Merge pull request #224437 from shayoniseth/patch-126

prmerger-automator[bot] · web-flow · commit df4010731be1 · 2023-01-19T20:39:29.000Z
Update data-collection-rule-azure-monitor-agent.md
diff --git a/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md b/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md
@@ -131,7 +131,6 @@ When you paste the XPath query into the field on the **Add data source** screen,
 
 [ ![Screenshot that shows the steps to create an XPath query in the Windows Event Viewer.](media/data-collection-rule-azure-monitor-agent/data-collection-rule-extract-xpath.png) ](media/data-collection-rule-azure-monitor-agent/data-collection-rule-extract-xpath.png#lightbox)
 
-For a list of limitations in the XPath supported by Windows event log, see [XPath 1.0 limitations](/windows/win32/wes/consuming-events#xpath-10-limitations).
 
 > [!TIP]
 > You can use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPath query locally on your machine first. The following script shows an example:
@@ -155,9 +154,12 @@ Examples of using a custom XPath to filter events:
 | Collect all Critical, Error, Warning, and Information events from the System event log except for Event ID = 6 (Driver loaded) |  `System!*[System[(Level=1 or Level=2 or Level=3) and (EventID != 6)]]` |
 | Collect all success and failure Security events except for Event ID 4624 (Successful logon) |  `Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]` |
 
+> [!NOTE]
+> For a list of limitations in the XPath supported by Windows event log, see [XPath 1.0 limitations](/windows/win32/wes/consuming-events#xpath-10-limitations).  
+> For instance, you can use the "position", "Band", and "timediff" functions within the query but other functions like "starts-with" and "contains" are not currently supported.
 
 ## Next steps
 
 - [Collect text logs by using Azure Monitor Agent](data-collection-text-log.md).
 - Learn more about [Azure Monitor Agent](azure-monitor-agent-overview.md).
-- Learn more about [data collection rules](../essentials/data-collection-rule-overview.md).
+- Learn more about [data collection rules](../essentials/data-collection-rule-overview.md).
