Update data-collection-text-log.md

guywi-ms · guywi-ms · commit 968ab7cefa1f · 2022-12-07T17:21:34.000+02:00
diff --git a/articles/azure-monitor/agents/data-collection-text-log.md b/articles/azure-monitor/agents/data-collection-text-log.md
@@ -1,36 +1,26 @@
 ---
-title: Collect text and IIS logs with Azure Monitor agent (preview)
-description: Configure collection of filed-based text logs using a data collection rule on virtual machines with the Azure Monitor agent.
+title: Collect text logs with Azure Monitor Agent 
+description: Configure collection of filed-based text logs using a data collection rule on virtual machines with the Azure Monitor Agent.
 ms.topic: conceptual
 ms.date: 06/22/2022
 ms.reviewer: shseth
 
 ---
 
-# Collect text and IIS logs with Azure Monitor agent (preview)
-This article describes how to configure the collection of file-based text logs, including logs generated by IIS on Windows computers, with the [Azure Monitor agent](azure-monitor-agent-overview.md). Many applications log information to text files instead of standard logging services such as Windows Event log or Syslog. 
+# Collect text logs with Azure Monitor Agent
+This article describes how to configure the collection of file-based text logs with [Azure Monitor Agent](azure-monitor-agent-overview.md). Many applications log information to text files instead of standard logging services such as Windows Event log or Syslog. 
 
 
 ## Prerequisites
 To complete this procedure, you need the following: 
 
 - Log Analytics workspace where you have at least [contributor rights](../logs/manage-access.md#azure-rbac) .
 - [Permissions to create Data Collection Rule objects](../essentials/data-collection-rule-overview.md#permissions) in the workspace.
-- An agent with supported log file as described in the next section.
-- Azure Monitor collects entries from log files created by IIS, so you must configure IIS for logging. Azure Monitor only supports IIS log files stored in W3C format and does not support custom fields or IIS Advanced Logging. It does not collect logs in NCSA or IIS native format. Configure IIS logs in Azure Monitor from the Agent configuration menu for the Log Analytics agent. There is no configuration required other than selecting Collect W3C format IIS log files.
-
-## Log files supported
-IIS logs must be in W3C format. Other log files must meet the following criteria to be collected:
-
-- The log file must be stored on a local drive of a virtual machine, virtual machine scale set, or Arc enabled server with the Azure Monitor installed.
-- Each entry in the log file must be delineated with an [ISO 8601 formatted](https://www.iso.org/standard/40874.html) time stamp or an end of line.
-- The log file must not allow circular logging, log rotation where the file is overwritten with new entries, or the file is renamed and the same file name is reused for continued logging.
-
-
+- A machine that generates file-based text logs.
 ## Steps to collect text logs
 The steps to configure log collection are as follows. The detailed steps for each are provided in the sections below:
 
-1. Create a new table in your workspace to receive the collected data. (not required for IIS logs)
+1. Create a new table in your workspace to receive the collected data. 
 2. Create a data collection endpoint for the Azure Monitor agent to connect.
 3. Create a data collection rule to define the structure of the log file and destination of the collected data.
 4. Create association between the data collection rule and the agent collecting the log file.
@@ -41,9 +31,6 @@ The steps to configure log collection are as follows. The detailed steps for eac
 ## Create new table in Log Analytics workspace
 The custom table must be created before you can send data to it. When you create the table, you provide its name and a definition for each of its columns. 
 
->[!NOTE]
-> This step isn't required to collect an IIS log. The table [W3CIISLog](/azure/azure-monitor/reference/tables/w3ciislog) will be used for IIS logs.
-
 Use the **Tables - Update** API to create the table with the PowerShell code below. This code creates a table called *MyTable_CL* with two columns. Modify this schema to collect a different table. 
 
