Activity Logs - List

Service:

Monitor

API Version:

2015-04-01

활동 로그의 레코드 목록을 제공합니다.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}&$select={$select}

URI 매개 변수

Name	In(다음 안에)	필수	형식	Description
subscriptionId	path	True	string	대상 구독의 ID입니다.
$filter	query	True	string	수집된 데이터 집합을 줄입니다. 이 인수는 필수이며 적어도 시작 날짜/시간이 필요합니다. $filter 인수는 매우 제한되며 다음 패턴만 허용합니다. - 리소스 그룹에 대한 이벤트 나열: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' 및 이벤트Timestamp le '2014-07-20T04:36:37.6407898Z' 및 resourceGroupName eq 'resourceGroupName'. - 리소스에 대한 이벤트 나열: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' 및 eventTimestamp le '2014-07-20T04:36:37.6407898Z' 및 resourceUri eq 'resourceURI'. - 시간 범위의 구독에 대한 이벤트 나열: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' 및 eventTimestamp le '2014-07-20T04:36:37.6407898Z'. - 리소스 공급자에 대한 이벤트 나열: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' 및 eventTimestamp le '2014-07-20T04:36:37.6407898Z' 및 resourceProvider eq 'resourceProviderName'. - 상관 관계 ID에 대한 이벤트 나열: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' 및 eventTimestamp le '2014-07-20T04:36:37.6407898Z' 및 correlationId eq 'correlationID'. 참고: 다른 구문은 허용되지 않습니다.
api-version	query	True	string	이 작업에 사용할 API 버전입니다.
$select	query		string	지정된 속성만 사용하여 이벤트를 가져오는 데 사용됩니다. $select 인수는 반환할 속성 이름의 쉼표로 구분된 목록입니다. 가능한 값은 권한 부여, 클레임, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, level, operationId, operationName, properties, resourceGroupName, resourceProviderName, resourceId, 상태, submissionTimestamp, subStatus, subscriptionId

응답

Name	형식	Description
200 OK	EventDataCollection	활동 로그에서 이벤트 페이지를 가져오기 위한 성공적인 요청
Other Status Codes	ErrorResponse	작업이 실패한 이유를 설명하는 오류 응답입니다.

보안

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	사용자 계정 가장

예제

Get Activity Logs with filter

Get Activity Logs with filter and select

Get Activity Logs with filter

Sample Request

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
     */
    /**
     * Sample code: Get Activity Logs with filter.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilter(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilter() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			Description: to.Ptr(""),
		// 			Authorization: &armmonitor.SenderAuthorization{
		// 				Action: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Role: to.Ptr("Subscription Admin"),
		// 				Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"),
		// 			},
		// 			Caller: to.Ptr("admin@contoso.com"),
		// 			Claims: map[string]*string{
		// 				"name": to.Ptr("John Smith"),
		// 				"appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
		// 				"appidacr": to.Ptr("2"),
		// 				"aud": to.Ptr("https://management.core.windows.net/"),
		// 				"exp": to.Ptr("1421880271"),
		// 				"groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
		// 				"http://schemas.microsoft.com/claims/authnclassreference": to.Ptr("1"),
		// 				"http://schemas.microsoft.com/claims/authnmethodsreferences": to.Ptr("pwd"),
		// 				"http://schemas.microsoft.com/identity/claims/objectidentifier": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
		// 				"http://schemas.microsoft.com/identity/claims/scope": to.Ptr("user_impersonation"),
		// 				"http://schemas.microsoft.com/identity/claims/tenantid": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": to.Ptr("John"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": to.Ptr("admin@contoso.com"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": to.Ptr("Smith"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": to.Ptr("admin@contoso.com"),
		// 				"iat": to.Ptr("1421876371"),
		// 				"iss": to.Ptr("https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/"),
		// 				"nbf": to.Ptr("1421876371"),
		// 				"puid": to.Ptr("20030000801A118C"),
		// 				"ver": to.Ptr("1.0"),
		// 			},
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			HTTPRequest: &armmonitor.HTTPRequestInfo{
		// 				Method: to.Ptr("PUT"),
		// 				ClientIPAddress: to.Ptr("192.168.35.115"),
		// 				ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
		// 			},
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			Properties: map[string]*string{
		// 				"statusCode": to.Ptr("Created"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubStatus: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
		// 				Value: to.Ptr("Created"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 			SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
 */
async function getActivityLogsWithFilter() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Monitor;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

