators -Webhooks $webhook_scale

最后,创建自动缩放设置以添加之前创建的配置文件。Finally, create the autoscale setting to add the profile that you created previously.

Add-AzAutoscaleSetting -Location "China East 2" -Name "MyScaleVMSSSetting" -ResourceGroup big2 -TargetResourceId /subscriptions/s1/resourceGroups/big2/providers/Microsoft.Compute/virtualMachineScaleSets/big2 -AutoscaleProfiles $profile1 -Notifications $notification1

有关管理自动缩放设置的详细信息,请参阅 Get AutoscaleSettingFor more information about managing Autoscale settings, see Get-AutoscaleSetting.

自动缩放历史记录Autoscale history

以下示例演示了如何查看近期的自动缩放和警报事件。The following example shows you how you can view recent autoscale and alert events. 使用活动日志搜索来查看自动缩放历史记录。Use the activity log search to view the autoscale history.

Get-AzLog -Caller "Microsoft.Insights/autoscaleSettings" -DetailedOutput -StartTime 2015-03-01

可以使用 Get-AzAutoScaleHistory cmdlet 来检索自动缩放历史记录。You can use the Get-AzAutoScaleHistory cmdlet to retrieve AutoScale history.

Get-AzAutoScaleHistory -ResourceId /subscriptions/s1/resourceGroups/myrg1/providers/microsoft.insights/autoscalesettings/myScaleSetting -StartTime 2016-03-15 -DetailedOutput

有关详细信息,请参阅 Get-AutoscaleHistoryFor more information, see Get-AutoscaleHistory.

查看自动缩放设置的详细信息View details for an autoscale setting

可以使用 Get-Autoscalesetting cmdlet 来检索有关自动缩放设置的详细信息。You can use the Get-Autoscalesetting cmdlet to retrieve more information about the autoscale setting.

以下示例显示了关于资源组 myrg1 中所有自动缩放设置的详细信息。The following example shows details about all autoscale settings in the resource group 'myrg1'.

Get-AzAutoscalesetting -ResourceGroup myrg1 -DetailedOutput

以下示例显示了关于资源组 myrg1 中所有自动缩放设置的详细信息,特别是名为 MyScaleVMSSSetting 的自动缩放设置的详细信息。The following example shows details about all autoscale settings in the resource group 'myrg1' and specifically the autoscale setting named 'MyScaleVMSSSetting'.

Get-AzAutoscalesetting -ResourceGroup myrg1 -Name MyScaleVMSSSetting -DetailedOutput

删除自动缩放设置Remove an autoscale setting

可以使用 Remove-Autoscalesetting cmdlet 来删除自动缩放设置。You can use the Remove-Autoscalesetting cmdlet to delete an autoscale setting.

Remove-AzAutoscalesetting -ResourceGroup myrg1 -Name MyScaleVMSSSetting

管理活动日志的日志配置文件Manage log profiles for activity log

可以创建日志配置文件并从活动日志中将数据导出到存储帐户,并且可以为其配置数据保留期。You can create a log profile and export data from your activity log to a storage account and you can configure data retention for it. 也可以选择将数据流式传输到事件中心。Optionally, you can also stream the data to your Event Hub. 目前仅预览版中具有此功能,并且每个订阅只能创建一个日志配置文件。This feature is currently in Preview and you can only create one log profile per subscription. 可以通过当前订阅使用以下 cmdlet 来创建和管理日志配置文件。You can use the following cmdlets with your current subscription to create and manage log profiles. 也可以选择一个特定订阅。You can also choose a particular subscription. 虽然 PowerShell 默认使用当前订阅,但可以使用 Set-AzContext随时更改。Although PowerShell defaults to the current subscription, you can always change that using Set-AzContext. 可以配置活动日志将数据路由到该订阅中的任何存储帐户或事件中心。You can configure activity log to route data to any storage account or Event Hub within that subscription. 以 JSON 格式将数据写为 blob 文件。Data is written as blob files in JSON format.

获取日志配置文件Get a log profile

若要提取现有日志配置文件,请使用 Get-AzLogProfile cmdlet。To fetch your existing log profiles, use the Get-AzLogProfile cmdlet.

添加没有数据保留期的日志配置文件Add a log profile without data retention

Add-AzLogProfile -Name my_log_profile_s1 -StorageAccountId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Storage/storageAccounts/my_storage -Location 'China East'

删除日志配置文件Remove a log profile

Remove-AzLogProfile -name my_log_profile_s1

添加有数据保留期的日志配置文件Add a log profile with data retention

可以用天数将 -RetentionInDays 属性指定为一个正整数,会在此期间保留数据。You can specify the -RetentionInDays property with the number of days, as a positive integer, where the data is retained.

