activity_logs
Creates, updates, deletes, gets or lists an activity_logs resource.
Overview
| Name | activity_logs |
| Type | Resource |
| Id | azure.monitor.activity_logs |
Fields
The following fields are returned by SELECT queries:
- list
Successful request to get a page of events in the activity logs
| Name | Datatype | Description |
|---|---|---|
id | string | the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information. |
authorization | object | The sender authorization information. |
caller | string | the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability. |
category | object | The localizable string class. |
claims | object | key value pairs to identify ARM permissions. |
correlationId | string | the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation. |
description | string | the description of the event. |
eventDataId | string | the event data Id. This is a unique identifier for an event. |
eventName | object | The localizable string class. |
eventTimestamp | string (date-time) | the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format. |
httpRequest | object | the HTTP request info. Usually includes the 'clientRequestId', 'clientIpAddress' (IP address of the user who initiated the event) and 'method' (HTTP method e.g. PUT). |
level | string | the event level |
operationId | string | It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName. |
operationName | object | The localizable string class. |
properties | object | the set of <Key, Value> pairs (usually a Dictionary<String, String>) that includes details about the event. |
resourceGroupName | string | the resource group name of the impacted resource. |
resourceId | string | the resource uri that uniquely identifies the resource that caused this event. |
resourceProviderName | object | The localizable string class. |
resourceType | object | The localizable string class. |
status | object | The localizable string class. |
subStatus | object | The localizable string class. |
submissionTimestamp | string (date-time) | the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure. |
subscriptionId | string | the Azure subscription Id usually a GUID. |
tenantId | string | the Azure tenant Id |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | $filter, subscriptionId | $select | Provides the list of records from the activity logs. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
$filter | string | Reduces the set of data collected. This argument is required and it also requires at least the start date/time. The $filter argument is very restricted and allows only the following patterns. - List events for a resource group: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceGroupName eq 'resourceGroupName'. - List events for resource: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceUri eq 'resourceURI'. - List events for a subscription in a time range: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z'. - List events for a resource provider: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceProvider eq 'resourceProviderName'. - List events for a correlation Id: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and correlationId eq 'correlationID'. NOTE: No other syntax is allowed. |
subscriptionId | string | The ID of the target subscription. |
$select | string | Used to fetch events with only the given properties. The $select argument is a comma separated list of property names to be returned. Possible values are: authorization, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, level, operationId, operationName, properties, resourceGroupName, resourceProviderName, resourceId, status, submissionTimestamp, subStatus, subscriptionId |
SELECT examples
- list
Provides the list of records from the activity logs.
SELECT
id,
authorization,
caller,
category,
claims,
correlationId,
description,
eventDataId,
eventName,
eventTimestamp,
httpRequest,
level,
operationId,
operationName,
properties,
resourceGroupName,
resourceId,
resourceProviderName,
resourceType,
status,
subStatus,
submissionTimestamp,
subscriptionId,
tenantId
FROM azure.monitor.activity_logs
WHERE $filter = '{{ $filter }}' -- required
AND subscriptionId = '{{ subscriptionId }}' -- required
AND $select = '{{ $select }}'
;