diff --git a/internal/services/monitor/monitor_data_collection_rule_data_source_test.go b/internal/services/monitor/monitor_data_collection_rule_data_source_test.go
index a444b863f136..287cf135b38b 100644
--- a/internal/services/monitor/monitor_data_collection_rule_data_source_test.go
+++ b/internal/services/monitor/monitor_data_collection_rule_data_source_test.go
@@ -32,7 +32,7 @@ func TestAccMonitorDataCollectionRuleDataSource_complete(t *testing.T) {
 				check.That(data.ResourceName).Key("data_sources.0.performance_counter.#").HasValue("2"),
 				check.That(data.ResourceName).Key("data_sources.0.performance_counter.1.sampling_frequency_in_seconds").HasValue("20"),
 				check.That(data.ResourceName).Key("data_sources.0.performance_counter.1.name").HasValue("test-datasource-perfcounter2"),
-				check.That(data.ResourceName).Key("data_sources.0.windows_event_log.0.x_path_queries.0").HasValue("*[System/Level=1]"),
+				check.That(data.ResourceName).Key("data_sources.0.windows_event_log.0.x_path_queries.0").HasValue("System!*[System[EventID=4648]]"),
 				check.That(data.ResourceName).Key("data_sources.0.extension.0.extension_json").Exists(),
 			),
 		},
diff --git a/internal/services/monitor/monitor_data_collection_rule_resource_test.go b/internal/services/monitor/monitor_data_collection_rule_resource_test.go
index 3a41750b2384..1f1d84d34ad1 100644
--- a/internal/services/monitor/monitor_data_collection_rule_resource_test.go
+++ b/internal/services/monitor/monitor_data_collection_rule_resource_test.go
@@ -178,7 +178,7 @@ resource "azurerm_monitor_data_collection_rule" "test" {
     }
     performance_counter {
       streams                       = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
-      sampling_frequency_in_seconds = 10
+      sampling_frequency_in_seconds = 60
       counter_specifiers            = ["Processor(*)\\%% Processor Time"]
       name                          = "test-datasource-perfcounter"
     }
@@ -289,7 +289,7 @@ resource "azurerm_monitor_data_collection_rule" "test" {
 
     performance_counter {
       streams                       = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
-      sampling_frequency_in_seconds = 10
+      sampling_frequency_in_seconds = 60
       counter_specifiers = [
         "Processor(*)\\%% Processor Time",
         "Processor(*)\\%% Idle Time",
@@ -321,7 +321,7 @@ resource "azurerm_monitor_data_collection_rule" "test" {
 
     windows_event_log {
       streams        = ["Microsoft-WindowsEvent"]
-      x_path_queries = ["*[System/Level=1]"]
+      x_path_queries = ["System!*[System[EventID=4648]]"]
       name           = "test-datasource-wineventlog"
     }
 
@@ -348,10 +348,6 @@ resource "azurerm_monitor_data_collection_rule" "test" {
     azurerm_log_analytics_solution.test2,
   ]
 }
-
-
-
-
 `, r.template(data), data.RandomInteger)
 }
 
diff --git a/website/docs/r/monitor_data_collection_rule.html.markdown b/website/docs/r/monitor_data_collection_rule.html.markdown
index da463a05b1b2..35bb05e7a351 100644
--- a/website/docs/r/monitor_data_collection_rule.html.markdown
+++ b/website/docs/r/monitor_data_collection_rule.html.markdown
@@ -194,7 +194,7 @@ A `performance_counter` block supports the following:
 
 * `name` - (Required) The name which should be used for this data source. This name should be unique across all data sources regardless of type within the Data Collection Rule.
 
-* `sampling_frequency_in_seconds` - (Required) The number of seconds between consecutive counter measurements (samples). The value should be integer between `1` and `300` inclusive.
+* `sampling_frequency_in_seconds` - (Required) The number of seconds between consecutive counter measurements (samples). The value should be integer between `1` and `300` inclusive. `sampling_frequency_in_seconds` must be equal to `60` seconds for counters collected with `Microsoft-InsightsMetrics` stream.
 
 * `streams` - (Required) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-InsightsMetrics`,and `Microsoft-Perf`.
 
@@ -220,7 +220,7 @@ A `windows_event_log` block supports the following:
 
 * `streams` - (Required) Specifies a list of streams that this data source will be sent to. A stream indicates what schema will be used for this data and usually what table in Log Analytics the data will be sent to. Possible values include but not limited to `Microsoft-Event`,and `Microsoft-WindowsEvent`, `Microsoft-RomeDetectionEvent`, and `Microsoft-SecurityEvent`.
 
-* `x_path_queries` - (Required) Specifies a list of Windows Event Log queries in XPath expression.
+* `x_path_queries` - (Required) Specifies a list of Windows Event Log queries in XPath expression. Please see [this document](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent?tabs=cli#filter-events-using-xpath-queries) for more information.
 
 ## Attributes Reference