Azure Monitor Data Collector

Azure Monitor Data Collector (azure-monitor)

Specialized preset that wraps azure-monitor output parameters so deployments can ship datasets into Azure Log Analytics/Sentinel without hand-authoring http-post jobs.

Observability json

Minimal example

output:
  azure-monitor:
    shared-key: ~
    workspace-id: ~

JSON

{
  "output": {
    "azure-monitor": {
      "shared-key": null,
      "workspace-id": null
    }
  }
}

Contents

• Minimal example

• Fields

• Reliability

• Processing

• Endpoint

• Authentication

• Payload

• Diagnostics

• Schema

Fields

Field	Type	Required	Description
workspace-id Endpoint	string	✅	Azure Log Analytics workspace ID (customer ID).
shared-key Authentication	string	✅	Base64-encoded workspace shared key.
retry Reliability	Retry		Retry policy applied to Azure Monitor requests.
batch Processing	Batch		Batching behavior for upstream events.
ingestion-uri Endpoint	string		Full ingestion URI (defaults to https://{workspace}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01).
log-type Payload	string		Log-Type assigned inside Azure Monitor.
body-field Payload	field (string)		Restrict the payload to this field (must contain JSON). Examples: data_field
time-generated-field Payload	field (string)		ISO 8601 timestamp field mapped to time-generated-field. Examples: data_field
resource-id Payload	string		Azure Resource ID applied via x-ms-AzureResourceId.
api-version Endpoint	string		API version appended when ingestion_uri is omitted.
test-url Diagnostics	url (string)		Override endpoint during dry-runs (bypasses workspace+api_version). Examples: https://example.com/path

Reliability

Show fields

Field	Type	Required	Description
retry	Retry		Retry policy applied to Azure Monitor requests.

Processing

Show fields

Field	Type	Required	Description
batch	Batch		Batching behavior for upstream events.

Endpoint

Show fields

Field	Type	Required	Description
workspace-id	string	✅	Azure Log Analytics workspace ID (customer ID).
ingestion-uri	string		Full ingestion URI (defaults to https://{workspace}.ods.opinsights.azure.com/api/logs?api-version=2016-04-01).
api-version	string		API version appended when ingestion_uri is omitted.

Authentication

Show fields

Field	Type	Required	Description
shared-key	string	✅	Base64-encoded workspace shared key.

Payload

Show fields

Field	Type	Required	Description
log-type	string		Log-Type assigned inside Azure Monitor.
body-field	field (string)		Restrict the payload to this field (must contain JSON). Examples: data_field
time-generated-field	field (string)		ISO 8601 timestamp field mapped to time-generated-field. Examples: data_field
resource-id	string		Azure Resource ID applied via x-ms-AzureResourceId.

Diagnostics

Show fields

Field	Type	Required	Description
test-url	url (string)		Override endpoint during dry-runs (bypasses workspace+api_version). Examples: https://example.com/path

Schema

• Retry Fields
• Batch Fields
• Batch - Mode Options

Retry Fields

Field	Type	Required	Description
timeout	time-interval (string)	✅	timeout (e.g. 500ms, 2s etc. - default is 30). Examples: 500ms, 2h
retries	number (integer)		number of retries. Examples: 42, 1.2e-10

Batch Fields

Field	Type	Required	Description
fixed-size	number (integer)		maximum number of events in an output batch. Examples: 42, 1.2e-10
mode	Mode	✅	If ‘document’ send on end of document generated by input. If ‘fixed’, use fixed_size. Allowed values: fixed, document
timeout	time-interval (string)	✅	interval after which the batch is sent, to keep throughput going (default 100ms). Examples: 500ms, 2h
header	multiline-text (string)		put a header line before the batch.
footer	multiline-text (string)		put a header line after the last line of the batch.
use-document-marker	boolean (bool)		Enrich the job metadata with a document marker (for document handling in batch mode).
wrap-as-json	boolean (bool)		Format the output batch as a JSON array.

Batch - Mode Options

Value	Description
fixed	Fixed
document	Document