Microsoft.Insights diagnosticSettings

Bicep resource definition

The diagnosticSettings resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

The diagnosticSettings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Resource format

To create a Microsoft.Insights/diagnosticSettings resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
  name: 'string'
  scope: resourceSymbolicName
  properties: {
    eventHubAuthorizationRuleId: 'string'
    eventHubName: 'string'
    logAnalyticsDestinationType: 'string'
    logs: [
      {
        category: 'string'
        categoryGroup: 'string'
        enabled: bool
        retentionPolicy: {
          days: int
          enabled: bool
        }
      }
    ]
    marketplacePartnerId: 'string'
    metrics: [
      {
        category: 'string'
        enabled: bool
        retentionPolicy: {
          days: int
          enabled: bool
        }
        timeGrain: 'string'
      }
    ]
    serviceBusRuleId: 'string'
    storageAccountId: 'string'
    workspaceId: 'string'
  }
}

Property values

diagnosticSettings

Name Description Value
name The resource name string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
properties Properties of a Diagnostic Settings Resource. DiagnosticSettings

DiagnosticSettings

Name Description Value
eventHubAuthorizationRuleId The resource Id for the event hub authorization rule. string
eventHubName The name of the event hub. If none is specified, the default event hub will be selected. string
logAnalyticsDestinationType A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type constructed as follows: {normalized service identity}_{normalized category name}. Possible values are: Dedicated and null (null is default.) string
logs The list of logs settings. LogSettings[]
marketplacePartnerId The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. string
metrics The list of metric settings. MetricSettings[]
serviceBusRuleId The service bus rule Id of the diagnostic setting. This is here to maintain backwards compatibility. string
storageAccountId The resource ID of the storage account to which you would like to send Diagnostic Logs. string
workspaceId The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs. Example: /subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2 string

LogSettings

Name Description Value
category Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
categoryGroup Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this log is enabled. bool (required)
retentionPolicy the retention policy for this log. RetentionPolicy

RetentionPolicy

Name Description Value
days the number of days for the retention in days. A value of 0 will retain the events indefinitely. int (required)

Constraints:
Min value = 0
enabled a value indicating whether the retention policy is enabled. bool (required)

MetricSettings

Name Description Value
category Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this category is enabled. bool (required)
retentionPolicy the retention policy for this category. RetentionPolicy
timeGrain the timegrain of the metric in ISO8601 format. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create and monitor API Management instance

Deploy to Azure
This template creates an instance of Azure API Management service and Log Analytics workspace and sets up monitoring for your API Management service with Log Analytics
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
creates an Azure Stack HCI 23H2 cluster

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
creates an Azure Stack HCI 23H2 cluster

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP
creates an Azure Stack HCI 23H2 cluster in Switchless-Dual-link Networking mode

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
creates an Azure Stack HCI 23H2 cluster in Switchless-SingleLink networking mode

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
Create a Redis Cache using a template

Deploy to Azure
This template creates an Azure Redis Cache with diagnostics data kept in a storage account.
Create a Premium Redis Cache with clustering

Deploy to Azure
This template shows how to configure clustering in a premium Azure Redis Cache instance.
Create Premium Redis Cache with data persistence

Deploy to Azure
This template shows how to configure persistence in a premium Azure Redis Cache instance.
Front Door Premium with WAF and Microsoft-managed rule sets

Deploy to Azure
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium with WAF and custom rule

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Azure Container Registry with Policies and Diagnostics

Deploy to Azure
Azure Container Registry with Policies and Diagnostics (bicep)
Azure Data Factory with Git and managed vnet configuration

Deploy to Azure
This template creates Azure Data Factory with Git configuration and managed virtual network.
Log Analytics workspace with solutions and data sources

Deploy to Azure
Deploys a Log Analytics workspace with specified solutions and data sources
Log Analytics workspace with VM Insights, Container Insights

Deploy to Azure
Deploys a Log Analytics workspace with VM Insights, Container Insights solutions and diagnostics.
Create Key Vault with logging enabled

Deploy to Azure
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with WAF and firewall policy

Deploy to Azure
This template creates an Application Gateway with WAF configured along with a firewall policy
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Create Azure Front Door in front of Azure API Management

Deploy to Azure
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management.
Network Security Group with diagnostic logs

Deploy to Azure
This template creates a Network Security Group with diagnostic logs and a resource lock
Virtual Network with diagnostic logs

Deploy to Azure
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies

Deploy to Azure
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Azure SQL Server with Auditing written to Event Hub

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Event Hub
Azure SQL Server with Auditing written to Log Analytics

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Log Analytics (OMS workspace)
Create SQL MI with configured sending of logs and metrics

Deploy to Azure
This template allows you to deploy SQL MI and additional resources used for storing logs and metrics (diagnostic workspace, storage account, event hub).
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.

