Get-AzActivityLog
Retrieve Activity Log events.
Syntax
GetBySubscription (Default)
Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
GetByCorrelationId
Get-AzActivityLog
[-CorrelationId] <String>
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
GetByResourceGroup
Get-AzActivityLog
[-ResourceGroupName] <String>
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
GetByResourceId
Get-AzActivityLog
[-ResourceId] <String>
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
GetByResourceProvider
Get-AzActivityLog
[-ResourceProvider] <String>
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzActivityLog cmdlet retrieve Activity Log events. The events can be associated with the current subscription ID, correlation ID, resource group, resource ID, or resource provider.
Examples
Example 1: Get an event log by subscription ID
Get-AzActivityLog
This command lists at most 1000 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 2: Get an event log by subscription ID with a maximum number of events
Get-AzActivityLog -MaxRecord 100
This command lists at most 100 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 3: Get an event log by subscription ID with a start time.
Get-AzActivityLog -StartTime 2017-06-01T10:30
This command lists at most 1000 events associated with the user's subscription ID that took place on or after 2017-06-01T10:30 local time if that date/time is not older than 90 days from the current date/time.
Example 4: Get an event log by subscription ID with a start time and end time.
Get-AzActivityLog -StartTime 2017-04-01T10:30 -EndTime 2017-04-14T11:30
This command lists at most 1000 of the events associated with the user's subscription ID that took place on or after 2017-04-01T10:30 local time, and before 2017-04-14T11:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 5: Get an event log by correlation ID
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444"
This command lists at most 1000 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 6: Get an event log by correlation ID with a maximum number of events
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -MaxRecord 100
This command lists at most 100 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 7: Get an event log by correlation ID and start time
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -StartTime 2017-05-22T04:30:00
This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time. NOTE: this is usually only one event.
Example 8: Get an event log by correlation ID with start time and end time
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -StartTime 2017-04-15T04:30:00 -EndTime 2017-04-25T12:30:00
This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 9: Get an event log for a resource group
Get-AzActivityLog -ResourceGroupName "Contoso-Web-CentralUS"
This command lists at most 1000 the events associated with the specified resource group that took place 7 days from the current date/time.
Example 10: Get an event log for a resource group with a maximum number of events
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -MaxRecord 100
This command lists at most 100 events associated with the specified resource group that took place 7 days from the current date/time.
Example 11: Get an event log for a resource group by start time
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-05-22T04:30:00
This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 12: Get an event log for a resource group with a start time and end time
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 13: Get an event log by resource ID
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1"
This command lists at most 1000 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 14: Get an event log by resource ID with a maximum number of events
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -MaxRecord 100
This command lists at most 100 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 15: Get an event log by resource ID with a start time
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-05-22T04:30
This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 16: Get an event log by resource ID with a start time and end time
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 17: Get an event log by resource provider
Get-AzActivityLog -ResourceProvider "Microsoft.Web"
This command lists at most 1000 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 18: Get an event log by resource provider with a maximum number of events
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -MaxRecord 100
This command lists at most 100 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 19: Get an event log by resource provider with a start time
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -StartTime 2017-05-22T04:30
This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 20: Get an event log by resource provider with a start time and end time
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Parameters
-Caller
The caller of the events to fetch
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-CorrelationId
The CorrelationId
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetByCorrelationId
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DetailedOutput
Return object with all the details of the events (the default is to return only some attributes, i.e. no detail)
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-EndTime
The endTime of the query
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-MaxRecord
The maximum number of records to fetch. Alias: MaxRecords, MaxEvents
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ResourceGroupName
The resource group name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ResourceGroup |
Parameter sets
GetByResourceGroup
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ResourceId
The ResourceId
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetByResourceId
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-ResourceProvider
The ResourceProvider name
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetByResourceProvider
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-StartTime
The startTime of the query
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Status
The status of the events to fetch
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
