Merge pull request #216082 from paulth1/log-articles-batch-3

edit pass: Log articles batch 3

Author: ShawnJackson

articles/azure-monitor/logs/analyze-usage.md

@@ -34,7 +34,7 @@ If the table that you're targeting with DCR-based log collection fits the criter
 
 1. Configure your data collection rule (DCR) following procedures at [Send custom logs to Azure Monitor Logs using Resource Manager templates (preview)](tutorial-logs-ingestion-api.md) or [Add transformation in workspace data collection rule to Azure Monitor using resource manager templates (preview)](tutorial-workspace-transformations-api.md).
 
-1. If using the Logs ingestion API, also [configure the data collection endpoint (DCE)](tutorial-logs-ingestion-api.md#create-data-collection-endpoint) and the agent or component that will be sending data to the API.
+1. If using the Logs ingestion API, also [configure the data collection endpoint (DCE)](tutorial-logs-ingestion-api.md#create-a-data-collection-endpoint) and the agent or component that will be sending data to the API.
 
 1. Issue the following API call against your table. This call is idempotent, so there will be no effect if the table has already been migrated. 
 

articles/azure-monitor/logs/custom-logs-migrate.md

@@ -1,6 +1,6 @@
 ---
 title: Configure a Log Analytics workspace in Azure Monitor using PowerShell
-description: PowerShell samples showing how to configure a Log Analytics workspace in Azure Monitor to collect data from various data sources.
+description: PowerShell samples show how to configure a Log Analytics workspace in Azure Monitor to collect data from various data sources.
 ms.topic: conceptual
 author: guywi-ms
 ms.author: guywild
@@ -12,17 +12,17 @@ ms.custom: devx-track-azurepowershell
 ---
 # Configure a Log Analytics workspace in Azure Monitor using PowerShell
 
-The following sample script configures the workspace to collect multiple types of logs from virtual machines using the [Log Analytics agent](../agents/log-analytics-agent.md).
+The following sample script configures the workspace to collect multiple types of logs from virtual machines by using the [Log Analytics agent](../agents/log-analytics-agent.md).
 
 This script performs the following functions:
 
-1. Create a workspace
-1. Enable collection of IIS logs from computers with the Windows agent installed
-1. Collect Logical Disk perf counters from Linux computers (% Used Inodes; Free Megabytes; % Used Space; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec)
-1. Collect syslog events from Linux computers
-1. Collect Error and Warning events from the Application Event Log from Windows computers
-1. Collect Memory Available Mbytes performance counter from Windows computers
-1. Collect a custom log
+1. Create a workspace.
+1. Enable collection of IIS logs from computers with the Windows agent installed.
+1. Collect Logical Disk perf counters from Linux computers (% Used Inodes; Free Megabytes; % Used Space; Disk Transfers/sec; Disk Reads/sec; Disk Writes/sec).
+1. Collect Syslog events from Linux computers.
+1. Collect Error and Warning events from the Application Event Log from Windows computers.
+1. Collect Memory Available Mbytes performance counter from Windows computers.
+1. Collect a custom log.
 
 ```powershell
 $ResourceGroup = "my-resource-group"
@@ -63,11 +63,11 @@ New-AzOperationalInsightsCustomLogDataSource -ResourceGroupName $ResourceGroup -
 ```
 
 > [!NOTE]
-> The format for the **CustomLogRawJson** parameter which defines the configuration for a custom log can be complex. Use [Get-AzOperationalInsightsDataSource](/powershell/module/az.operationalinsights/get-azoperationalinsightsdatasource) to retrieve the configuration for an existing Custom Log. The **Properties** property is the configuration required for the **CustomLogRawJson** parameter.
+> The format for the `CustomLogRawJson` parameter that defines the configuration for a custom log can be complex. Use [Get-AzOperationalInsightsDataSource](/powershell/module/az.operationalinsights/get-azoperationalinsightsdatasource) to retrieve the configuration for an existing custom log. The `Properties` property is the configuration required for the `CustomLogRawJson` parameter.
 
-In the above example regexDelimiter was defined as "\\n" for newline. The log delimiter may also be a timestamp.  These are the supported formats:
+In the preceding example, `regexDelimiter` was defined as `\\n` for newline. The log delimiter might also be a timestamp. The following table lists the formats that are supported.
 
