![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 41%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,656 questions
To determine who set up a diagnostic setting in Azure Monitor for an Azure Data Factory resource and when it was configured, you can follow these steps:
Step 1: Check the Activity Log in Azure
The Azure Activity Log captures all the operations and changes made to Azure resources, including the creation or modification of diagnostic settings.
- Navigate to the Azure Portal: Go to portal.azure.com.
- Go to the Activity Log:
- In the left-hand menu, search for "Activity Log" and select it.
- You can also access the Activity Log from within the Azure Data Factory resource itself. Navigate to the specific Data Factory, and then in the "Monitoring" section, select "Activity log."
- Filter the Activity Log:
- Set the filters to narrow down your search:
- Time range: Set the appropriate time range when you believe the diagnostic setting was configured.
- Resource: Select the specific Azure Data Factory resource.
- Operation: Look for operations related to "Microsoft.Insights/diagnosticSettings" or "diagnosticSettings/write."
- Set the filters to narrow down your search:
- Review the Results:
- Review the results for entries that indicate the creation or modification of diagnostic settings. These entries should show you the timestamp, the user who made the change, and the details of the operation.
Step 2: Use Azure Monitor Logs (Optional)
If the Activity Log doesn't provide enough detail or if you want more granular insights, you can query the logs via Azure Monitor Logs (Log Analytics).
- Navigate to Logs:
- In the Azure portal, navigate to "Monitor" and then select "Logs."
- Query the Logs:
- Use a query like the following to search for diagnostic settings changes:
ReplaceAzureActivity | where ResourceProvider == "MICROSOFT.INSIGHTS" and OperationNameValue == "MICROSOFT.INSIGHTS/DIAGNOSTICSETTINGS/WRITE" | where Resource == "<Your Data Factory Resource ID>" | project TimeGenerated, Caller, OperationName, Resource, Status<Your Data Factory Resource ID>with the actual ID of your Data Factory resource. - Analyze the Logs:
- This will give you a detailed view of who made changes to the diagnostic settings and when they were made.
Step 3: Review Resource Access
If necessary, you can also review the Azure Role-Based Access Control (RBAC) assignments to see who has permissions to modify diagnostic settings on the Data Factory resource.
- Navigate to the Azure Data Factory resource.
- Select "Access control (IAM)".
- Review the roles and assignments to identify users who have permissions to modify diagnostics.