AzureActivityV2
Azure activity logs.
Categories
- Audit
Solutions
- LogManagement
Resource types
- Azure activity Log V2
Columns
| Column | Type | Description |
|---|---|---|
| ActivityStatusValue | string | Status of the operation in display-friendly format. Common values include Started, In Progress, Succeeded, Failed, Active, Resolved. |
| ActivitySubstatusValue | string | Substatus of the operation in display-friendly format. E.g. OK (HTTP Status Code: 200). |
| Authorization | string | Blob of RBAC properties of the event. Usually includes the action, role, and scope properties. |
| AzureResourceGroup | string | Resource group name of the impacted resource. |
| AzureResourceId | string | Resource ID of the impacted resource. |
| AzureSubscriptionId | string | Subscription ID of the impacted resource. |
| AzureTenantId | string | The Azure tenant ID of the impacted resource. |
| Caller | string | Unique identifier of the caller. |
| CallerIpAddress | string | IP address of the user who has performed the operation UPN claim or SPN claim based on availability. |
| CategoryValue | string | Category of the activity log e.g. Administrative, Policy, Security. |
| Claims | string | The JWT token used by Active Directory to authenticate the user or application to perform this operation in Resource Manager. |
| CorrelationId | string | Usually a GUID in the string format. Events that share a correlationId belong to the same uber action. |
| Description | string | The description of the operation |
| EventDataId | string | Unique identifier of an event. |
| EventSubmissionTimestamp | datetime | Timestamp when the event became available for querying. |
| Hierarchy | string | Management group hierarchy of the management group or subscription that event belongs to. |
| HTTPRequest | string | Blob describing the Http Request. Usually includes the clientRequestId, clientIpAddress, and method (HTTP method. For example, PUT). |
| Level | string | Level of the event. One of the following values: Critical, Error, Warning, Informational and Verbose. |
| Misc | dynamic | Miscellaneous column for internal use. |
| MoboTenantId | string | ID of the activity logs workspace that stores this record. |
| OperationId | string | Unique identifier of the operation. |
| OperationNameValue | string | Identifier of the operation e.g. Microsoft.Storage/storageAccounts/listAccountSas/action. |
| PropertiedBackCompat | string | Set of <Key Value> pairs (i.e. Dictionary) describing the details of the event. Used for back compat with legacy activity logs |
| Properties | string | Set of <Key Value> pairs (i.e. Dictionary) describing the details of the event. |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| ResourceProviderValue | string | Id of the resource provider for the impacted resource - e.g. Microsoft.Storage. |
| SourceSystem | string | Azure is used always for AzureActivity. |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| TenantId | string | |
| TimeGenerated | datetime | Timestamp when the event was generated by the Azure service processing the request. |
| Type | string | The name of the table |