az monitor activity-log
Manage activity logs.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az monitor activity-log alert |
Manage activity log alert rules. |
Core | GA |
| az monitor activity-log alert action-group | Core | GA | |
| az monitor activity-log alert action-group add |
Add action groups to this activity log alert rule. It can also be used to overwrite existing webhook properties of particular action groups. |
Core | GA |
| az monitor activity-log alert action-group remove |
Remove action groups from this activity log alert rule. |
Core | GA |
| az monitor activity-log alert create |
Create a default activity log alert rule. |
Core | GA |
| az monitor activity-log alert delete |
Delete an activity log alert. |
Core | GA |
| az monitor activity-log alert list |
List activity log alert rules under a resource group or the current subscription. |
Core | GA |
| az monitor activity-log alert scope | Core | GA | |
| az monitor activity-log alert scope add |
Add scopes to this activity log alert rule. |
Core | GA |
| az monitor activity-log alert scope remove |
Removes scopes from this activity log alert rule. |
Core | GA |
| az monitor activity-log alert show |
Get an activity log alert. |
Core | GA |
| az monitor activity-log alert update |
Update a new activity log alert or update an existing one. |
Core | GA |
| az monitor activity-log list |
List and query activity log events. |
Core | GA |
| az monitor activity-log list-categories |
List the list of available event categories supported in the Activity Logs Service. |
Core | GA |
az monitor activity-log list
List and query activity log events.
az monitor activity-log list [--caller]
[--correlation-id]
[--end-time]
[--max-events]
[--namespace]
[--offset]
[--resource-group]
[--resource-id]
[--select {authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId}]
[--start-time]
[--status]Examples
List all events from July 1st, looking forward one week.
az monitor activity-log list --start-time 2018-07-01 --offset 7dList events within the past six hours based on a correlation ID.
az monitor activity-log list --correlation-id b5eac9d2-e829-4c9a-9efb-586d19417c5fList events within the past hour based on resource group.
az monitor activity-log list -g {ResourceGroup} --offset 1hOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Caller to query for, such as an e-mail address or service principal ID.
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
Correlation ID to query.
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
End time of the query. Defaults to the current time. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).
| Property | Value |
|---|---|
| Parameter group: | Time Arguments |
Maximum number of records to return.
| Property | Value |
|---|---|
| Default value: | 50 |
Resource provider namespace.
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
Time offset of the query range, in ##d##h format.
Can be used with either --start-time or --end-time. If used with --start-time, then the end time will be calculated by adding the offset. If used with --end-time (default), then the start time will be calculated by subtracting the offset. If --start-time and --end-time are provided, then --offset will be ignored.
| Property | Value |
|---|---|
| Parameter group: | Time Arguments |
| Default value: | 6h |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
ARM ID of a resource.
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
Space-separated list of properties to return.
| Property | Value |
|---|---|
| Accepted values: | authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId |
Start time of the query. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).
| Property | Value |
|---|---|
| Parameter group: | Time Arguments |
Status to query for (ex: Failed).
| Property | Value |
|---|---|
| Parameter group: | Filter Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az monitor activity-log list-categories
List the list of available event categories supported in the Activity Logs Service.
The current list includes the following: Administrative, Security, ServiceHealth, Alert, Recommendation, Policy.
az monitor activity-log list-categoriesGlobal Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
