updates

bwren · bwren · commit ec220387c2fe · 2022-02-22T09:55:54.000-08:00
diff --git a/articles/azure-monitor/essentials/data-collection-rule-structure.md b/articles/azure-monitor/essentials/data-collection-rule-structure.md
@@ -4,7 +4,7 @@ description: Details on the structure of different kinds of data collection rule
 ms.topic: conceptual
 author: bwren
 ms.author: bwren
-ms.date: 01/06/2022
+ms.date: 02/22/2022
 
 ---
 
@@ -17,17 +17,17 @@ ms.date: 01/06/2022
 ## Custom logs
 A DCR for  [custom logs](../logs/custom-logs-overview.md) contains the following sections:
 ### streamDeclarations
-This section contains the declaration of all the different types of data that will be sent via the HTTP endpoint directly into Log Analytics. Each stream is an object whose key represents the stream name (Must begin with *Custom-*) and whose value is the full list of top-level properties that the JSON data that will be sent will contain. Note that the shape of the data you send to the endpoint doesn't need to match that of the destination table. Rather, the output of the transform that is applied on top of the input data needs to match the destination shape. The possible data types that can be assigned to the properties are `string`, `int`, `long`, `real`, `boolean`, `dynamic`, and `dateTime`. Dynamic data should be represented by a `string`.
+This section contains the declaration of all the different types of data that will be sent via the HTTP endpoint directly into Log Analytics. Each stream is an object whose key represents the stream name (Must begin with *Custom-*) and whose value is the full list of top-level properties that the JSON data that will be sent will contain. Note that the shape of the data you send to the endpoint doesn't need to match that of the destination table. Rather, the output of the transform that is applied on top of the input data needs to match the destination shape. The possible data types that can be assigned to the properties are `string`, `int`, `long`, `real`, `boolean`, `dynamic`, and `datetime`. 
 
 ### destinations
-This section contains a declaration of all the destinations where the data will be sent. Only Log Analytics is currently supported as a destination. Each Log Analytics destination will require the full Workspace Resource ID, as well as a friendly name that will be used elsewhere in the DCR to refer to this workspace.  Only one destination is allowed per stream.
+This section contains a declaration of all the destinations where the data will be sent. Only Log Analytics is currently supported as a destination. Each Log Analytics destination will require the full Workspace Resource ID, as well as a friendly name that will be used elsewhere in the DCR to refer to this workspace.  
 
 ### dataFlows
 This section ties the other sections together. Defines the following for each stream declared in the `streamDeclarations` section:
 
 - `destination` from the `destinations` section where the data will be sent. 
 - `transformKql` which is the [transformation](data-collection-rule-transformations.md) applied to the data that was sent in the input shape described in the `streamDeclarations` section to the shape of the target table.
-- `outputStream` section, which describes which table in the workspace specified under the `destination` property the data will be ingested into. The value of the outputStream will have the `Microsoft-[tableName]` shape when data is being ingested into a standard Log Analytics table, or `Custom-[tableName]` when ingesting data into a custom-created table.
+- `outputStream` section, which describes which table in the workspace specified under the `destination` property the data will be ingested into. The value of the outputStream will have the `Microsoft-[tableName]` shape when data is being ingested into a standard Log Analytics table, or `Custom-[tableName]` when ingesting data into a custom-created table. Only one destination is allowed per stream.
 
 ## Azure Monitor agent
  A DCR for [Azure Monitor agent](../agents/data-collection-rule-azure-monitor-agent.md) contains the following sections:
diff --git a/articles/azure-monitor/logs/custom-logs-overview.md b/articles/azure-monitor/logs/custom-logs-overview.md
@@ -9,18 +9,24 @@ ms.date: 01/06/2022
 # Custom logs API in Azure Monitor Logs (Preview)
 With the DCR based custom logs API in Azure Monitor, you can send data to a Log Analytics workspace from any REST API client. This allows you to send data from virtually any source to [supported built-in tables](tables-feature-support.md) or to custom tables that you create. You can even extend the schema of built-in tables with custom columns.
 
+[!INCLUDE [Sign up for preview](../../includes/azure-monitor-custom-logs-signup.md)]
+
 > [!NOTE]
 > The custom logs API should not be confused with [custom logs](../agents/data-sources-custom-logs.md) data source with the legacy Log Analytics agent.
 ## Basic operation
 Your application sends data to a [data collection endpoint](../essentials/data-collection-endpoint-overview.md) which is a unique connection point for your subscription. The payload of your API call includes the source data formatted in JSON. The call specifies a [data collection rule](../essentials/data-collection-rule-overview.md) that understands the format of the source data, potentially filters and transforms it for the target table, and then directs it to a specific table in a specific workspace. You can modify the target table and workspace by modifying the data collection rule without any change to the REST API call or source data.
 
 
-
 ## Authentication
 Authentication for the custom logs API is performed at the data collection endpoint which uses standard Azure Resource Manager authentication. A common strategy is to use an Application ID and Application Key as described in [Tutorial: Add ingestion-time transformation to Azure Monitor Logs (preview)](tutorial-custom-logs.md).
 
