Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,666 questions
How to track back down the Caller IP Address to workstation?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 34%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Naija R C
20
Reputation points
Hi,
I am looking for retrieving user information from the REST API event details generated.
I have uploaded a file directly via the azure portal and collected the event details as JSON object using azure Event Hubs. I have given the REST API event's JSON object and the image of how I uploaded the file via azure portal for reference.
Now in the REST API event's JSON object, I got the caller IP address. So using this caller IP address how to track back down to workstation?
And I need another clarification, why didn't I get any user information like Requestor UPN in the event details? Is there any way to get UPN in the event details generated?
Event details of REST API event:
{
"time": "2023-01-19T06:43:07.2821147Z",
"resourceId": "XXXXX",
"category": "StorageWrite",
"operationName": "CreateFile",
"operationVersion": "2015-02-21",
"schemaVersion": "1.0",
"statusCode": 201,
"statusText": "Success",
"durationMs": 76,
"callerIpAddress": "XXXXX",
"correlationId": "XXXXX",
"identity": {
"type": "SAS",
"tokenHash": "key1(XXXXX),SasSignature(XXXXX)"
},
"location": "East US",
"properties": {
"accountName": "testaccount",
"userAgentHeader": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36",
"referrerHeader": "XXXXX",
"clientRequestId": "XXXXX",
"etag": "XXXXX",
"serviceType": "file",
"objectKey": "/testaccount",
"lastModifiedTime": "1/19/2023 6:43:07 AM",
"metricResponseType": "Success",
"serverLatencyMs": 66,
"requestHeaderSize": 932,
"responseHeaderSize": 330,
"tlsVersion": "TLS 1.2",
"accessTier": "TransactionOptimized"
},
"uri": "XXXXX",
"protocol": "HTTPS",
"resourceType": "Microsoft.Storage/storageAccounts/fileServices"
}
Azure Monitor
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,425 questions
Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,543 questions
Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
722 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT 17,336 Reputation points2023-01-26T21:28:44.1+00:00 @Naija R C Posting this related thread regarding the UPN question- [https://learn.microsoft.com/en-us/answers/questions/1163367/requestor-upn-is-missing-in-azure-file-share-event
In regard to tracking down to workstation using IP address, ideally, this information should be available with your organization's system admin etc., that looks after the Org's Active Directory. Does this answer your question? Please let me know. Thanks!
Sign in to comment
Sign in to answer