Merge pull request #270674 from JeffreyWolford/patch-21

prmerger-automator[bot] · web-flow · commit e2aece472435 · 2024-03-29T20:47:07.000Z
Update data-collection-rule-azure-monitor-agent.md
diff --git a/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md b/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md
@@ -351,7 +351,7 @@ When you paste the XPath query into the field on the **Add data source** screen,
 
 
 > [!TIP]
-> You can use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPath query locally on your machine first. For more information, see the tip provided in the [Windows agent-based connections](../../sentinel/connect-services-windows-based.md) instructions. The [`Get-WinEvent`](/powershell/module/microsoft.powershell.diagnostics/get-winevent) PowerShell cmdlet supports up to 23 expressions. Azure Monitor data collection rules support up to 20. Also, `>` and `<` characters must be encoded as `&gt;` and `&lt;` in your data collection rule. The following script shows an example:
+> You can use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPath query locally on your machine first. For more information, see the tip provided in the [Windows agent-based connections](../../sentinel/connect-services-windows-based.md) instructions. The [`Get-WinEvent`](/powershell/module/microsoft.powershell.diagnostics/get-winevent) PowerShell cmdlet supports up to 23 expressions. Azure Monitor data collection rules support up to 20. The following script shows an example:
 >
 > ```powershell
 > $XPath = '*[System[EventID=1035]]'

Original file line number	Diff line number	Diff line change
`@@ -351,7 +351,7 @@ When you paste the XPath query into the field on the Add data source screen,`
`351`	`351`
`352`	`352`
`353`	`353`	`> [!TIP]`
`354`		-> You can use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPath query locally on your machine first. For more information, see the tip provided in the [Windows agent-based connections](../../sentinel/connect-services-windows-based.md) instructions. The [`Get-WinEvent`](/powershell/module/microsoft.powershell.diagnostics/get-winevent) PowerShell cmdlet supports up to 23 expressions. Azure Monitor data collection rules support up to 20. Also, `>` and `<` characters must be encoded as `>` and `<` in your data collection rule. The following script shows an example:
	`354`	+> You can use the PowerShell cmdlet `Get-WinEvent` with the `FilterXPath` parameter to test the validity of an XPath query locally on your machine first. For more information, see the tip provided in the [Windows agent-based connections](../../sentinel/connect-services-windows-based.md) instructions. The [`Get-WinEvent`](/powershell/module/microsoft.powershell.diagnostics/get-winevent) PowerShell cmdlet supports up to 23 expressions. Azure Monitor data collection rules support up to 20. The following script shows an example:
`355`	`355`	`>`
`356`	`356`	> ```powershell
`357`	`357`	`> $XPath = '*[System[EventID=1035]]'`