ARM template resource definition

The diagnosticSettings resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

The diagnosticSettings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Remarks

For guidance on deploying monitoring solutions, see Create monitoring resources by using Bicep.

Resource format

To create a Microsoft.Insights/diagnosticSettings resource, add the following JSON to your template.

{
  "type": "Microsoft.Insights/diagnosticSettings",
  "apiVersion": "2021-05-01-preview",
  "name": "string",
  "scope": "string",
  "properties": {
    "eventHubAuthorizationRuleId": "string",
    "eventHubName": "string",
    "logAnalyticsDestinationType": "string",
    "logs": [
      {
        "category": "string",
        "categoryGroup": "string",
        "enabled": "bool",
        "retentionPolicy": {
          "days": "int",
          "enabled": "bool"
        }
      }
    ],
    "marketplacePartnerId": "string",
    "metrics": [
      {
        "category": "string",
        "enabled": "bool",
        "retentionPolicy": {
          "days": "int",
          "enabled": "bool"
        },
        "timeGrain": "string"
      }
    ],
    "serviceBusRuleId": "string",
    "storageAccountId": "string",
    "workspaceId": "string"
  }
}

Property values

diagnosticSettings

Name Description Value
type The resource type 'Microsoft.Insights/diagnosticSettings'
apiVersion The resource api version '2021-05-01-preview'
name The resource name string (required)
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
properties Properties of a Diagnostic Settings Resource. DiagnosticSettings

DiagnosticSettings

Name Description Value
eventHubAuthorizationRuleId The resource Id for the event hub authorization rule. string
eventHubName The name of the event hub. If none is specified, the default event hub will be selected. string
logAnalyticsDestinationType A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type constructed as follows: {normalized service identity}_{normalized category name}. Possible values are: Dedicated and null (null is default.) string
logs The list of logs settings. LogSettings[]
marketplacePartnerId The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. string
metrics The list of metric settings. MetricSettings[]
serviceBusRuleId The service bus rule Id of the diagnostic setting. This is here to maintain backwards compatibility. string
storageAccountId The resource ID of the storage account to which you would like to send Diagnostic Logs. string
workspaceId The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs. Example: /subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2 string

LogSettings

Name Description Value
category Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
categoryGroup Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this log is enabled. bool (required)
retentionPolicy the retention policy for this log. RetentionPolicy

RetentionPolicy

Name Description Value
days the number of days for the retention in days. A value of 0 will retain the events indefinitely. int (required)

Constraints:
Min value = 0
enabled a value indicating whether the retention policy is enabled. bool (required)

MetricSettings

Name Description Value
category Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this category is enabled. bool (required)
retentionPolicy the retention policy for this category. RetentionPolicy
timeGrain the timegrain of the metric in ISO8601 format. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS Cluster with a NAT Gateway and an Application Gateway

Deploy to Azure
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Create API Management in Internal VNet with App Gateway

Deploy to Azure
This template demonstrates how to Create a instance of Azure API Management on a private network protected by Azure Application Gateway.
Create and monitor API Management instance

Deploy to Azure
This template creates an instance of Azure API Management service and Log Analytics workspace and sets up monitoring for your API Management service with Log Analytics
Deploy a simple Azure Spring Apps microservice application

Deploy to Azure
This template deploys a simple Azure Spring Apps microservice application to run on Azure.
creates an Azure Stack HCI 23H2 cluster

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
creates an Azure Stack HCI 23H2 cluster

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template, using custom storage IP
creates an Azure Stack HCI 23H2 cluster in Switchless-Dual-link Networking mode

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
creates an Azure Stack HCI 23H2 cluster in Switchless-SingleLink networking mode

Deploy to Azure
This template creates an Azure Stack HCI 23H2 cluster using an ARM template.
Create a Redis Cache using a template

Deploy to Azure
This template creates an Azure Redis Cache with diagnostics data kept in a storage account.
Create a Premium Redis Cache with clustering

Deploy to Azure
This template shows how to configure clustering in a premium Azure Redis Cache instance.
Create Premium Redis Cache with data persistence

Deploy to Azure
This template shows how to configure persistence in a premium Azure Redis Cache instance.
Front Door Premium with WAF and Microsoft-managed rule sets

Deploy to Azure
This template creates a Front Door Premium including a web application firewall with the Microsoft-managed default and bot protection rule sets.
Front Door Standard/Premium with WAF and custom rule

Deploy to Azure
This template creates a Front Door Standard/Premium including a web application firewall with a custom rule.
Azure Container Registry with Policies and Diagnostics

Deploy to Azure
Azure Container Registry with Policies and Diagnostics (bicep)
Azure Data Factory with Git and managed vnet configuration