Sample Response

Status code:

200

{
  "value": [
    {
      "authorization": {
        "action": "microsoft.support/supporttickets/write",
        "role": "Subscription Admin",
        "scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
      },
      "caller": "admin@contoso.com",
      "claims": {
        "aud": "https://management.core.windows.net/",
        "iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "iat": "1421876371",
        "nbf": "1421876371",
        "exp": "1421880271",
        "ver": "1.0",
        "http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
        "http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
        "http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
        "puid": "20030000801A118C",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
        "name": "John Smith",
        "groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@contoso.com",
        "appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
        "appidacr": "2",
        "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
        "http://schemas.microsoft.com/claims/authnclassreference": "1"
      },
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "description": "",
      "eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "httpRequest": {
        "clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
        "clientIpAddress": "192.168.35.115",
        "method": "PUT"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "level": "Informational",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "properties": {
        "statusCode": "Created"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "subStatus": {
        "value": "Created",
        "localizedValue": "Created (HTTP Status Code: 201)"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

Get Activity Logs with filter and select

Sample Request

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
     * GetActivityLogsFilteredAndSelected.json
     */
    /**
     * Sample code: Get Activity Logs with filter and select.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilterAndSelect(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilterAndSelect() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
 */
async function getActivityLogsWithFilterAndSelect() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const select =
    "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
  const options = { select };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter, options)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Monitor;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
string select = "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter, select: select))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

Sample Response

Status code:

200

{
  "value": [
    {
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "level": "Informational"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

정의

Name	Description
ErrorResponse	오류 응답의 형식을 설명합니다.
EventData	Azure 이벤트 로그 항목은 EventData 형식입니다.
EventDataCollection	이벤트 컬렉션을 나타냅니다.
EventLevel	이벤트 수준
HttpRequestInfo	Http 요청 정보입니다.
LocalizableString	지역화 가능한 문자열 클래스입니다.
SenderAuthorization	이 이벤트로 이어진 작업을 수행한 사용자가 사용하는 권한 부여입니다. 그러면 이벤트의 RBAC 속성이 캡처됩니다. 여기에는 일반적으로 'action', 'role' 및 'scope'가 포함됩니다.

ErrorResponse

오류 응답의 형식을 설명합니다.

Name	형식	Description
code	string	오류 코드
message	string	작업이 실패한 이유를 나타내는 오류 메시지입니다.

EventData

Azure 이벤트 로그 항목은 EventData 형식입니다.

