Access Azure Update Manager operations data using Azure Resource Graph
Logs created from operations like update assessments and installations are stored by Azure Update Manager in Azure Resource Graph. Resource Graph is a service in Azure designed to be the store for Azure service details without any cost or deployment requirements. Update Manager uses Resource Graph to store its results. You can view the most recent update assessment history for the last 7 days and update installations history for the last 30 days from the Resource Graph.
This article describes the structure of the logs from Update Manager and how you can use Azure Resource Graph Explorer to analyze them in support of your reporting, visualizing, and export needs.
Log structure
Update Manager sends the results of all its operations into Azure Resource Graph as logs, which are available for 30 days. Listed here are the structure of logs being sent to Azure Resource Graph.
Patch assessment results
The table patchassessmentresources includes resources related to machine patch assessment. The following table describes its properties.
| Property | Description |
|---|---|
ID |
The Azure Resource Manager ID forwarding the result. It's similar to the REST API path for Guest OS assessment. Typically, <resourcePath>/patchAssessmentResults/latest or <resourcePath>/patchAssessmentResults/latest/softwarePatches/<update>. |
NAME |
If the ID is of type <resourcePath>/patchAssessmentResults/latest, then the record contains the unique GUID for the assessment operation finished. If <resourcePath>/patchAssessmentResults/latest/softwarePatches/<update>, then the record contains the update name or label. |
TYPE |
Specifies the type of log for assessment. If the type is patchassessmentresults, then the record provides a summary of OS assessment with numerical aggregate statistics. If the type is patchassessmentresults/softwarepatches, then the record describes a specific OS update available for the resource. |
TENANTID |
Azure tenant ID for the Azure VM or Azure Arc-enabled server resource. |
KIND |
Intentionally left blank for future use. |
LOCATION |
Azure cloud region where the Azure VM or Azure Arc-enabled server resource exists. |
RESOURCEGROUP |
Azure resource group hosting the Azure VM or Azure Arc-enabled server resource. |
SUBSCRIPTIONID |
Azure subscription ID for the Azure VM or Azure Arc-enabled server resource. |
MANAGEDBY |
Intentionally left blank for future use. |
SKU |
Intentionally left blank for future use. |
PLAN |
Intentionally left blank for future use. |
PROPERTIES |
Captures details of operation in JSON format. More information follows this table. |
TAGS |
Intentionally left blank for future use. |
IDENTITY |
Intentionally left blank for future use. |
ZONES |
Intentionally left blank for future use. |
EXTENDEDLOCATION |
Intentionally left blank for future use. |
Description of the patchassessmentresources property
If the property for the resource type is patchassessmentresources, it includes the information in the following table.
| Value | Description |
|---|---|
rebootPending |
Flag to specify if the specific update requires the OS to reboot to finish installation. As provided by machine's OS update service or package manager. If your OS package manager or update service doesn't require a reboot, the value of the field is set to false. |
patchServiceUsed |
OS service used on the machine to install updates. WU-WSUS for Windows Update service or Windows Server Update Service. For Linux, it's the OS package manager like YUM, APT, or Zypper. |
osType |
Represents the type of operating system: Windows or Linux. |
startDateTime |
Timestamp (UTC) representing when the OS update assessment task started execution on the machine. |
lastModifiedDateTime |
Timestamp (UTC) representing when the record was last updated. |
startedBy |
Identifies if a user or an Azure service triggered the OS update installation. For more information on the operation, see Azure activity log. |
errorDetails |
First five error messages generated while executing update installation from the machine's OS package manager or update service. |
availablePatchCountByClassification |
Number of OS updates by the category that the specific updates belong to based on the OS vendor. The machine's OS update service or package manager generates the information. If the OS package manager or update service doesn't provide the detail of category, the value is Others (for Linux) or Updates (for Windows Server). |
If the property for the resource type is patchassessmentresults/softwarepatches, it includes the information in the following table.
