ingestion api and remove samples

Author: bwren

.openpublishing.redirection.azure-monitor.json

@@ -6628,6 +6628,11 @@
             "source_path_from_root": "/articles/azure-monitor/essentials/data-collection.md",
             "redirect_url": "/azure/azure-monitor/essentials/data-collection-rules",
             "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/azure-monitor/agents/resource-manager-agent.md",
+            "redirect_url": "/azure/azure-monitor/essentials/data-collection-rule-create-edit?tabs=arm#manually-create-a-dcr",
+            "redirect_document_id": false
         }
     ]
 }

articles/azure-monitor/agents/resource-manager-data-collection-rules.md

@@ -294,10 +294,6 @@ resource association 'Microsoft.Insights/dataCollectionRuleAssociations@2021-09-
 ```
 ---
 
-The following tutorials include examples of manually creating DCRs.
-
-- [Send data to Azure Monitor using Logs ingestion API (Resource Manager templates)](../logs/tutorial-logs-ingestion-api.md)
-- [Add transformation in workspace data collection rule to Azure Monitor using Resource Manager templates](../logs/tutorial-workspace-transformations-api.md)
 
 ## Edit a DCR
 To edit a DCR, you can use any of the methods described in the previous section to create a DCR using a modified version of the JSON.

articles/azure-monitor/essentials/data-collection-rule-create-edit.md

@@ -2,7 +2,7 @@
 title: Logs Ingestion API in Azure Monitor
 description: Send data to a Log Analytics workspace using REST API or client libraries.
 ms.topic: conceptual
-ms.date: 11/15/2023
+ms.date: 03/23/2024
 
 ---
 
@@ -17,70 +17,6 @@ The data sent by your application to the API must be formatted in JSON and match
 
 :::image type="content" source="../essentials/media/data-collection-rule-overview/overview-log-ingestion-api.png" lightbox="../essentials/media/data-collection-rule-overview/overview-log-ingestion-api.png" alt-text="Diagram that shows an overview of logs ingestion API." border="false":::
 
-
-## Supported tables
-
-Data sent to the ingestion API can be sent to the following tables:
-
-| Tables | Description |
-|:---|:---|
-| Custom tables | Any custom table that you create in your Log Analytics workspace. The target table must exist before you can send data to it. Custom tables must have the `_CL` suffix. |
-| Azure tables | The following Azure tables are currently supported. Other tables may be added to this list as support for them is implemented.<br><br>
-- [ADAssessmentRecommendation](/azure/azure-monitor/reference/tables/adassessmentrecommendation)<br>
-- [ADSecurityAssessmentRecommendation](/azure/azure-monitor/reference/tables/adsecurityassessmentrecommendation)<br>
-- [ASimAuditEventLogs](/azure/azure-monitor/reference/tables/asimauditeventlogs)<br>
-- [ASimAuthenticationEventLogs](/azure/azure-monitor/reference/tables/asimauthenticationeventlogs)<br>
-- [ASimDhcpEventLogs](/azure/azure-monitor/reference/tables/asimdhcpeventlogs)<br>
-- [ASimDnsActivityLogs](/azure/azure-monitor/reference/tables/asimdnsactivitylogs)<br>
-- ASimDnsAuditLogs<br>
-- [ASimFileEventLogs](/azure/azure-monitor/reference/tables/asimfileeventlogs)<br>
-- [ASimNetworkSessionLogs](/azure/azure-monitor/reference/tables/asimnetworksessionlogs)<br>
-- [ASimProcessEventLogs](/azure/azure-monitor/reference/tables/asimprocesseventlogs)<br>
-- [ASimRegistryEventLogs](/azure/azure-monitor/reference/tables/asimregistryeventlogs)<br>
-- [ASimUserManagementActivityLogs](/azure/azure-monitor/reference/tables/asimusermanagementactivitylogs)<br>
-- [ASimWebSessionLogs](/azure/azure-monitor/reference/tables/asimwebsessionlogs)<br>
-- [AWSCloudTrail](/azure/azure-monitor/reference/tables/awscloudtrail)<br>
-- [AWSCloudWatch](/azure/azure-monitor/reference/tables/awscloudwatch)<br>
-- [AWSGuardDuty](/azure/azure-monitor/reference/tables/awsguardduty)<br>
-- [AWSVPCFlow](/azure/azure-monitor/reference/tables/awsvpcflow)<br>
-- [AzureAssessmentRecommendation](/azure/azure-monitor/reference/tables/azureassessmentrecommendation)<br>
-- [CommonSecurityLog](/azure/azure-monitor/reference/tables/commonsecuritylog)<br>
-- [DeviceTvmSecureConfigurationAssessmentKB](/azure/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb)<br>
-- [DeviceTvmSoftwareVulnerabilitiesKB](/azure/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb)<br>