Name	형식	Description
authorization	SenderAuthorization	보낸 사람 권한 부여 정보입니다.
caller	string	작업을 수행한 사용자의 이메일 주소, 가용성에 따라 UPN 클레임 또는 SPN 클레임입니다.
category	LocalizableString	이벤트 범주입니다.
claims	object	ARM 권한을 식별하는 키 값 쌍입니다.
correlationId	string	일반적으로 문자열 형식의 GUID인 상관 관계 ID입니다. 상관 관계 ID는 동일한 uber 작업에 속하는 이벤트 간에 공유됩니다.
description	string	이벤트에 대한 설명입니다.
eventDataId	string	이벤트 데이터 ID입니다. 이벤트에 대한 고유 식별자입니다.
eventName	LocalizableString	이벤트 이름입니다. 이 값은 OperationName과 혼동해서는 안 됩니다. 실용적인 목적을 위해 OperationName은 최종 사용자에게 더 매력적일 수 있습니다.
eventTimestamp	string	Azure 서비스에서 해당 이벤트에 해당하는 요청을 처리하여 이벤트를 생성한 시기의 타임스탬프입니다. ISO 8601 형식입니다.
httpRequest	HttpRequestInfo	HTTP 요청 정보입니다. 일반적으로 'clientRequestId', 'clientIpAddress'(이벤트를 시작한 사용자의 IP 주소) 및 'method'(HTTP 메서드 예: PUT)가 포함됩니다.
id	string	RBAC용 ARM에 필요한 이 이벤트의 ID입니다. EventDataID 및 타임스탬프 정보를 포함합니다.
level	EventLevel	이벤트 수준
operationId	string	일반적으로 단일 작업에 해당하는 이벤트 간에 공유되는 GUID입니다. 이 값은 EventName과 혼동해서는 안 됩니다.
operationName	LocalizableString	작업 이름입니다.
properties	object	이벤트에 대한 세부 정보를 포함하는 키, 값> 쌍(일반적으로 사전<문자열, 문자열>) 집합<입니다.
resourceGroupName	string	영향을 받은 리소스의 리소스 그룹 이름입니다.
resourceId	string	이 이벤트를 발생시킨 리소스를 고유하게 식별하는 리소스 URI입니다.
resourceProviderName	LocalizableString	영향을 받은 리소스의 리소스 공급자 이름입니다.
resourceType	LocalizableString	리소스 종류
status	LocalizableString	작업의 상태 설명하는 문자열입니다. 몇 가지 일반적인 값은 시작됨, 진행 중, 성공, 실패, 해결됨입니다.
subStatus	LocalizableString	이벤트 하위 상태. 대부분의 경우 포함되는 경우 REST 호출의 HTTP 상태 코드를 캡처합니다. 일반적인 값은 OK(HTTP 상태 코드: 200), 생성됨(HTTP 상태 코드: 201), 수락됨(HTTP 상태 코드: 202), 콘텐츠 없음(HTTP 상태 코드: 204), 잘못된 요청(HTTP 상태 코드: 40) 0), 찾을 수 없음(HTTP 상태 코드: 404), 충돌(HTTP 상태 코드: 409), 내부 서버 오류(HTTP 상태 코드: 500), 서비스를 사용할 수 없음(HTTP 상태 코드:503), 게이트웨이 시간 제한(HTTP 상태 코드: 504)
submissionTimestamp	string	이 API를 통해 쿼리에 이벤트를 사용할 수 있게 된 시기의 타임스탬프입니다. ISO 8601 형식입니다. 이 값은 eventTimestamp를 혼동해서는 안 됩니다. 이벤트의 발생 시간과 이벤트가 Azure 로깅 인프라에 제출되는 시간 사이에 지연이 있을 수 있습니다.
subscriptionId	string	Azure 구독 ID는 일반적으로 GUID입니다.
tenantId	string	Azure 테넌트 ID

EventDataCollection

이벤트 컬렉션을 나타냅니다.

Name	형식	Description
nextLink	string	다음 이벤트 집합을 검색하는 링크를 제공합니다.
value	EventData[]	Azure 감사 로그를 포함하는 이 목록입니다.

EventLevel

이벤트 수준

Name	형식	Description
Critical	string
Error	string
Informational	string
Verbose	string
Warning	string

HttpRequestInfo

Http 요청 정보입니다.

Name	형식	Description
clientIpAddress	string	클라이언트 IP 주소
clientRequestId	string	클라이언트 요청 ID입니다.
method	string	Http 요청 메서드입니다.
uri	string	Uri입니다.

LocalizableString

지역화 가능한 문자열 클래스입니다.

Name	형식	Description
localizedValue	string	로캘별 값입니다.
value	string	고정 값입니다.

SenderAuthorization

이 이벤트로 이어진 작업을 수행한 사용자가 사용하는 권한 부여입니다. 그러면 이벤트의 RBAC 속성이 캡처됩니다. 여기에는 일반적으로 'action', 'role' 및 'scope'가 포함됩니다.

Name	형식	Description
action	string	허용되는 작업입니다. instance 경우: microsoft.support/supporttickets/write
role	string	사용자의 역할입니다. instance 경우: 구독 관리
scope	string	scope.