-| Format | Json RegEx format uses two `\\` for every `\` in a standard RegEx so if testing in a RegEx app reduce `\\` to `\` |
+| Format | JSON RegEx format uses two `\\` for every `\` in a standard RegEx, so if testing in a RegEx app, reduce `\\` to `\` |
 | --- | --- |
 | `YYYY-MM-DD HH:MM:SS` | `((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]` |
 | `M/D/YYYY HH:MM:SS AM/PM` | `(([0-1]\\d)|[0-9])/(([0-3]\\d)|(\\d))/((\\d{2})|(\\d{4}))\\s((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]\\s(AM|PM|am|pm)` |
@@ -82,13 +82,14 @@ In the above example regexDelimiter was defined as "\\n" for newline. The log de
 | `yyyy-MM-ddTHH:mm:ss` <br> The T is a literal letter T | `((\\d{2})|(\\d{4}))-([0-1]\\d)-(([0-3]\\d)|(\\d))T((\\d)|([0-1]\\d)|(2[0-4])):[0-5][0-9]:[0-5][0-9]` |
 
 ## Troubleshooting
-When you create a workspace that was deleted in the last 14 days and in [soft-delete state](../logs/delete-workspace.md#soft-delete-behavior), the operation could have different outcome depending on your workspace configuration:
-1. If you provide the same workspace name, resource group, subscription and region as in the deleted workspace, your workspace will be recovered including its data, configuration and connected agents.
-2. Workspace name must be unique per resource group. If you use a workspace name that is already exists, also in soft-delete in your resource group, you will get an error *The workspace name 'workspace-name' is not unique*, or *conflict*. To override the soft-delete and permanently delete your workspace and create a new workspace with the same name, follow these steps to recover the workspace first and perform permanent delete:
-   * [Recover](../logs/delete-workspace.md#recover-workspace) your workspace
-   * [Permanently delete](../logs/delete-workspace.md#permanent-workspace-delete) your workspace
-   * Create a new workspace using the same workspace name
+When you create a workspace that was deleted in the last 14 days and is in a [soft-delete state](../logs/delete-workspace.md#soft-delete-behavior), the operation could have a different outcome depending on your workspace configuration. For example:
 
+- If you provide the same workspace name, resource group, subscription, and region as in the deleted workspace, your workspace will be recovered. The recovered workspace includes data, configuration, and connected agents.
+- A workspace name must be unique per resource group. If you use a workspace name that already exists and is also in soft delete in your resource group, you'll get an error. The error will state "The workspace name 'workspace-name' is not unique" or "conflict." To override the soft delete, permanently delete your workspace, and create a new workspace with the same name, follow these steps to recover the workspace first and then perform a permanent delete:
+
+   * [Recover](../logs/delete-workspace.md#recover-workspace) your workspace.
+   * [Permanently delete](../logs/delete-workspace.md#permanent-workspace-delete) your workspace.
+   * Create a new workspace by using the same workspace name.
 
 ## Next steps
-* [Review Log Analytics PowerShell cmdlets](/powershell/module/az.operationalinsights/) for additional information on using PowerShell for configuration of Log Analytics.
+[Review Log Analytics PowerShell cmdlets](/powershell/module/az.operationalinsights/) for more information on using PowerShell for configuration of Log Analytics.

articles/azure-monitor/logs/powershell-workspace-configuration.md

@@ -1,6 +1,6 @@
 ---
 title: Save a query in Azure Monitor Log Analytics (preview) 
-description: Describes how to save a query in Log Analytics.
+description: This article describes how to save a query in Log Analytics.
 ms.subservice: logs
 ms.topic: article
 author: guywi-ms
@@ -10,44 +10,41 @@ ms.date: 06/22/2022
 ---
 
 # Save a query in Azure Monitor Log Analytics (preview)
-[Log queries](log-query-overview.md) are requests in Azure Monitor that allow you to process and retrieve data in a Log Analytics workspace. Saving a log queries allows you to:
+[Log queries](log-query-overview.md) are requests in Azure Monitor that you can use to process and retrieve data in a Log Analytics workspace. Saving a log query allows you to:
 
-- use the query in all Log Analytics context, including workspace and resource centric.
-- allow other users to run same query.
-- create a library of common queries for your organization.
+- Use the query in all Log Analytics contexts, including workspace and resource centric.
+- Allow other users to run the same query.
+- Create a library of common queries for your organization.
 
