az policy event
Manage policy events.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az policy event list |
List policy events. |
Core | GA |
az policy event list
List policy events.
az policy event list [--apply]
[--filter]
[--from]
[--management-group]
[--namespace]
[--order-by]
[--parent]
[--policy-assignment]
[--policy-definition]
[--policy-set-definition]
[--resource]
[--resource-group]
[--resource-type]
[--select]
[--to]
[--top]Examples
Get policy events at current subscription scope created in the last day.
az policy event listGet policy events at management group scope.
az policy event list -m "myMg"Get policy events at resource group scope in current subscription.
az policy event list -g "myRg"Get policy events for a resource using resource ID.
az policy event list --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup /providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1"Get policy events for a resource using resource name.
az policy event list --resource "myKeyVault" --namespace "Microsoft.KeyVault" --resource-type "vaults" -g "myresourcegroup"Get policy events for a nested resource using resource name.
az policy event list --resource "myRule1" --namespace "Microsoft.Network" --resource-type "securityRules" --parent "networkSecurityGroups/mysecuritygroup1" -g "myresourcegroup"Get policy events for a policy set definition in current subscription.
az policy event list -s "fff58873-fff8-fff5-fffc-fffbe7c9d697"Get policy events for a policy definition in current subscription.
az policy event list -d "fff69973-fff8-fff5-fffc-fffbe7c9d698"Get policy events for a policy assignment in current subscription.
az policy event list -a "ddd8ef92e3714a5ea3d208c1"Get policy events for a policy assignment in the specified resource group in current subscription.
az policy event list -g "myRg" -a "ddd8ef92e3714a5ea3d208c1"Get top 5 policy events in current subscription, selecting a subset of properties and customizing ordering.
az policy event list --top 5 --order-by "timestamp desc, policyAssignmentName asc" --select "timestamp, resourceId, policyAssignmentId, policySetDefinitionId, policyDefinitionId"Get policy events in current subscription during a custom time interval.
az policy event list --from "2018-03-08T00:00:00Z" --to "2018-03-15T00:00:00Z"Get policy events in current subscription filtering results based on some property values.
az policy event list --filter "(policyDefinitionAction eq 'deny' or policyDefinitionAction eq 'audit') and resourceLocation ne 'eastus'"Get number of policy events in current subscription.
az policy event list --apply "aggregate($count as numberOfRecords)"Get policy events in current subscription aggregating results based on some properties.
az policy event list --apply "groupby((policyAssignmentId, policyDefinitionId, policyDefinitionAction, resourceId), aggregate($count as numEvents))"Get policy events in current subscription grouping results based on some properties.
az policy event list --apply "groupby((policyAssignmentName, resourceId))"Get policy events in current subscription aggregating results based on some properties specifying multiple groupings.
az policy event list --apply "groupby((policyAssignmentId, policyDefinitionId, resourceId))/groupby((policyAssignmentId, policyDefinitionId), aggregate($count as numResourcesWithEvents))"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Apply expression for aggregations using OData notation.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
Filter expression using OData notation.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
ISO 8601 formatted timestamp specifying the start time of the interval to query.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
Name of management group.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Provider namespace (Ex: Microsoft.Provider).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Ordering expression using OData notation.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of policy assignment.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Name of policy definition.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Name of policy set definition.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Resource type (Ex: resourceTypeC).
| Property | Value |
|---|---|
| Parameter group: | Resource ID Arguments |
Select expression using OData notation.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
ISO 8601 formatted timestamp specifying the end time of the interval to query.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
Maximum number of records to return.
| Property | Value |
|---|---|
| Parameter group: | Query Option Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