 ## Tables
-Custom logs can send data to any custom table that you create and to [certain built-in tables](tables-feature-support.md) in your Log Analytics workspace. The target table must exist before you can send data to it. 
+Custom logs can send data to any custom table that you create and to certain built-in tables in your Log Analytics workspace. The target table must exist before you can send data to it. The following built-in tables are currently supported:
+
+- [CommonSecurityLog](/azure/azure-monitor/reference/tables/commonsecurityevent)
+- [SecurityEvents](/azure/azure-monitor/reference/tables/securityevents)
+- [Syslog](/azure/azure-monitor/reference/tables/syslog)
+- [WindowsEvents](/azure/azure-monitor/reference/tables/windowsevent)
 
 ## Source data
 The source data sent by your application is formatted in JSON and must match the structure expected by the data collection rule. It doesn't necessarily need to match the structure of the target table since the DCR can include a transformation to convert the data to match the table's structure.
diff --git a/articles/azure-monitor/logs/ingestion-time-transformations.md b/articles/azure-monitor/logs/ingestion-time-transformations.md
@@ -7,8 +7,9 @@ ms.date: 01/19/2022
 ---
 
 # Ingestion-time transformations in Azure Monitor Logs (preview)
-[Ingestion-time transformations](ingestion-time-transformations.md) allow you to manipulate incoming data before it's stored in a Log Analytics workspace. You can add data filtering, parsing and extraction, and control the structure of the data that gets ingested. 
+[Ingestion-time transformations](ingestion-time-transformations.md) allow you to manipulate incoming data before it's stored in a Log Analytics workspace. You can add data filtering, parsing and extraction, and control the structure of the data that gets ingested.in
 
+[!INCLUDE [Sign up for preview](../../includes/azure-monitor-custom-logs-signup.md)]
 
 ## Basic operation
 The transformation is a [KQL query](../essentials/data-collection-rule-transformations.md) that runs against the incoming data and modifies it before it's stored in the workspace. Transformations are defined separately for each table in the workspace. This article provides an overview of this feature and guidance for further details and samples. Configuration for ingestion-time transformation is stored in a workspace transformation DCR. You can either [create this DCR directly](tutorial-ingestion-time-transformations-api.md) or configure transformation [through the Azure portal](tutorial-ingestion-time-transformations.md). 
diff --git a/articles/azure-monitor/logs/tables-feature-support.md b/articles/azure-monitor/logs/tables-feature-support.md
@@ -78,7 +78,6 @@ The following list identifies which features are currently supported by differen
 | [AppServiceFileAuditLogs](/azure/azure-monitor/reference/tables/appservicefileauditlogs) | Yes  | | 
 | [AppServiceHTTPLogs](/azure/azure-monitor/reference/tables/appservicehttplogs) | Yes  | | 
 | [AppServicePlatformLogs](/azure/azure-monitor/reference/tables/appserviceplatformlogs) | Yes  | | 
-| [AsimDNSActivityLog](/azure/azure-monitor/reference/tables/asimdnsactivityLog ) | | Yes | 
 | [ATCExpressRouteCircuitIpfix](/azure/azure-monitor/reference/tables/atcexpressroutecircuitipfix) | Yes  | | 
 | [AuditLogs](/azure/azure-monitor/reference/tables/auditlogs) | Yes  | | 
 | [AutoscaleEvaluationsLog](/azure/azure-monitor/reference/tables/autoscaleevaluationslog) | Yes  | | 
diff --git a/articles/azure-monitor/toc.yml b/articles/azure-monitor/toc.yml
@@ -112,7 +112,7 @@ items:
     - name: Agent
       href: agents/data-collection-rule-sample-agent.md
     - name: Custom logs
-      href: agents/data-collection-rule-custom-logs.md
+      href: logs/data-collection-rule-sample-custom-logs.md
   - name: Azure CLI
     href: cli-samples.md
   - name: Monitor Logs in Azure CLI
diff --git a/includes/azure-monitor-custom-logs-signup.md b/includes/azure-monitor-custom-logs-signup.md
@@ -0,0 +1,15 @@
+---
+title: "include file" 
+description: "include file" 
+services: azure-monitor
+author: bwren
+tags: azure-service-management
+ms.topic: "include"
+ms.date: 02/22/2022
+ms.author: bwren
+ms.custom: "include file"
+---
+
+> [!NOTE]
+> This feature is currently in preview. Submit a request for it to be enabled in your subscriptions. Please sign up at https://aka.ms/CustomLogsOnboard.
+
diff --git a/includes/azure-monitor-limits-custom-logs.md b/includes/azure-monitor-limits-custom-logs.md
@@ -5,8 +5,8 @@ services: azure-monitor
 author: rboucher
 tags: azure-service-management
 ms.topic: "include"
-ms.date: 10/01/2020
-ms.author: robb
+ms.date: 02/22/2022
+ms.author: bwren
 ms.custom: "include file"
 ---
 
diff --git a/includes/azure-monitor-limits-data-collection-rules.md b/includes/azure-monitor-limits-data-collection-rules.md
@@ -5,8 +5,8 @@ services: azure-monitor
 author: rboucher
 tags: azure-service-management
 ms.topic: "include"
-ms.date: 10/01/2020
-ms.author: robb
+ms.date: 02/22/2022
+ms.author: bwren
 ms.custom: "include file"
 ---
 
