From 120b493fa6613117e987dab8c22a971005fc678d Mon Sep 17 00:00:00 2001
From: Jeffrey Wolford <44508835+JeffreyWolford@users.noreply.github.com>
Date: Wed, 23 Oct 2024 11:09:29 -0700
Subject: [PATCH 1/4] Adding instructions to use time delimited

---
 articles/azure-monitor/agents/data-collection-log-json.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/articles/azure-monitor/agents/data-collection-log-json.md b/articles/azure-monitor/agents/data-collection-log-json.md
index 554d8404ce..9ad046e6ad 100644
--- a/articles/azure-monitor/agents/data-collection-log-json.md
+++ b/articles/azure-monitor/agents/data-collection-log-json.md
@@ -111,7 +111,7 @@ Invoke-AzRestMethod -Path "/subscriptions/{subscription}/resourcegroups/{resourc
 ### Incoming stream schema
 
 > [!NOTE]
-> Multiline support that uses an [ISO 8601](https://wikipedia.org/wiki/ISO_8601) time stamp to delimited events is expected mid-October 2024
+> Multiline support that uses a time stamp to delimited events is now available
 
 JSON files include a property name with each value, and the incoming stream in the DCR needs to include a column matching the name of each property. You need to modify the `columns` section of the ARM template with the columns from your log.
 
@@ -138,6 +138,7 @@ Use the following ARM template to create a DCR for collecting text log files, ma
 | File patterns | Identifies the location and name of log files on the local disk. Use a wildcard for filenames that vary, for example when a new file is created each day with a new name. You can enter multiple file patterns separated by commas (AMA version 1.26 or higher required for multiple file patterns on Linux).<br><br>Examples:<br>- C:\Logs\MyLog.json<br>- C:\Logs\MyLog*.json<br>- C:\App01\AppLog.json, C:\App02\AppLog.json<br>- /var/mylog.json<br>- /var/mylog*.json |
 | Table name | Name of the destination table in your Log Analytics Workspace. |     
 | Workspace resource ID | Resource ID of the Log Analytics workspace with the target table. |
+| timeFormat| The following times formats are supported.  Use the quotes strings in your ARM template. Do not include the sample time that is in parentheses. <br> - “yyyy-MM-ddTHH:mm:ssk”   (2024-10-29T18:28:34) <br> - “YYYY-MM-DD HH:MM:SS”   (2024-10-29 18:28:34) <br> - “M/D/YYYY HH:MM:SS AM/PM”   (10/29/2024 06:28:34 PM) <br> - “Mon DD, YYYY HH:MM:SS”   (Oct[ober] 29, 2024 18:28:34) <br> - “yyMMdd HH:mm:ss”   (241029 18:28:34) <br> - “ddMMyy HH:mm:ss”   (291024 18:28:34) <br> - “MMM d HH:mm:ss”   (Oct 29 18:28:34) <br> - “dd/MMM/yyyy:HH:mm:ss zzz”   (14/Oct/2024:18:28:34 -00) |
 
 > [!IMPORTANT]
 > When you create the DCR using an ARM template, you still must associate the DCR with the agents that will use it. You can edit the DCR in the Azure portal and select the agents as described in [Add resources](../essentials/data-collection-rule-create-edit.md#add-resources)

From 4a239013dfaf03c2ced5332cc045d58418336cc7 Mon Sep 17 00:00:00 2001
From: Jeffrey Wolford <44508835+JeffreyWolford@users.noreply.github.com>
Date: Wed, 23 Oct 2024 11:48:22 -0700
Subject: [PATCH 2/4] Update data-collection-log-json.md

---
 .../agents/data-collection-log-json.md          | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/articles/azure-monitor/agents/data-collection-log-json.md b/articles/azure-monitor/agents/data-collection-log-json.md
index 9ad046e6ad..ee18b9c813 100644
--- a/articles/azure-monitor/agents/data-collection-log-json.md
+++ b/articles/azure-monitor/agents/data-collection-log-json.md
@@ -128,7 +128,7 @@ The [transformation](../essentials/data-collection-transformations.md) potential
 
 ### ARM template
 
-Use the following ARM template to create a DCR for collecting text log files, making the changes described in the previous sections. The following table describes the parameters that require values when you deploy the template.
+Use the following ARM template to create a DCR for collecting JSON log files, making the changes described in the previous sections. The following table describes the parameters that require values when you deploy the template.
 
