Get-AzActivityLog
Retrieve Activity Log events.
Syntax
Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-CorrelationId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceGroupName] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzActivityLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceProvider] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The Get-AzActivityLog cmdlet retrieve Activity Log events. The events can be associated with the current subscription ID, correlation ID, resource group, resource ID, or resource provider.
Examples
Example 1: Get an event log by subscription ID
Get-AzActivityLogThis command lists at most 1000 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 2: Get an event log by subscription ID with a maximum number of events
Get-AzActivityLog -MaxRecord 100This command lists at most 100 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 3: Get an event log by subscription ID with a start time.
Get-AzActivityLog -StartTime 2017-06-01T10:30This command lists at most 1000 events associated with the user's subscription ID that took place on or after 2017-06-01T10:30 local time if that date/time is not older than 90 days from the current date/time.
Example 4: Get an event log by subscription ID with a start time and end time.
Get-AzActivityLog -StartTime 2017-04-01T10:30 -EndTime 2017-04-14T11:30This command lists at most 1000 of the events associated with the user's subscription ID that took place on or after 2017-04-01T10:30 local time, and before 2017-04-14T11:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 5: Get an event log by correlation ID
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444"This command lists at most 1000 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 6: Get an event log by correlation ID with a maximum number of events
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -MaxRecord 100This command lists at most 100 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 7: Get an event log by correlation ID and start time
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -StartTime 2017-05-22T04:30:00This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time. NOTE: this is usually only one event.
Example 8: Get an event log by correlation ID with start time and end time
Get-AzActivityLog -CorrelationId "00001111-aaaa-2222-bbbb-3333cccc4444" -StartTime 2017-04-15T04:30:00 -EndTime 2017-04-25T12:30:00This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 9: Get an event log for a resource group
Get-AzActivityLog -ResourceGroupName "Contoso-Web-CentralUS"This command lists at most 1000 the events associated with the specified resource group that took place 7 days from the current date/time.
Example 10: Get an event log for a resource group with a maximum number of events
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -MaxRecord 100This command lists at most 100 events associated with the specified resource group that took place 7 days from the current date/time.
Example 11: Get an event log for a resource group by start time
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-05-22T04:30:00This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 12: Get an event log for a resource group with a start time and end time
Get-AzActivityLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 13: Get an event log by resource ID
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1"This command lists at most 1000 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 14: Get an event log by resource ID with a maximum number of events
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -MaxRecord 100This command lists at most 100 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 15: Get an event log by resource ID with a start time
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-05-22T04:30This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 16: Get an event log by resource ID with a start time and end time
Get-AzActivityLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 17: Get an event log by resource provider
Get-AzActivityLog -ResourceProvider "Microsoft.Web"This command lists at most 1000 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 18: Get an event log by resource provider with a maximum number of events
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -MaxRecord 100This command lists at most 100 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 19: Get an event log by resource provider with a start time
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -StartTime 2017-05-22T04:30This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 20: Get an event log by resource provider with a start time and end time
Get-AzActivityLog -ResourceProvider "Microsoft.Web" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Parameters
-Caller
The caller of the events to fetch
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-CorrelationId
The CorrelationId
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DetailedOutput
Return object with all the details of the events (the default is to return only some attributes, i.e. no detail)
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EndTime
The endTime of the query
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-MaxRecord
The maximum number of records to fetch. Alias: MaxRecords, MaxEvents
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
The resource group name
| Type: | String |
| Aliases: | ResourceGroup |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
The ResourceId
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceProvider
The ResourceProvider name
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-StartTime
The startTime of the query
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Status
The status of the events to fetch
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
Outputs
Azure PowerShell