This article has not been completed yet. However, it may already contain helpful Information and therefore it has been published at this stage
Info:
All log tables in Azure Monitor Logs must have a TimeGenerated column populated with the timestamp of the logged event.
Var1 - Azure CLI:
Choose the bash mode.
az monitor log-analytics workspace table create --resource-group <Resource Group Name> --workspace-name <Workspace Name> -n <Tabel Name> --retention-time <Numer of Days> --columns <Column Name>=<Columntype> (e.g. Column1=string TimeGenerated=datetime) 
Var2 - PowerShell:
Choose the PowerShell mode.
$tableParams = @'
{
"properties": {
"schema": {
"name": "TEST2_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "DateTime"
},
{
"name": "TestColumn2",
"type": "String"
}
]
}
}
}
'@
Invoke-AzRestMethod -Path "/subscriptions/{subscription}/resourcegroups/{resourcegroup}/providers/microsoft.operationalinsights/workspaces/{workspace}/tables/MyTable_CL?api-version=2021-12-01-preview" -Method PUT -payload $tableParams
Var3 - Azure Portal:
Data Collection Endpoint:
Custom Log Table:
[
{
"TimeGenerated": "2014-11-08 15:55:55",
"TestColumn3": "Irgendein Text"
}
]
Additional helpful material:
Often you need a table, which matches the SYSLOG - table schematically.
Here you can find a script, with which you can create the table automatically.
$tableParams = @'
{
"properties": {
"schema": {
"name": "TEST2_CL",
"columns": [
{
"name": "TimeGenerated",
"type": "DateTime"
},
{
"name": "TestColumn2",
"type": "String"
}
]
}
}
}
'@
Invoke-AzRestMethod -Path "/subscriptions/{subscription}/resourcegroups/{resourcegroup}/providers/microsoft.operationalinsights/workspaces/{workspace}/tables/MyTable_CL?api-version=2021-12-01-preview" -Method PUT -payload $tableParamsReferences:
Add or delete tables and columns in Azure Monitor Logs - Azure Monitor
Create a table with a custom schema to collect logs from any data source.