 ## Save options
-When you save a query, it's stored in a query pack which has the following benefits over the previous method of storing the query in a workspace. Saving to a query pack is the preferred method providing the following benefits:
+When you save a query, it's stored in a query pack, which has benefits over the previous method of storing the query in a workspace. Saving to a query pack is the preferred method, and it provides the following benefits:
 
 - Easier discoverability with the ability to filter and group queries by different properties.
-- Queries available when using a resource scope in Log Analytics.
-- Make queries available across subscriptions.
-- More data available to describe and categorize the query.
-
+- Queries are available when you use a resource scope in Log Analytics.
+- Queries are made available across subscriptions.
+- More data is available to describe and categorize the query.
 
 ## Save a query
 To save a query to a query pack, select **Save as Log Analytics Query** from the **Save** dropdown in Log Analytics.
 
-[![Save query menu](media/save-query/save-query.png)](media/save-query/save-query.png#lightbox)
+[![Screenshot that shows the Save query menu.](media/save-query/save-query.png)](media/save-query/save-query.png#lightbox)
 
-When you save a query to a query pack, the following dialog box is displayed where you can provide values for the query properties. The query properties are used for filtering and grouping of similar queries to help you find the query you're looking for. See [Query properties](queries.md#query-properties) for a detailed description of each property.
+When you save a query to a query pack, the following dialog box appears where you can provide values for the query properties. The query properties are used for filtering and grouping of similar queries to help you find the query you're looking for. For a detailed description of each property, see [Query properties](queries.md#query-properties).
 
-Most users should leave the option to **Save to the default query pack** which will save the query in the [default query pack](query-packs.md#default-query-pack). Uncheck this box if there are other query packs in your subscription. See [Query packs in Azure Monitor Logs](query-packs.md) for details on creating a new query pack.
+Most users should leave the option to **Save to the default query pack**, which will save the query in the [default query pack](query-packs.md#default-query-pack). Clear this checkbox if there are other query packs in your subscription. For information on how to create a new query pack, see [Query packs in Azure Monitor Logs](query-packs.md).
 
-[![Save query dialog](media/save-query/save-query-dialog.png)](media/save-query/save-query-dialog.png#lightbox)
+[![Screenshot that shows the Save as query dialog.](media/save-query/save-query-dialog.png)](media/save-query/save-query-dialog.png#lightbox)
 
 ## Edit a query
-You may want to edit a query that you already saved. This may be to change the query itself or modify any of its properties. After you open an existing query in Log Analytics, you can edit it by selecting **Edit query details** from the **Save** dropdown. This will allow you to save the edited query with the same properties or modify any properties before saving.
-
-If you want to save the query with a different name, then select **Save as Log Analytics Query** the same as if you were creating a new query. 
+You might want to edit a query that you've already saved. You might want to change the query itself or modify any of its properties. After you open an existing query in Log Analytics, you can edit it by selecting **Edit query details** from the **Save** dropdown. Now you can save the edited query with the same properties or modify any properties before saving.
 
+If you want to save the query with a different name, select **Save as Log Analytics Query** as if you were creating a new query.
 
 ## Save as a legacy query
-Saving as a legacy query is not recommended because of the advantages of query packs listed above. You can save a query to the workspace though to combine it with other queries that were save to the workspace before the release of query packs. 
-
-To save a legacy query,  select **Save as Log Analytics Query** from the **Save** dropdown in Log Analytics. Choose the  **Save as Legacy query** option. The only option available will be the legacy category.
+We don't recommend saving as a legacy query because of the advantages of query packs. You can save a query to the workspace to combine it with other queries that were saved to the workspace before the release of query packs.
 
+To save a legacy query, select **Save as Log Analytics Query** from the **Save** dropdown in Log Analytics. Choose the **Save as Legacy query** option. The only option available will be the legacy category.
 
 ## Next steps
 
-[Get started with KQL Queries](get-started-queries.md)
+[Get started with KQL queries](get-started-queries.md)