 | Setting | Description |
 |:---|:---|
@@ -183,7 +183,13 @@ Use the following ARM template to create a DCR for collecting text log files, ma
             "metadata": {
                 "description": "Resource ID of the Log Analytics workspace with the target table."
             }
-        }
+        },
+        "timeFormat": {
+            "type": "string"
+            "metadata": {
+                "discription": "The time format that you would like to use to split multi line imput"
+            }
+      }
     },
     "variables": {
         "tableOutputStream": "[concat('Custom-', parameters('tableName'))]"
@@ -236,7 +242,12 @@ Use the following ARM template to create a DCR for collecting text log files, ma
                                 "[parameters('filePatterns')]"
                             ],
                             "format": "json",
-                            "name": "Custom-Json-stream"
+                            "name": "Custom-Json-stream",
+                            "settings": {
+                               "text": {
+                                   "recordStartTimestampFormat": "[parameters('timeFormat')]"
+                               }
+                            }
                         }
                     ]
                 },

From d2ece2dee813144fcdce51bbb3eddee9b78040d0 Mon Sep 17 00:00:00 2001
From: Jeffrey Wolford <44508835+JeffreyWolford@users.noreply.github.com>
Date: Thu, 12 Dec 2024 09:11:29 -0800
Subject: [PATCH 3/4] Update azure-monitor-agent-extension-versions.md

---
 .../agents/azure-monitor-agent-extension-versions.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md b/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
index 7b3124ac1d..0bd7c381b6 100644
--- a/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
+++ b/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
@@ -15,7 +15,7 @@ ms.reviewer: JeffWo
 This article describes the version details for the Azure Monitor Agent virtual machine extension. This extension deploys the agent on virtual machines, scale sets, and Arc-enabled servers (on-premises servers with Azure Arc agent installed).
 
 > [!Note]
-> The product group only supports Azure Monitoring Agent versions within the last 1 year. Customers should update to an agent version within this period.
+> Microsoft only supports Azure Monitoring Agent versions within the last 1 year. Customers should update to an agent version within this period. All fixes will be applied to the latest release only.
 
 We strongly recommend that you always update to the latest version, or opt in to the [Automatic Extension Update](/azure/virtual-machines/automatic-extension-upgrade) feature. Automatic extension rollout follows standard Azure deployment practices to safely deploy the latest version of the agent. You should expect automatic updates to take weeks to rollout the latest version. Upgrades are issued in batches, so you may see some of your virtual machines, scale-sets or Arc-enabled servers get upgraded before others.
 

From e8cbf0e621218a98e44d1e1444b56cc3d02e3abd Mon Sep 17 00:00:00 2001
From: Jeffrey Wolford <44508835+JeffreyWolford@users.noreply.github.com>
Date: Thu, 12 Dec 2024 09:15:05 -0800
Subject: [PATCH 4/4] Update azure-monitor-agent-extension-versions.md

---
 .../agents/azure-monitor-agent-extension-versions.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md b/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
index 0bd7c381b6..c86bf2c680 100644
--- a/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
+++ b/articles/azure-monitor/agents/azure-monitor-agent-extension-versions.md
@@ -15,7 +15,7 @@ ms.reviewer: JeffWo
 This article describes the version details for the Azure Monitor Agent virtual machine extension. This extension deploys the agent on virtual machines, scale sets, and Arc-enabled servers (on-premises servers with Azure Arc agent installed).
 
 > [!Note]
-> Microsoft only supports Azure Monitoring Agent versions within the last 1 year. Customers should update to an agent version within this period. All fixes will be applied to the latest release only.
+> Microsoft only supports Azure Monitoring Agent versions within the last 1 year. Customers should update to a version within this period. Microsoft will release all bug fixes in the latest version only.
 
 We strongly recommend that you always update to the latest version, or opt in to the [Automatic Extension Update](/azure/virtual-machines/automatic-extension-upgrade) feature. Automatic extension rollout follows standard Azure deployment practices to safely deploy the latest version of the agent. You should expect automatic updates to take weeks to rollout the latest version. Upgrades are issued in batches, so you may see some of your virtual machines, scale-sets or Arc-enabled servers get upgraded before others.