Edit

Share via

Configure Azure activity log export

This article outlines the steps to successfully configure Azure activity log export. This article also provides solutions to common issues that you might experience, especially if you're transitioning from older methods.

Configuring activity log export

To configure Azure activity log export, follow these steps.

Step 1: Verify current configuration

  1. Go to the Azure portal, and access the Activity Logs section.
  2. Check the current export settings to make sure that they align with your requirements.

Step 2: Update legacy methods

  1. If you're using legacy APIs, PowerShell commands, or log profiles, update them to use diagnostic settings.
  2. Use the Get-AzOperationalInsightsDataSource command to verify existing data sources.

Step 3: Configure new export settings

  1. Select Activity log > Export Activity Logs.
  2. Find and select the subscription, and then select Add diagnostic setting.
  3. In the Diagnostic setting name box, enter a name.
  4. Select all applicable categories and then select Save.

Note

It usually takes about 30 minutes for the export to begin. For more information, see Time before telemetry gets to destination.

Common issues and solutions

  • Issue: Logs aren't appearing in configured destinations.
  • Solution: See the following guidance for log analytics, event hubs, and storage accounts.

For log analytics

  1. Navigate to Log Analytics workspaces.
  2. Select the workspace and then run the following query:
AzureActivity
| summarize count() by bin(TimeGenerated,1d)

This should determine the number of logs per day that are being ingested into this workspace.

For event hubs

  1. Navigate to Event Hubs.
  2. Select the event hub and then select Data Explorer.
  3. Verify the logs are reaching the event hub.

If the logs aren't reaching the event hub, check for throttling using a metrics blade.

For storage accounts

  1. Navigate to Storage center | Storage accounts (Blobs).
  2. Locate and select the insights-activity-logs container.

The logs should be visible.

Frequently asked questions

Q1: Why don't the logs appear in the destination?

A1: Make sure that the network is well connected, and verify the permissions for Log Analytics workspace.

Q2: Why do errors appear in the PowerShell commands?

A2: Make sure that you're using the latest Azure PowerShell module.

References

Contact us for help

If you have questions, you can ask Azure community support. You can also submit product feedback to Azure feedback community.

  • Last updated on