 > [!IMPORTANT]
@@ -308,96 +295,6 @@ The [data collection rule (DCR)](../essentials/data-collection-rule-overview.md)
     }
     ```
 
-    **Data collection rule for IIS log**
-
-    ```json
-    {
-        "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-        "contentVersion": "1.0.0.0",
-        "parameters": {
-            "dataCollectionRuleName": {
-                "type": "string",
-                "metadata": {
-                    "description": "Specifies the name of the Data Collection Rule to create."
-                }
-            },
-            "location": {
-                "type": "string",
-                "metadata": {
-                    "description": "Specifies the location in which to create the Data Collection Rule."
-                }
-            },
-            "workspaceName": {
-                "type": "string",
-                "metadata": {
-                    "description": "Name of the Log Analytics workspace to use."
-                }
-            },
-            "workspaceResourceId": {
-                "type": "string",
-                "metadata": {
-                    "description": "Specifies the Azure resource ID of the Log Analytics workspace to use."
-                }
-            },
-            "endpointResourceId": {
-                "type": "string",
-                "metadata": {
-                    "description": "Specifies the Azure resource ID of the Data Collection Endpoint to use."
-                }
-            }
-        },
-        "resources": [
-            {
-                "type": "Microsoft.Insights/dataCollectionRules",
-                "name": "[parameters('dataCollectionRuleName')]",
-                "location": "[parameters('location')]",
-                "apiVersion": "2021-09-01-preview",
-                "properties": {
-                    "dataCollectionEndpointId": "[parameters('endpointResourceId')]",
-                    "dataSources": {
-                        "iisLogs": [
-                            {
-                                "streams": [
-                                    "Microsoft-W3CIISLog"
-                                ],
-                                "logDirectories": [
-                                    "C:\\inetpub\\logs\\LogFiles\\W3SVC1\\"
-                                ],
-                                "name": "myIisLogsDataSource"
-                            }
-                        ]
-                    },
-                    "destinations": {
-                        "logAnalytics": [
-                            {
-                                "workspaceResourceId": "[parameters('workspaceResourceId')]",
-                                "name": "[parameters('workspaceName')]"
-                            }
-                        ]
-                    },
-                    "dataFlows": [
-                        {
-                            "streams": [
-                                "Microsoft-W3CIISLog"
-                            ],
-                            "destinations": [
-                                "[parameters('workspaceName')]"
-                            ],
-                            "transformKql": "source"
-                        }
-                    ]
-                }
-            }
-        ],
-        "outputs": {
-            "dataCollectionRuleId": {
-                "type": "string",
-                "value": "[resourceId('Microsoft.Insights/dataCollectionRules', parameters('dataCollectionRuleName'))]"
-            }
-        }
-    }
-    ```
-
 5. On the **Custom deployment** screen, specify a **Subscription** and **Resource group** to store the data collection rule and then provide values defined in the template. This includes a **Name** for the data collection rule and the **Workspace Resource ID** and **Endpoint Resource ID**. The **Location** should be the same location as the workspace. The **Region** will already be populated and is used for the location of the data collection rule.
 
     :::image type="content" source="media/data-collection-text-log/custom-deployment-values.png" lightbox="media/data-collection-text-log/custom-deployment-values.png" alt-text="Screenshot that shows the Custom Deployment screen in the portal to edit custom deployment values for data collection rule.":::
@@ -429,10 +326,9 @@ The final step is to create a data collection association that associates the da
 
     :::image type="content" source="media/data-collection-text-log/select-resources.png" lightbox="media/data-collection-text-log/select-resources.png" alt-text="Screenshot that shows the Resources pane in the portal to add resources to the data collection rule.":::
 
-## Troubleshooting - text logs
+## Troubleshooting
 Use the following steps to troubleshoot collection of text logs. 
 
-
 ### Check if any custom logs have been received
 Start by checking if any records have been collected for your custom log table by running the following query in Log Analytics. If no records are returned then check the other sections for possible causes. This query looks for entires in the last two days, but you can modify for another time range. It can take 5-7 minutes for new data from your tables to be uploaded.  Only new data will be uploaded any log file last written to prior to the DCR rules being created will not be uploaded.
 