-- [ExchangeAssessmentRecommendation](/azure/azure-monitor/reference/tables/exchangeassessmentrecommendation)<br>
-- [ExchangeOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation)<br>
-- [GCPAuditLogs](/azure/azure-monitor/reference/tables/gcpauditlogs)<br>
-- [GoogleCloudSCC](/azure/azure-monitor/reference/tables/googlecloudscc)<br>
-- [SCCMAssessmentRecommendation](/azure/azure-monitor/reference/tables/sccmassessmentrecommendation)<br>
-- [SCOMAssessmentRecommendation](/azure/azure-monitor/reference/tables/scomassessmentrecommendation)<br>
-- [SecurityEvent](/azure/azure-monitor/reference/tables/securityevent)<br>
-- [SfBAssessmentRecommendation](/azure/azure-monitor/reference/tables/sfbassessmentrecommendation)<br>
-- [SfBOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/sfbonlineassessmentrecommendation)<br>
-- [SharePointOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation)<br>
-- [SPAssessmentRecommendation](/azure/azure-monitor/reference/tables/spassessmentrecommendation)<br>
-- [SQLAssessmentRecommendation](/azure/azure-monitor/reference/tables/sqlassessmentrecommendation)<br>
-- StorageInsightsAccountPropertiesDaily<br>
-- StorageInsightsDailyMetrics<br>
-- StorageInsightsHourlyMetrics<br>
-- StorageInsightsMonthlyMetrics<br>
-- StorageInsightsWeeklyMetrics<br>
-- [Syslog](/azure/azure-monitor/reference/tables/syslog)<br>
-- [UCClient](/azure/azure-monitor/reference/tables/ucclient)<br>
-- [UCClientReadinessStatus](/azure/azure-monitor/reference/tables/ucclientreadinessstatus)<br>
-- [UCClientUpdateStatus](/azure/azure-monitor/reference/tables/ucclientupdatestatus)<br>
-- [UCDeviceAlert](/azure/azure-monitor/reference/tables/ucdevicealert)<br>
-- [UCDOAggregatedStatus](/azure/azure-monitor/reference/tables/ucdoaggregatedstatus)<br>
-- [UCDOStatus](/azure/azure-monitor/reference/tables/ucdostatus)<br>
-- [UCServiceUpdateStatus](/azure/azure-monitor/reference/tables/ucserviceupdatestatus)<br>
-- [UCUpdateAlert](/azure/azure-monitor/reference/tables/ucupdatealert)<br>
-- [WindowsClientAssessmentRecommendation](/azure/azure-monitor/reference/tables/windowsclientassessmentrecommendation)<br>
-- [WindowsEvent](/azure/azure-monitor/reference/tables/windowsevent)<br>
-- [WindowsServerAssessmentRecommendation](/azure/azure-monitor/reference/tables/windowsserverassessmentrecommendation)<br>
-
-
-> [!NOTE]
-> Column names must start with a letter and can consist of up to 45 alphanumeric characters and underscores (`_`).  `_ResourceId`, `id`, `_ResourceId`, `_SubscriptionId`, `TenantId`, `Type`, `UniqueId`, and `Title` are reserved column names. Custom columns you add to an Azure table must have the suffix `_CF`.
-
 ## Configuration
 The following table describes each component in Azure that you must configure before you can use the Logs Ingestion API.
 
@@ -171,6 +107,70 @@ Ensure that the request body is properly encoded in UTF-8 to prevent any issues
 
 See [Sample code to send data to Azure Monitor using Logs ingestion API](tutorial-logs-ingestion-code.md?tabs=powershell#sample-code) for an example of the API call using PowerShell.
 
+
+## Supported tables
+
+Data sent to the ingestion API can be sent to the following tables:
+
+| Tables | Description |
+|:---|:---|
+| Custom tables | Any custom table that you create in your Log Analytics workspace. The target table must exist before you can send data to it. Custom tables must have the `_CL` suffix. |
+| Azure tables | The following Azure tables are currently supported. Other tables may be added to this list as support for them is implemented.<br><br>
+- [ADAssessmentRecommendation](/azure/azure-monitor/reference/tables/adassessmentrecommendation)<br>
+- [ADSecurityAssessmentRecommendation](/azure/azure-monitor/reference/tables/adsecurityassessmentrecommendation)<br>
+- [ASimAuditEventLogs](/azure/azure-monitor/reference/tables/asimauditeventlogs)<br>
+- [ASimAuthenticationEventLogs](/azure/azure-monitor/reference/tables/asimauthenticationeventlogs)<br>
+- [ASimDhcpEventLogs](/azure/azure-monitor/reference/tables/asimdhcpeventlogs)<br>
+- [ASimDnsActivityLogs](/azure/azure-monitor/reference/tables/asimdnsactivitylogs)<br>
+- ASimDnsAuditLogs<br>
+- [ASimFileEventLogs](/azure/azure-monitor/reference/tables/asimfileeventlogs)<br>
+- [ASimNetworkSessionLogs](/azure/azure-monitor/reference/tables/asimnetworksessionlogs)<br>