| Value | Description |
|---|---|
lastModifiedDateTime |
Timestamp (UTC) representing when the record was last updated. |
publishedDateTime |
Timestamp representing when the specific update was made available by the OS vendor. The machine's OS update service or package manager generates the information. If your OS package manager or update service doesn't provide the detail of when an update was provided by OS vendor, the value is null. Currently this value is not available in case of Linux updates. |
classifications |
Category that the specific update belongs to according to the OS vendor. The machine's OS update service or package manager generates the information. If your OS package manager or update service doesn't provide the detail of category, the value is Others (for Linux) or Updates (for Windows Server). |
rebootRequired |
Value indicates if the specific update requires the OS to reboot to finish the installation. The machine's OS update service or package manager generates the information. If your OS package manager or update service doesn't require a reboot, the value is false. |
rebootBehavior |
Behavior set in the OS update installation runs the job when configuring the update deployment if Update Manager can reboot the target machine. |
patchName |
Name or label for the specific update generated by the machine's OS package manager or update service. |
Kbid |
If the machine's OS is Windows Server, the value includes the unique KB ID for the update provided by the Windows Update service. |
version |
If the machine's OS is Linux, the value includes the version details for the update as provided by the Linux package manager. For example, 1.0.1.el7.3. |
Patch installation results
The table patchinstallationresources includes resources related to machine patch assessment. The following table describes its properties.
| Property | Description |
|---|---|
ID |
The Azure Resource Manager ID forwarding the result. It's similar to the REST API path for Guest OS assessment. Typically, <resourcePath>/patchInstallationResults/<GUID> or <resourcePath>/patchAssessmentResults/latest/softwarePatches/<update>. |
NAME |
If the ID is of type <resourcePath>/patchInstallationResults, then the record contains unique GUID for the update operation finished. If <resourcePath>/patchInstallationResults/softwarePatches/<update>, then the record contains the update name or label being installed on the machine. |
TYPE |
Specifies the type of log for assessment. If type is patchinstallationresults, then the record provides a summary of OS installation with numerical aggregate statistics. If type is patchinstallationresults/softwarepatches, then the record describes a specific OS update installed for the resource. |
TENANTID |
Azure tenant ID for the Azure VM or Azure Arc-enabled server resource. |
KIND |
Intentionally left blank for future use. |
LOCATION |
Azure cloud region where the Azure VM or Azure Arc-enabled server resource exists. |
RESOURCEGROUP |
Azure resource group hosting the Azure VM or Azure Arc-enabled server resource. |
SUBSCRIPTIONID |
Azure subscription ID for the Azure VM or Azure Arc-enabled server resource. |
MANAGEDBY |
Intentionally left blank for future use. |
SKU |
Intentionally left blank for future use. |
PLAN |
Intentionally left blank for future use. |
PROPERTIES |
Captures details of operation in JSON format. More information follows this table. |
TAGS |
Intentionally left blank for future use. |
IDENTITY |
Intentionally left blank for future use. |
ZONES |
Intentionally left blank for future use. |
EXTENDEDLOCATION |
Intentionally left blank for future use. |
Description of the patchinstallationresults property
If the property for the resource type is patchinstallationresults, it includes the information in the following table.
| Value | Description |
|---|---|
installationActivityId |
Unique GUID for the OS update installation run. |
maintenanceWindowExceeded |
Values are True or False if the update installation run exceeded the defined maintenance window. |
lastModifiedDateTime |
Timestamp (UTC) representing when the record was last updated. |
notSelectedPatchCount |
Number of OS updates available on the machine not selected for installation in an update deployment. |
installedPatchCount |
Number of OS updates that were successfully installed that were specified in an update deployment. |
excludedPatchCount |
Number of OS updates available on the machine and excluded for installation in an update deployment. |
pendingPatchCount |
Number of OS updates still awaiting to be installed that were specified in an update deployment. |
patchServiceUsed |
OS service used on the machine to install updates. WU-WSUS for Windows Update service or Windows Server Update Service. For Linux, it's the OS package manager like YUM, APT, or Zypper. |
failedPatchCount |
Number of OS updates that failed to successfully get installed that were specified in an update deployment. |
startDateTime |
Timestamp (UTC) representing when the OS update installation task started execution on the machine. |
rebootStatus |
Information from the OS update service or package manager if the OS needs to be restarted to finish the update installation. Status values are NotNeeded (no restart is needed), Required (OS restart is needed for completion), Started (restart was initiated), Failed (OS couldn't be restarted), and Completed (restart was done successfully). |
startedBy |
Identifies if a user or an Azure service triggered the OS update installation. For more information on the operation, see Azure activity log. |
status |
Status of the OS update installation run. Values can be NotStarted, InProgress, Failed, Succeeded, and CompletedWithWarnings. The update installation run is deemed Failed status if one or more OS update installations is unsuccessful. |
osType |
Represents the type of operating system: Windows or Linux. |
errorDetails |
Includes the first five error messages generated while running update installation from the machine's OS package manager or update service. |
maintenanceRunId |
This value is used as a maintenance run identifier for Auto VM Guest Patching or schedule run ID instead of recurring updates. |
If the property for the resource type is patchinstallationresults/softwarepatches, it includes the information in the following table.
