dkooll
commented
1 month ago This falls under the classic tab
The Log Analytics agents won’t be supported as of August 31, 2024. Plan to migrate to Azure Monitor Agent prior to this date. If you’ve already installed Azure Monitor Agent, make sure to create and associate [data collection rules](https://portal.azure.com/#) to the agents.
Otherwise it could be something like
law = object({
name = string
location = string
resourcegroup = string
read_access_id = optional(string)
write_access_id = optional(string)
linked_storage = optional(map(object({
data_source_type = string
resourcegroup = optional(string)
storage_account_ids = list(string)
})))
windows_event_datasource = optional(map(object({
event_log_name = string
event_types = list(string)
})))
})
resource "azurerm_log_analytics_datasource_windows_event" "windows_events" {
for_each = lookup(var.law, "windows_event_datasource", {})
name = each.key
resource_group_name = var.law.resourcegroup
workspace_name = azurerm_log_analytics_workspace.ws.name
event_log_name = each.value.event_log_name
event_types = each.value.event_types
}Dont think we need to add this one for now, since the ama agents can have effect on this.
resource is available at https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_datasource_windows_event