Skip to content

Azure Monitor Data Collector

Azure Monitor Data Collector (`azure-monitor`)

Specialized preset that wraps azure-monitor output parameters so deployments can ship datasets into Azure Log Analytics/Sentinel without hand-authoring http-post jobs.

Observability json

Minimal example

output:
  azure-monitor:
    shared-key: ~
    workspace-id: ~

JSON

{
  "output": {
    "azure-monitor": {
      "shared-key": null,
      "workspace-id": null
    }
  }
}

Contents

Minimal example
Authentication
Diagnostics
Endpoint
Payload
Processing
Reliability
Schema

Authentication

Authentication

Field	Type	Required	Description
`shared-key`	`string`	✅	Base64-encoded workspace shared key.

Diagnostics

Diagnostics

Field	Type	Required	Description
`test-url`	`url` (`string`)		Override endpoint during dry-runs (bypasses workspace+api_version). Examples: `https://example.com/path`

Endpoint

Endpoint

Field	Type	Required	Description
`workspace-id`	`string`	✅	Azure Log Analytics workspace ID (customer ID).
`ingestion-uri`	`string`		Full ingestion URI (defaults to https://{workspace}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01).
`api-version`	`string`		API version appended when `ingestion_uri` is omitted.

Payload

Payload

Field	Type	Required	Description
`log-type`	`string`		Log-Type assigned inside Azure Monitor.
`body-field`	`field` (`string`)		Restrict the payload to this field (must contain JSON). Examples: `data_field`
`time-generated-field`	`field` (`string`)		ISO 8601 timestamp field mapped to `time-generated-field`. Examples: `data_field`
`resource-id`	`string`		Azure Resource ID applied via `x-ms-AzureResourceId`.

Processing

Processing

Field	Type	Required	Description
`batch`	`Batch`		Batching behavior for upstream events.

Reliability

Reliability

Field	Type	Required	Description
`retry`	`Retry`		Retry policy applied to Azure Monitor requests.

Schema

Batch Fields
Retry Fields
Batch - Mode Options

Batch Fields

Field	Type	Required	Description
`fixed-size` ✓	`number` (`integer`)		maximum number of events in an output batch. Examples: `42`, `1.2e-10`
`mode`	`Mode`	✅	If ‘document’ send on end of document generated by input. If ‘fixed’, use `fixed_size`. Allowed values: `fixed`, `document`
`timeout`	`time-interval` (`string`)	✅	interval after which the batch is sent, to keep throughput going (default 100ms). Default: `100ms` Examples: `500ms`, `2h`
`header`	`multiline-text` (`string`)		put a header line before the batch.
`footer`	`multiline-text` (`string`)		put a header line after the last line of the batch.
`use-document-marker` ✓	`boolean` (`bool`)		Enrich the job metadata with a document marker (for document handling in batch mode). Default: `false`
`wrap-as-json` ✓	`boolean` (`bool`)		Format the output batch as a JSON array. Default: `false`

Retry Fields

Field	Type	Required	Description
`timeout`	`time-interval` (`string`)	✅	timeout (e.g. 500ms, 2s etc. - default is 30). Examples: `500ms`, `2h`
`retries`	`number` (`integer`)		number of retries. Examples: `42`, `1.2e-10`

Batch - Mode Options

Value	Name	Description
`fixed`	fixed	Fixed
`document`	document	Document