| Value | Description |
|---|---|
installationState |
Installation status for the specific OS update. Values are Installed, Failed, Pending, NotSelected, and Excluded. |
lastModifiedDateTime |
Timestamp (UTC) representing when the record was last updated. |
publishedDateTime |
Timestamp representing when the specific update was made available by the OS vendor. The machine's OS update service or package manager generates the information. If your OS package manager or update service doesn't provide the detail of when an update was provided by the OS vendor, the value is null. |
classifications |
Category that the specific update belongs to according to the OS vendor as provided by the machine's OS update service or package manager. If your OS package manager or update service doesn't provide the detail of category, the value of the field is Others (for Linux) and Updates (for Windows Server). |
rebootRequired |
Flag to specify if the specific update requires the OS to reboot to finish the installation, as provided by the machine's OS update service or package manager. If your OS package manager or update service doesn't provide information regarding need of OS reboot, the value of the field is set to false. |
rebootBehavior |
Behavior set in the OS update installation runs the job by user, regarding allowing Update Manager to reboot the OS. |
patchName |
Name or label for the specific update as provided by the machine's OS package manager or update service. |
Kbid |
If the machine's OS is Windows Server, the value includes the unique KB ID for the update provided by the Windows Update service. |
version |
If the machine's OS is Linux, the value includes the version details for the update as provided by the Linux package manager. For example, 1.0.1.el7.3. |
Maintenance resources
The table maintenanceresources includes resources related to maintenance configuration. The following table describes its properties.
| Property | Description |
|---|---|
ID |
The Azure Resource Manager ID forwarding the result. It's similar to the REST API path for creating a maintenance configuration. |
NAME |
If the ID is of type <resourcePath>/applyupdates, then the record contains a unique GUID for the maintenance run. If <resourcePath>/configurationassignments, then the record contains the assignment of maintenance configuration to an Azure or Azure Arc VM. |
TYPE |
Specifies the type of log for assessment. If type is applyupdates, then the record provides details of the maintenance run record at machine level. If type is configurationassignments, then the record describes the link between an Azure VM or Azure Arc VM and a maintenance configuration. |
TENANTID |
Azure tenant ID for the Azure VM or Azure Arc-enabled server resource. |
KIND |
Intentionally left blank for future use. |
LOCATION |
Pure cloud region where the Azure VM or Azure Arc-enabled server resource exists. |
RESOURCEGROUP |
Azure resource group hosting the Azure VM or Azure Arc-enabled server resource. |
SUBSCRIPTIONID |
Azure subscription ID for the Azure VM or Azure Arc-enabled server resource. |
MANAGEDBY |
Intentionally left blank for future use. |
SKU |
Intentionally left blank for future use. |
PLAN |
Intentionally left blank for future use. |
PROPERTIES |
Captures details of operation in JSON format. More information follows this table. |
TAGS |
Intentionally left blank for future use. |
IDENTITY |
Intentionally left blank for future use. |
ZONES |
Intentionally left blank for future use. |
EXTENDEDLOCATION |
Intentionally left blank for future use. |
Description of the applyupdates property
If the property for the resource type is applyupdates, it includes the information in the following table.
| Value | Description |
|---|---|
maintenanceConfigurationId |
Azure Resource Manager ID of applied maintenance configuration. |
maintenanceScope |
Maintenance scope of applied maintenance configuration. |
resourceId |
Azure Resource Manager template resource ID of ARC/Azure VM. |
correlationId |
Schedule run ID of maintenance/schedule run. This information can be used to find all the VMs that were part of the same schedule. |
startDateTime |
Start date and time of a schedule. |
endDateTime |
End date and time of a schedule. |
If the property for the resource type is configurationassignments, it includes the information in the following table.
| Value | Description |
|---|---|
resourceId |
Azure Resource Manager resource ID of ARC/Azure VM |
maintenanceConfigurationId |
Azure Resource Manager ID of the applied maintenance configuration |
Next steps
- For sample queries to access Azure Update Manager operations data, see Sample Azure Resource Graph queries to access Azure Update Manager operations data.
- To troubleshoot issues with Azure Update Manager, see Troubleshoot issues with Azure Update Manager.