Azure Log Analytics Workspace delete container insights table
I am trying to remove a bunch of logs that have been collected in a LAW from container insights, specifically a table named 'ContainerLogs'.
There seems to be some limitations to this table as it is managed by the container insights solution and has the type "Azure Table" resulting in data only being deleted after retention period has passed.
I have removed the solution and the container insights resource as well as uninstalled the monitor agent from the machines which were being monitored and can verify by looking at the logs that there have been no logs ingested since:
The table and data from the last 30 days is still in the workspace (not unexpected), but I cannot delete it.
I'm assuming that it will automatically be removed within 30 days if I leave it, but I would like to decrease the amount of stored data before that.
I realize that I could delete the entire workspace but as it is also collecting diagnostic settings from other resources I would prefer not to.
Mainly I'm just interested in finding out if there is a way to achieve what I'm trying to do here, otherwise I might have to take this limitation into consideration for how I set up our infrastructure.
The current data will be kept until the specified retention period ends, as you already mentioned. After a workaround on your issue, I found that the retention period is set and cannot be changed for the "Azure Table" type, which includes the "ContainerLogs" table from Azure Monitor for containers.
So, export the data from workspace to some file or folder. After exporting the data, you need to save, you can remove it from the workspace.
It can be done using below PowerShell script:
$start = "<User defined>"
$end = "<User defined>"
$query = "ContainerLogs | where TimeGenerated >= datetime('$start') and TimeGenerated <= datetime('$end')"
$resultdata = Search-AzOperationalInsightsQuery -WorkspaceId "/subscriptions/xxxx/resourcegroups/$resourceGroup/providers/microsoft.operationalinsights/workspaces/$ws" -Query $query
$resultdata.Results | Export-Csv -Path "path to download"
$dquery = "ContainerLogs | where TimeGenerated >= datetime('$start') and TimeGenerated <= datetime('$end') | summarize count() by bin(TimeGenerated, 1d)"
Invoke-AzOperationalInsightsQuery -WorkspaceId "/subscriptions/xxxx/resourcegroups/$resourceGroup/providers/microsoft.operationalinsights/workspaces/$ws" -Query $dquery
- Azure Logic App HTTP Request Authentication Scope
- Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Creating a VM in Azure using Powershell
- Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
- Trigger azure function on user registration in b2c
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure DevOps Pipeline Expression Evaluation
- Using Event Hubs binding for Azure Functions with managed identities?
- How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
- Cosmos DB for MongoDB private endpoint requests blocked by network firewall
- Specifying SAS Token Authorization header with Azure REST API
- Databricks ui is different between different Azure Tenants with activated SCIM Integration
- Download large files in Azure image builder process
- TriggerBuild Could not queue the build because there were validation errors or warnings
- How to get the azure subscription current cost using PowerShell
- Azure Form Recognizer Set API Version
- How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?
- How do I login to an Azure AD Joined VM using Azure AD Credentials on an Windows Server 2019?
- Using the DATA OPERATIONS Select to return an array of a JSON output from a compose
- How to parse an XML embedded in a nvarchar column?
- Is there a CLI command on Azure to see console messages of a VM that is not booting up?
- MS Azure - Create new item in ADO error 400: Linking to a work item requires the full url
- 'Cannot use import statement outside a module' in Azure function
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Can the Azure Service Bus be delayed before retrying a message?