This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 33%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Hello,
I am trying to get Audit log for DevOps, most intressted when users are added/deleted as group members. How can I filter/select only that type of action/area in my request directly? I don't wanna get bunch of audit logs that i've tryied to accessed the logs.
For example I need only area as group or by actionId ( Group.UpdateGroupMembership. Add or Removed)
Thank you in advance.
Hello,
You can try the specific action https://audit service.dev.azure.com/<YourOrganization/_apis/audit/Group.UpdateGroupMembership
Or
https://audit service.dev.azure.com/<YourOrganization/_apis/audit/Group.UpdateGroupMembership.Add
Or
https://audit service.dev.azure.com/<YourOrganization/_apis/audit/Group.UpdateGroupMembership.Remove
Hello,
Thank you for your answer, I tried like that as you describe, but it doesnt work. Can you be more specific how my request should like?
Thanks in advance,
Marinela
@Marinela Boksan ,
To filter the audit logs in Azure DevOps to show only the actions related to adding or deleting group members, you can use the area and actionId fields in your request.
Here is an example of how you can use these fields in a REST API request:
GET https://dev.azure.com/{organization}/{project}/_apis/audit/events?api-version=6.1-preview.3
&area=Group
&actionId=Group.UpdateGroupMembership.Add,Group.UpdateGroupMembership.Remove
This request will retrieve only the audit events related to the Group area and have an actionId of Group.UpdateGroupMembership.Add or Group.UpdateGroupMembership.Remove.
You can also use the Azure DevOps web interface to filter the audit logs. To do this, go to the "Audit logs" page in the project settings, and use the filters on the page to select the Group area and the Add or Remove action.
Keep in mind that the audit logs in Azure DevOps are retained for a limited time (90 days by default), so you may not be able to retrieve all the events you are interested in if they occurred more than 90 days ago. You can change the retention period for the audit logs in the project settings.
----------
Please "Accept as Answer" and Upvote if any of the above helped so that it can help others in the community looking for remediation for similar issues.
service.dev.azure.com/<YourOrganization/_apis/audit/Group.UpdateGroupMembership