I am trying to create Azure Data Collection Rule using Terraform Please find below the code

******Local Block ****************

locals {
  data_collection_rule = {
   rule1 = {
     name = "001"
     data_flow = {
        streams = ["Microsoft-Event"]
        destinations= ["la--210586112"]
        transform_kql = "source"
        output_stream = "Microsoft-Event"
     }
      data_sources = {
        Windows_Event_Log = {
          streams        = ["Microsoft-WindowsEvent"]
          x_path_queries = ["Application!*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0)]]",
                            "Security!*[System[(band(Keywords,13510798882111488))]]",
                            "System!*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0)]]"]
          name           =  "eventLogsDataSource"
        }

      }
   }

   rule2 = {
    name = "002"
    data_flow = {
      streams = ["Microsoft-Syslog"]
      destinations= ["la--210586112"]
      transform_kql = "source"
      output_stream = "Microsoft-Syslog"

    }
    data_sources = {
      SysLog = {
        streams        = ["Microsoft-Syslog"]
        facility_names = [    
                                "alert",
                                "audit",
                                "auth",
                                "authpriv",
                                "clock",
                                "cron",
                                "daemon",
                                "ftp",
                                "kern",
                                "local0",
                                "local1",
                                "local2",
                                "local3",
                                "local4",
                                "local5",
                                "local6",
                                "local7",
                                "lpr",
                                "mail",
                                "news",
                                "nopri",
                                "ntp",
                                "syslog",
                                "user",
                                "uucp"
                              ]
        name           = "sysLogsDataSource-1688419672"
        log_levels     = "*"
      }
      }
    }

  }
}

****Resource Block *************

resource "azurerm_monitor_data_collection_rule" "amdcr" {
  for_each                    = local.data_collection_rule
  name                        = format("dcr-monitoring-%s-%s-%s",var.environment,var.location_short_name,each.value.name)
  resource_group_name         = module.resource_group.rg_name_subs
  location                    = var.location
  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.monitor_dce.id

  destinations {
    log_analytics {
      workspace_resource_id = module.log_analytics_workspace.id
      name                  = "dataCollectionRules_${each.value.name}_law"
    }
  }

  dynamic "data_flow" {
    for_each = each.value.data_flow != null ? [each.value.data_flow] : []
    content {
      streams        = data_flow.value.streams
      destinations   = data_flow.value.destinations
      transform_kql  = data_flow.value.transform_kql
      output_stream  = data_flow.value.output_stream
    }
  }

  dynamic "data_sources" {
    for_each = each.value.data_sources != null ? each.value.data_sources : {}
    content {
      

      dynamic "windows_event_log" {
        for_each = contains(keys(data_sources.value), "Windows_Event_Log") ? [1] : []
        content {
          streams        = lookup(data_sources.value.Windows_Event_Log, "streams", [])
          x_path_queries = lookup(data_sources.value.Windows_Event_Log, "x_path_queries", [])
          name           = lookup(data_sources.value.Windows_Event_Log, "name", "")
        }
      }

      dynamic "syslog" {
        for_each = contains(keys(data_sources.value), "SysLog") ? [1] : []
        content {
          streams        = lookup(data_sources.value.SysLog, "streams", [])
          facility_names = lookup(data_sources.value.SysLog, "facility_names", [])
          log_levels     = lookup(data_sources.value.SysLog, "log_levels", "*")
          name           = lookup(data_sources.value.SysLog, "name", "")
        }
      }
    }
  }
}

I am getting the below error while doing Terraform Apply

Error: creating Data Collection Rule (Subscription: "***"
│ Resource Group Name: "rg-management-prd-cus-001"
│ Data Collection Rule Name: "dcr-monitoring-prd-cus-001"): unexpected status 400 (400 Bad Request) with error: InvalidPayload: Data collection rule is invalid
│ 
│   with module.management_subscription[0].azurerm_monitor_data_collection_rule.amdcr["rule1"],
│   on subscriptions/management/management.tf line 751, in resource "azurerm_monitor_data_collection_rule" "amdcr":
│  751: resource "azurerm_monitor_data_collection_rule" "amdcr" {
│ 
│ creating Data Collection Rule (Subscription:
│ "***"
│ Resource Group Name: "rg-management-prd-cus-001"
│ Data Collection Rule Name: "dcr-monitoring-prd-cus-001"): unexpected status
│ 400 (400 Bad Request) with error: InvalidPayload: Data collection rule is
│ invalid
╵
╷
│ Error: creating Data Collection Rule (Subscription: "***"
│ Resource Group Name: "rg-management-prd-cus-001"
│ Data Collection Rule Name: "dcr-monitoring-prd-cus-002"): unexpected status 400 (400 Bad Request) with error: InvalidPayload: Data collection rule is invalid
│ 
│   with module.management_subscription[0].azurerm_monitor_data_collection_rule.amdcr["rule2"],
│   on subscriptions/management/management.tf line 751, in resource "azurerm_monitor_data_collection_rule" "amdcr":
│  751: resource "azurerm_monitor_data_collection_rule" "amdcr" {
│ 
│ creating Data Collection Rule (Subscription:
│ "***"
│ Resource Group Name: "rg-management-prd-cus-001"
│ Data Collection Rule Name: "dcr-monitoring-prd-cus-002"): unexpected status
│ 400 (400 Bad Request) with error: InvalidPayload: Data collection rule is
│ invalid