List Activity Logs
Provides the list of records from the activity logs.
External Documentation
To learn more, visit the Azure documentation.
Parameters
| Parameter | Description |
|---|---|
| Filter | Reduces the set of data collected. This argument is required and it also requires at least the start date/time. The $filter argument is very restricted and allows only the following patterns. - List events for a resource group: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceGroupName eq 'resourceGroupName'. - List events for resource: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceUri eq 'resourceURI'. - List events for a subscription in a time range: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z'. - List events for a resource provider: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceProvider eq 'resourceProviderName'. - List events for a correlation Id: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and correlationId eq 'correlationID'. NOTE: No other syntax is allowed. |
| Subscription ID | The Azure subscription Id. |
Example Output
{
"nextLink": "Provides the link to retrieve the next set of events.",
"value": [
{
"authorization": {
"action": "the permissible actions. For instance: microsoft.support/supporttickets/write",
"role": "the role of the user. For instance: Subscription Admin",
"scope": "the scope."
},
"caller": "the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability.",
"category": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"claims": {},
"correlationId": "the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation.",
"description": "the description of the event.",
"eventDataId": "the event data Id. This is a unique identifier for an event.",
"eventName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"eventTimestamp": "the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format.",
"httpRequest": {
"clientIpAddress": "the client Ip Address",
"clientRequestId": "the client request id.",
"method": "the Http request method.",
"uri": "the Uri."
},
"id": "the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information.",
"level": "the event level",
"operationId": "It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName.",
"operationName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"properties": {},
"resourceGroupName": "the resource group name of the impacted resource.",
"resourceId": "the resource uri that uniquely identifies the resource that caused this event.",
"resourceProviderName": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"resourceType": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"status": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"subStatus": {
"localizedValue": "the locale specific value.",
"value": "the invariant value."
},
"submissionTimestamp": "the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure.",
"subscriptionId": "the Azure subscription Id usually a GUID.",
"tenantId": "the Azure tenant Id"
}
]
}
Automation Library Example
List Activity Logs with Azure and Send Results Via Email
Preview this Automation on desktop