metadata: version: 1 description: Linux Syslog Example Queries data_environments: [LogAnalytics] data_families: [LinuxSyslog] tags: ['linux', 'syslog', 'example'] defaults: metadata: data_source: 'linux_syslog' parameters: table: description: Table name type: str default: 'Syslog' start: description: Query start time type: datetime end: description: Query end time type: datetime add_query_items: description: Additional query clauses type: str default: '' subscription_filter: description: Optional subscription/tenant filter expression type: str default: 'true' query_project: description: Column project statement type: str default: ' | project TenantId, Computer, Facility, TimeGenerated, HostName, SeverityLevel, SyslogMessage, ProcessID, ProcessName, HostIP, | extend TimeCreatedUtc=TimeGenerated' sources: syslog_example: description: Example query args: query: ' {table} | where {subscription_filter} | where TimeGenerated >= datetime({start}) | where TimeGenerated <= datetime({end}) | where Computer == "{host_name}" | take 5' parameters: host_name: description: Hostname to query for type: str