az monitor activity-log

Manage activity logs.

Commands

az monitor activity-log alert

Manage activity log alerts.

az monitor activity-log alert action-group

Manage action groups for activity log alerts.

az monitor activity-log alert action-group add

Add action groups to this activity log alert. It can also be used to overwrite existing webhook properties of particular action groups.

az monitor activity-log alert action-group remove

Remove action groups from this activity log alert.

az monitor activity-log alert create

Create a default activity log alert.

az monitor activity-log alert delete

Delete an activity log alert.

az monitor activity-log alert list

List activity log alerts under a resource group or the current subscription.

az monitor activity-log alert scope

Manage scopes for activity log alerts.

az monitor activity-log alert scope add

Add scopes to this activity log alert.

az monitor activity-log alert scope remove

Removes scopes from this activity log alert.

az monitor activity-log alert show

Get an activity log alert.

az monitor activity-log alert update

Update the details of this activity log alert.

az monitor activity-log list

List and query activity log events.

az monitor activity-log list-categories

List the event categories of activity logs.

az monitor activity-log list

List and query activity log events.

az monitor activity-log list [--caller]
                             [--correlation-id]
                             [--end-time]
                             [--filters]
                             [--max-events]
                             [--namespace]
                             [--offset]
                             [--query-examples]
                             [--resource-group]
                             [--resource-id]
                             [--select {authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId}]
                             [--start-time]
                             [--status]
                             [--subscription]

Examples

List all events from July 1st, looking forward one week.

az monitor activity-log list --start-time 2018-07-01 --offset 7d

List events within the past six hours based on a correlation ID.

az monitor activity-log list --correlation-id b5eac9d2-e829-4c9a-9efb-586d19417c5f

List events within the past hour based on resource group.

az monitor activity-log list -g {ResourceGroup} --offset 1h

Optional Parameters

--caller

Caller to query for, such as an e-mail address or service principal ID.

--correlation-id

Correlation ID to query.

--end-time

End time of the query. Defaults to the current time. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--filters

OData filters. Will ignore other filter arguments.

--max-events

Maximum number of records to return.

default value: 50
--namespace

Resource provider namespace.

--offset

Time offset of the query range, in ##d##h format.

default value: 6h
--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-id

ARM ID of a resource.

--select

Space-separated list of properties to return.

accepted values: authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId
--start-time

Start time of the query. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--status

Status to query for (ex: Failed).

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az monitor activity-log list-categories

List the event categories of activity logs.

az monitor activity-log list-categories [--subscription]

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.