Deploy to Azure
This template creates Azure Data Factory with Git configuration and managed virtual network.
Log Analytics workspace with solutions and data sources

Deploy to Azure
Deploys a Log Analytics workspace with specified solutions and data sources
Log Analytics workspace with VM Insights, Container Insights

Deploy to Azure
Deploys a Log Analytics workspace with VM Insights, Container Insights solutions and diagnostics.
Create Key Vault with logging enabled

Deploy to Azure
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources.
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
Application Gateway with WAF and firewall policy

Deploy to Azure
This template creates an Application Gateway with WAF configured along with a firewall policy
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Create Azure Front Door in front of Azure API Management

Deploy to Azure
This sample demonstrates how to use Azure Front Door as a global load balancer in front of Azure API Management.
Network Security Group with diagnostic logs

Deploy to Azure
This template creates a Network Security Group with diagnostic logs and a resource lock
Virtual Network with diagnostic logs

Deploy to Azure
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet
Create Recovery Services Vault and Enable Diagnostics

Deploy to Azure
This template creates a Recovery Services Vault and enables diagnostics for Azure Backup. This also deploys storage account and oms workspace.
Create Recovery Services Vault with backup policies

Deploy to Azure
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock.
Azure SQL Server with Auditing written to Event Hub

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Event Hub
Azure SQL Server with Auditing written to Log Analytics

Deploy to Azure
This template allows you to deploy an Azure SQL server with Auditing enabled to write audit logs to Log Analytics (OMS workspace)
Create SQL MI with configured sending of logs and metrics

Deploy to Azure
This template allows you to deploy SQL MI and additional resources used for storing logs and metrics (diagnostic workspace, storage account, event hub).
Application Gateway with internal API Management and Web App

Deploy to Azure
Application Gateway routing Internet traffic to a virtual network (internal mode) API Management instance which services a web API hosted in an Azure Web App.

Terraform (AzAPI provider) resource definition

The diagnosticSettings resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

The diagnosticSettings resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Insights/diagnosticSettings resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Insights/diagnosticSettings@2021-05-01-preview"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      eventHubAuthorizationRuleId = "string"
      eventHubName = "string"
      logAnalyticsDestinationType = "string"
      logs = [
        {
          category = "string"
          categoryGroup = "string"
          enabled = bool
          retentionPolicy = {
            days = int
            enabled = bool
          }
        }
      ]
      marketplacePartnerId = "string"
      metrics = [
        {
          category = "string"
          enabled = bool
          retentionPolicy = {
            days = int
            enabled = bool
          }
          timeGrain = "string"
        }
      ]
      serviceBusRuleId = "string"
      storageAccountId = "string"
      workspaceId = "string"
    }
  })
}

Property values

diagnosticSettings

Name Description Value
type The resource type "Microsoft.Insights/diagnosticSettings@2021-05-01-preview"
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Properties of a Diagnostic Settings Resource. DiagnosticSettings

DiagnosticSettings

Name Description Value
eventHubAuthorizationRuleId The resource Id for the event hub authorization rule. string
eventHubName The name of the event hub. If none is specified, the default event hub will be selected. string
logAnalyticsDestinationType A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type constructed as follows: {normalized service identity}_{normalized category name}. Possible values are: Dedicated and null (null is default.) string
logs The list of logs settings. LogSettings[]
marketplacePartnerId The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. string
metrics The list of metric settings. MetricSettings[]
serviceBusRuleId The service bus rule Id of the diagnostic setting. This is here to maintain backwards compatibility. string
storageAccountId The resource ID of the storage account to which you would like to send Diagnostic Logs. string
workspaceId The full ARM resource ID of the Log Analytics workspace to which you would like to send Diagnostic Logs. Example: /subscriptions/4b9e8510-67ab-4e9a-95a9-e2f1e570ea9c/resourceGroups/insights-integration/providers/Microsoft.OperationalInsights/workspaces/viruela2 string

LogSettings

Name Description Value
category Name of a Diagnostic Log category for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
categoryGroup Name of a Diagnostic Log category group for a resource type this setting is applied to. To obtain the list of Diagnostic Log categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this log is enabled. bool (required)
retentionPolicy the retention policy for this log. RetentionPolicy

RetentionPolicy

Name Description Value
days the number of days for the retention in days. A value of 0 will retain the events indefinitely. int (required)

Constraints:
Min value = 0
enabled a value indicating whether the retention policy is enabled. bool (required)

MetricSettings

Name Description Value
category Name of a Diagnostic Metric category for a resource type this setting is applied to. To obtain the list of Diagnostic metric categories for a resource, first perform a GET diagnostic settings operation. string
enabled a value indicating whether this category is enabled. bool (required)
retentionPolicy the retention policy for this category. RetentionPolicy
timeGrain the timegrain of the metric in ISO8601 format. string