如何通过 API 使用 "between" 运算符清除 Log Analytics 工作区中的数据?
How to Purges data in an Log Analytics workspace with "between" operator by API?
我想清除具有 TimeGenerated 范围的自定义日志的数据。
样品申请
POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-00000000000/resourceGroups/OIAutoRest5123/providers/Microsoft.OperationalInsights/workspaces/aztest5048/purge?api-version=2020-08-01
请求正文
{
"table": "MY_CUSTOM_TABLE",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-02T04:00:00","2022-01-07T03:59:59"]
}
]
}
响应代码:400
响应正文:
{
"error": {
"message": "The request had some invalid properties",
"code": "BadArgumentError",
"correlationId": "00000000-0000-0000-0000-00000000000",
"innererror": {
"code": "QueryValidationError",
"message": "The user with object Id '00000000-0000-0000-0000-00000000000' does not have the role 'Data Purger' required to perform purge operation on this resource"
}
}
}
"message": "The user with object Id
'00000000-0000-0000-0000-00000000000' does not have the role 'Data
Purger' required to perform purge operation on this resource"
查看您在上面分享的错误消息,它还与访问问题有关。您需要对该资源具有 DataPurger RBAC 角色,才能对日志分析工作区中的特定 table 执行数据清除。
这里是有关 DataPurger RBAC 角色的更多信息的参考文档。
我们已经在本地环境中对此进行了测试,它工作正常。
在我们的本地环境中,我们尝试使用上面共享的 Purge REST API Azure Log Analytics 工作区来清除 heartbeat table。
如果您在 restAPI 的正文中使用 between 运算符,则该值应该是项目数组。
这是其余部分的示例请求和正文 API :
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/purge?api-version=2020-08-01
正文:
{
"table": "Heartbeat",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-18T05:40:00","2022-01-18T05:50:59"]
}
]
}
这里是示例输出以供参考:
我想清除具有 TimeGenerated 范围的自定义日志的数据。
样品申请
POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-00000000000/resourceGroups/OIAutoRest5123/providers/Microsoft.OperationalInsights/workspaces/aztest5048/purge?api-version=2020-08-01
请求正文
{
"table": "MY_CUSTOM_TABLE",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-02T04:00:00","2022-01-07T03:59:59"]
}
]
}
响应代码:400
响应正文:
{
"error": {
"message": "The request had some invalid properties",
"code": "BadArgumentError",
"correlationId": "00000000-0000-0000-0000-00000000000",
"innererror": {
"code": "QueryValidationError",
"message": "The user with object Id '00000000-0000-0000-0000-00000000000' does not have the role 'Data Purger' required to perform purge operation on this resource"
}
}
}
"message": "The user with object Id '00000000-0000-0000-0000-00000000000' does not have the role 'Data Purger' required to perform purge operation on this resource"
查看您在上面分享的错误消息,它还与访问问题有关。您需要对该资源具有 DataPurger RBAC 角色,才能对日志分析工作区中的特定 table 执行数据清除。
这里是有关 DataPurger RBAC 角色的更多信息的参考文档。
我们已经在本地环境中对此进行了测试,它工作正常。
在我们的本地环境中,我们尝试使用上面共享的 Purge REST API Azure Log Analytics 工作区来清除 heartbeat table。
如果您在 restAPI 的正文中使用 between 运算符,则该值应该是项目数组。
这是其余部分的示例请求和正文 API :
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/purge?api-version=2020-08-01
正文:
{
"table": "Heartbeat",
"filters": [
{
"column": "TimeGenerated",
"operator": "between",
"value": ["2022-01-18T05:40:00","2022-01-18T05:50:59"]
}
]
}
这里是示例输出以供参考: