az monitor activity-log

Manage activity logs.

Commands

Name	Description	Type	Status
az monitor activity-log alert	Manage activity log alert rules.	Core	GA
az monitor activity-log alert action-group		Core	GA
az monitor activity-log alert action-group add	Add action groups to this activity log alert rule. It can also be used to overwrite existing webhook properties of particular action groups.	Core	GA
az monitor activity-log alert action-group remove	Remove action groups from this activity log alert rule.	Core	GA
az monitor activity-log alert create	Create a default activity log alert rule.	Core	GA
az monitor activity-log alert delete	Delete an activity log alert.	Core	GA
az monitor activity-log alert list	List activity log alert rules under a resource group or the current subscription.	Core	GA
az monitor activity-log alert scope		Core	GA
az monitor activity-log alert scope add	Add scopes to this activity log alert rule.	Core	GA
az monitor activity-log alert scope remove	Removes scopes from this activity log alert rule.	Core	GA
az monitor activity-log alert show	Get an activity log alert.	Core	GA
az monitor activity-log alert update	Update a new activity log alert or update an existing one.	Core	GA
az monitor activity-log list	List and query activity log events.	Core	GA
az monitor activity-log list-categories	List the list of available event categories supported in the Activity Logs Service.	Core	GA

az monitor activity-log list

List and query activity log events.

az monitor activity-log list [--caller]
                             [--correlation-id]
                             [--end-time]
                             [--max-events]
                             [--namespace]
                             [--offset]
                             [--resource-group]
                             [--resource-id]
                             [--select {authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId}]
                             [--start-time]
                             [--status]

Examples

List all events from July 1st, looking forward one week.

az monitor activity-log list --start-time 2018-07-01 --offset 7d

List events within the past six hours based on a correlation ID.

az monitor activity-log list --correlation-id b5eac9d2-e829-4c9a-9efb-586d19417c5f

List events within the past hour based on resource group.

az monitor activity-log list -g {ResourceGroup} --offset 1h

Optional Parameters

--caller

Caller to query for, such as an e-mail address or service principal ID.

--correlation-id

Correlation ID to query.

--end-time

End time of the query. Defaults to the current time. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--max-events

Maximum number of records to return.

default value: 50

--namespace

Resource provider namespace.

--offset

Time offset of the query range, in ##d##h format.

Can be used with either --start-time or --end-time. If used with --start-time, then the end time will be calculated by adding the offset. If used with --end-time (default), then the start time will be calculated by subtracting the offset. If --start-time and --end-time are provided, then --offset will be ignored.

default value: 6h

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-id

ARM ID of a resource.

--select

Space-separated list of properties to return.

accepted values: authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId

--start-time

Start time of the query. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--status

Status to query for (ex: Failed).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az monitor activity-log list-categories

List the list of available event categories supported in the Activity Logs Service.

The current list includes the following: Administrative, Security, ServiceHealth, Alert, Recommendation, Policy.

az monitor activity-log list-categories

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.