Audit the point in time restore action for continuous backup mode in Azure Cosmos DB

APPLIES TO: SQL API Table API Gremlin API Azure Cosmos DB API for MongoDB

Azure Cosmos DB provides you the list of all the point in time restores for continuous mode that were performed on a Cosmos DB account using Activity Logs. Activity logs can be viewed for any Cosmos DB account from the Activity Logs page in the Azure portal. The Activity Log shows all the operations that were triggered on the specific account. When a point in time restore is triggered, it shows up as Restore Database Account operation on the source account as well as the target account. The Activity Log for the source account can be used to audit restore events, and the activity logs on the target account can be used to get the updates about the progress of the restore.

Audit the restores that were triggered on a live database account

When a restore is triggered on a source account, a log is emitted with the status Started. And when the restore succeeds or fails, a new log is emitted with the status Succeeded or Failed respectively.

To get the list of just the restore operations that were triggered on a specific account, you can open the Activity Log of the source account, and search for Restore database account in the search bar with the required Timespan filter. The UserPrincipalName of the user that triggered the restore can be found from the Event initiated by column.

Screenshot of the Azure portal showing the Azure Cosmos DB restore audit activity log.

The parameters of the restore request can be found by clicking on the event and selecting the JSON tab:

Screenshot of the Azure portal Azure Cosmos DB restore audit activity log.

Audit the restores that were triggered on a deleted database account

For the accounts that were already deleted, there would not be any database account page. Instead, the Activity Log in the subscription page can be used to get the restores that were triggered on a deleted account. Once the Activity Log page is opened, a new filter can be added to narrow down the results specific to the resource group the account existed in, or even using the database account name in the Resource filter. The Resource for the activity log is the database account on which the restore was triggered.

Azure Cosmos DB restore audit activity log.

The activity logs can also be accessed using Azure CLI or Azure PowerShell. For more information on activity logs, review Azure Activity log - Azure Monitor.

Track the progress of the restore operation

Azure Cosmos DB allows you to track the progress of the restore using the activity logs of the restored database account. Once the restore is triggered, you will see a notification with the title Restore Account.

Screenshot of the Azure portal. The status of restored account changes from creating to online when the operation is complete.

The account status would be Creating, but it would have an Activity Log page. A new log event will appear after the restore of each collection. Note that there can be a delay of 5-10 minutes to see the log event after the actual restore of the collection is complete.

Next steps