@@ -533,83 +429,8 @@ If everything is configured properly, but you're still not collecting log data,
 4. Share the `AMAFiles.zip` file generated on the desktop.
 
 
-## Troubleshoot - IIS logs
-Use the following steps to troubleshoot collection of IIS logs. 
-
-### Check if any IIS logs have been received
-Start by checking if any records have been collected for your IIS logs by running the following query in Log Analytics. If no records are returned then check the other sections for possible causes. This query looks for entires in the last two days, but you can modify for another time range.
-
-``` kusto
-W3CIISLog
-| where TimeGenerated > ago(48h)
-| order by TimeGenerated desc
-```
-
-### Verify that the agent is sending heartbeats successfully
-Verify that Azure Monitor agent is communicating properly by running the following query in Log Analytics to check if there are any records in the Heartbeat table.
-
-``` kusto
-Heartbeat
-| where TimeGenerated > ago(24h)
-| where Computer has "<computer name>"
-| project TimeGenerated, Category, Version
-| order by TimeGenerated desc
-```
-
-### Verify that IIS logs are being created
-Look at the timestamps of the log files and open the latest to see that latest timestamps are present in the log files. The default location for IIS log files is C:\\inetpub\\LogFiles\\W3SVC1.
-
-:::image type="content" source="media/data-collection-text-log/iis-log-timestamp.png" lightbox="media/data-collection-text-log/iis-log-timestamp.png" alt-text="Screenshot of I I S log on agent machine showing the timestamp.":::
-
-### Verify that you specified the correct log location in the data collection rule
-The data collection rule will have a section similar to the following. The `logDirectories` element specifies the path to the log file to collect from the agent computer. Check the agent computer to verify that this is correct.
-
-``` json
-    "dataSources": [
-    {
-            "configuration": {
-                "logDirectories": ["C:\\scratch\\demo\\W3SVC1"]
-            },
-            "id": "myIisLogsDataSource",
-            "kind": "iisLog",
-            "streams": [{
-                    "stream": "ONPREM_IIS_BLOB_V2"
-                }
-            ],
-            "sendToChannels": ["gigl-dce-6a8e34db54bb4b6db22d99d86314eaee"]
-        }
-    ]
-```
-
-This directory should correspond to the location of the IIS logs on the agent machine.
-
-:::image type="content" source="media/data-collection-text-log/iis-log-files.png" lightbox="media/data-collection-text-log/iis-log-files.png" alt-text="Screenshot of I I S log files on agent machine.":::
-
-### Verify that the IIS logs are W3C formatted
-Open IIS Manager and verify that the logs are being written in W3C format.
-
-:::image type="content" source="media/data-collection-text-log/iis-log-format-setting.png" lightbox="media/data-collection-text-log/iis-log-format-setting.png" alt-text="Screenshot of I I S logging configuration dialog box on agent machine.":::
-
-Open IIS log on the agent machine to verify logs are in W3C format.
-
-:::image type="content" source="media/data-collection-text-log/iis-log-format.png" lightbox="media/data-collection-text-log/iis-log-format.png" alt-text="Screenshot of I I S log on agent machine showing the header specifies W3C format.":::
-
-
-
-### Share logs with Microsoft
-If everything is configured properly, but you're still not collecting log data, use the following procedure to collect diagnostics logs for Azure Monitor agent to share with the Azure Monitor group.
-
-1. Open an elevated PowerShell window.
-2. Change to directory `C:\Packages\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\[version]\`.
-3. Execute the script: `.\CollectAMALogs.ps1`.
-4. Share the `AMAFiles.zip` file generated on the desktop.
-
-
-
-
-
 ## Next steps
 
-- Learn more about the [Azure Monitor agent](azure-monitor-agent-overview.md).
+- Learn more about the [Azure Monitor Agent](azure-monitor-agent-overview.md).
 - Learn more about [data collection rules](../essentials/data-collection-rule-overview.md).
 - Learn more about [data collection endpoints](../essentials/data-collection-endpoint-overview.md).