+- [ASimProcessEventLogs](/azure/azure-monitor/reference/tables/asimprocesseventlogs)<br>
+- [ASimRegistryEventLogs](/azure/azure-monitor/reference/tables/asimregistryeventlogs)<br>
+- [ASimUserManagementActivityLogs](/azure/azure-monitor/reference/tables/asimusermanagementactivitylogs)<br>
+- [ASimWebSessionLogs](/azure/azure-monitor/reference/tables/asimwebsessionlogs)<br>
+- [AWSCloudTrail](/azure/azure-monitor/reference/tables/awscloudtrail)<br>
+- [AWSCloudWatch](/azure/azure-monitor/reference/tables/awscloudwatch)<br>
+- [AWSGuardDuty](/azure/azure-monitor/reference/tables/awsguardduty)<br>
+- [AWSVPCFlow](/azure/azure-monitor/reference/tables/awsvpcflow)<br>
+- [AzureAssessmentRecommendation](/azure/azure-monitor/reference/tables/azureassessmentrecommendation)<br>
+- [CommonSecurityLog](/azure/azure-monitor/reference/tables/commonsecuritylog)<br>
+- [DeviceTvmSecureConfigurationAssessmentKB](/azure/azure-monitor/reference/tables/devicetvmsecureconfigurationassessmentkb)<br>
+- [DeviceTvmSoftwareVulnerabilitiesKB](/azure/azure-monitor/reference/tables/devicetvmsoftwarevulnerabilitieskb)<br>
+- [ExchangeAssessmentRecommendation](/azure/azure-monitor/reference/tables/exchangeassessmentrecommendation)<br>
+- [ExchangeOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/exchangeonlineassessmentrecommendation)<br>
+- [GCPAuditLogs](/azure/azure-monitor/reference/tables/gcpauditlogs)<br>
+- [GoogleCloudSCC](/azure/azure-monitor/reference/tables/googlecloudscc)<br>
+- [SCCMAssessmentRecommendation](/azure/azure-monitor/reference/tables/sccmassessmentrecommendation)<br>
+- [SCOMAssessmentRecommendation](/azure/azure-monitor/reference/tables/scomassessmentrecommendation)<br>
+- [SecurityEvent](/azure/azure-monitor/reference/tables/securityevent)<br>
+- [SfBAssessmentRecommendation](/azure/azure-monitor/reference/tables/sfbassessmentrecommendation)<br>
+- [SfBOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/sfbonlineassessmentrecommendation)<br>
+- [SharePointOnlineAssessmentRecommendation](/azure/azure-monitor/reference/tables/sharepointonlineassessmentrecommendation)<br>
+- [SPAssessmentRecommendation](/azure/azure-monitor/reference/tables/spassessmentrecommendation)<br>
+- [SQLAssessmentRecommendation](/azure/azure-monitor/reference/tables/sqlassessmentrecommendation)<br>
+- StorageInsightsAccountPropertiesDaily<br>
+- StorageInsightsDailyMetrics<br>
+- StorageInsightsHourlyMetrics<br>
+- StorageInsightsMonthlyMetrics<br>
+- StorageInsightsWeeklyMetrics<br>
+- [Syslog](/azure/azure-monitor/reference/tables/syslog)<br>
+- [UCClient](/azure/azure-monitor/reference/tables/ucclient)<br>
+- [UCClientReadinessStatus](/azure/azure-monitor/reference/tables/ucclientreadinessstatus)<br>
+- [UCClientUpdateStatus](/azure/azure-monitor/reference/tables/ucclientupdatestatus)<br>
+- [UCDeviceAlert](/azure/azure-monitor/reference/tables/ucdevicealert)<br>
+- [UCDOAggregatedStatus](/azure/azure-monitor/reference/tables/ucdoaggregatedstatus)<br>
+- [UCDOStatus](/azure/azure-monitor/reference/tables/ucdostatus)<br>
+- [UCServiceUpdateStatus](/azure/azure-monitor/reference/tables/ucserviceupdatestatus)<br>
+- [UCUpdateAlert](/azure/azure-monitor/reference/tables/ucupdatealert)<br>
+- [WindowsClientAssessmentRecommendation](/azure/azure-monitor/reference/tables/windowsclientassessmentrecommendation)<br>
+- [WindowsEvent](/azure/azure-monitor/reference/tables/windowsevent)<br>
+- [WindowsServerAssessmentRecommendation](/azure/azure-monitor/reference/tables/windowsserverassessmentrecommendation)<br>
+
+
+> [!NOTE]
+> Column names must start with a letter and can consist of up to 45 alphanumeric characters and underscores (`_`).  `_ResourceId`, `id`, `_ResourceId`, `_SubscriptionId`, `TenantId`, `Type`, `UniqueId`, and `Title` are reserved column names. Custom columns you add to an Azure table must have the suffix `_CF`.
+
 ## Limits and restrictions
 
 For limits related to the Logs Ingestion API, see [Azure Monitor service limits](../service-limits.md#logs-ingestion-api).

articles/azure-monitor/essentials/media/data-collection-transformations/transformation-overview.png

@@ -1433,8 +1433,6 @@ items:
     items:
     - name: Overview
       href: resource-manager-samples.md
-    - name: Agents
-      href: agents/resource-manager-agent.md
     - name: Alerts
       items:
       - name: Log search alert rules