Add-AzLogProfile -Name my_log_profile_s1 -StorageAccountId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Storage/storageAccounts/my_storage -Locations chinaeast -RetentionInDays 90

添加具有保留期和 EventHub 的日志配置文件Add log profile with retention and EventHub

除了将数据路由到存储帐户,还可以流式传输到事件中心。In addition to routing your data to storage account, you can also stream it to an Event Hub. 在此预览版本中,存储帐户配置是必需的,但事件中心配置是可选的。In this preview release the storage account configuration is mandatory but Event Hub configuration is optional.

Add-AzLogProfile -Name my_log_profile_s1 -StorageAccountId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Storage/storageAccounts/my_storage -serviceBusRuleId /subscriptions/s1/resourceGroups/Default-ServiceBus-chinaeast/providers/Microsoft.ServiceBus/namespaces/mytestSB/authorizationrules/RootManageSharedAccessKey -Locations chinaeast -RetentionInDays 90

配置诊断日志Configure diagnostics logs

许多 Azure 服务提供额外的日志和遥测数据,以便执行以下一项或多项操作:Many Azure services provide additional logs and telemetry that can do one or more of the following:

  • 配置为将数据存储在 Azure 存储帐户中be configured to save data in your Azure Storage account
  • 发送到事件中心sent to Event Hubs
  • 发送到 Log Analytics 工作区。sent to a Log Analytics workspace.

只能在资源级别执行该操作。The operation can only be performed at a resource level. 存储帐户或事件中心应与配置诊断设置的目标资源处于相同的区域中。The storage account or event hub should be present in the same region as the target resource where the diagnostics setting is configured.

获取诊断设置Get diagnostic setting

Get-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Logic/workflows/andy0315logicapp

禁用诊断设置Disable diagnostic setting

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Logic/workflows/andy0315logicapp -StorageAccountId /subscriptions/s1/resourceGroups/Default-Storage-Chinaeast/providers/Microsoft.Storage/storageAccounts/mystorageaccount -Enable $false

启用没有保留期的诊断设置Enable diagnostic setting without retention

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Logic/workflows/andy0315logicapp -StorageAccountId /subscriptions/s1/resourceGroups/Default-Storage-Chinaeast/providers/Microsoft.Storage/storageAccounts/mystorageaccount -Enable $true

启用有保留期的诊断设置Enable diagnostic setting with retention

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Logic/workflows/andy0315logicapp -StorageAccountId /subscriptions/s1/resourceGroups/Default-Storage-Chinaeast/providers/Microsoft.Storage/storageAccounts/mystorageaccount -Enable $true -RetentionEnabled $true -RetentionInDays 90

为特定日志类别启用有保留期的诊断设置Enable diagnostic setting with retention for a specific log category

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/insights-integration/providers/Microsoft.Network/networkSecurityGroups/viruela1 -StorageAccountId /subscriptions/s1/resourceGroups/myrg1/providers/Microsoft.Storage/storageAccounts/sakteststorage -Categories NetworkSecurityGroupEvent -Enable $true -RetentionEnabled $true -RetentionInDays 90

启用事件中心的诊断设置Enable diagnostic setting for Event Hubs

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/insights-integration/providers/Microsoft.Network/networkSecurityGroups/viruela1 -serviceBusRuleId /subscriptions/s1/resourceGroups/Default-ServiceBus-ChinaEast/providers/Microsoft.ServiceBus/namespaces/mytestSB/authorizationrules/RootManageSharedAccessKey -Enable $true

启用 Log Analytics 的诊断设置Enable diagnostic setting for Log Analytics

Set-AzDiagnosticSetting -ResourceId /subscriptions/s1/resourceGroups/insights-integration/providers/Microsoft.Network/networkSecurityGroups/viruela1 -WorkspaceId /subscriptions/s1/resourceGroups/insights-integration/providers/providers/microsoft.operationalinsights/workspaces/myWorkspace -Enabled $true

请注意,WorkspaceId 属性采用工作区的“资源 ID”。Note that the WorkspaceId property takes the resource ID of the workspace. 可以使用以下命令获取 Log Analytics 工作区的资源 ID:You can obtain the resource ID of your Log Analytics workspace using the following command:

(Get-AzOperationalInsightsWorkspace).ResourceId

可以组合这些命令以将数据发送到多个目标。These commands can be combined to send data to multiple destinations.