Get-AzureRmLog
Gets a log of events.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
Get-AzureRmLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-CorrelationId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzureRmLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzureRmLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceGroupName] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzureRmLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceProvider] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Get-AzureRmLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
The Get-AzureRmLog cmdlet gets a log of events. The events can be associated with the current subscription ID, correlation ID, resource group, resource ID, or resource provider.
Examples
Example 1: Get an event log by subscription ID
PS C:\>Get-AzureRmLogThis command lists at most 1000 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 2: Get an event log by subscription ID with a maximum number of events
PS C:\>Get-AzureRmLog -MaxEvents 100This command lists at most 100 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 3: Get an event log by subscription ID with a start time.
PS C:\>Get-AzureRmLog -StartTime 2017-06-01T10:30This command lists at most 1000 events associated with the user's subscription ID that took place on or after 2017-06-01T10:30 local time if that date/time is not older than 90 days from the current date/time.
Example 4: Get an event log by subscription ID with a start time and end time.
PS C:\>Get-AzureRmLog -StartTime 2017-04-01T10:30 -EndTime 2017-04-14T11:30This command lists at most 1000 of the events associated with the user's subscription ID that took place on or after 2017-04-01T10:30 local time, and before 2017-04-14T11:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 5: Get an event log by correlation ID
PS C:\>Get-AzureRmLog -CorrelationId "60c694d0-e46f-4c12-bed1-9b7aef541c23"This command lists at most 1000 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 6: Get an event log by correlation ID with a maximum number of events
PS C:\>Get-AzureRmLog -CorrelationId "60c694d0-e46f-4c12-bed1-9b7aef541c23" -MaxEvents 100This command lists at most 100 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 7: Get an event log by correlation ID and start time
PS C:\>Get-AzureRmLog -CorrelationId "60c694d0-e46f-4c12-bed1-9b7aef541c23" -StartTime 2017-05-22T04:30:00This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time. NOTE: this is usually only one event.
Example 8: Get an event log by correlation ID with start time and end time
PS C:\>Get-AzureRmLog -CorrelationId "60c694d0-e46f-4c12-bed1-9b7aef541c23" -StartTime 2017-04-15T04:30:00 -EndTime 2017-04-25T12:30:00This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 9: Get an event log for a resource group
PS C:\>Get-AzureRmLog -ResourceGroupName "Contoso-Web-CentralUS"This command lists at most 1000 the events associated with the specified resource group that took place 7 days from the current date/time.
Example 10: Get an event log for a resource group with a maximum number of events
PS C:\>Get-AzureRmLog -ResourceGroup "Contoso-Web-CentralUS" -MaxEvents 100This command lists at most 100 events associated with the specified resource group that took place 7 days from the current date/time.
Example 11: Get an event log for a resource group by start time
PS C:\>Get-AzureRmLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-05-22T04:30:00This command lists at most 1000 evetns associated with the specified resource group that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 12: Get an event log for a resource group with a start time and end time
PS C:\>Get-AzureRmLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 13: Get an event log by resource ID
PS C:\>Get-AzureRmLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1"This command lists at most 1000 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 14: Get an event log by resource ID with a maximum number of events
PS C:\>Get-AzureRmLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -MaxEvents 100This command lists at most 100 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 15: Get an event log by resource ID with a start time
PS C:\>Get-AzureRmLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-05-22T04:30This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 16: Get an event log by resource ID with a start time and end time
PS C:\>Get-AzureRmLog -ResourceId "/subscriptions/623d50f1-4fa8-4e46-a967-a9214aed43ab/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 17: Get an event log by resource provider
PS C:\>Get-AzureRmLog -ResourceProvider "Microsoft.Web"This command lists at most 1000 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 18: Get an event log by resource provider with a maximum number of events
PS C:\>Get-AzureRmLog -ResourceProvider "Microsoft.Web" -MaxEvents 100This command lists at most 100 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 19: Get an event log by resource provider with a start time
PS C:\>Get-AzureRmLog -ResourceProvider "Microsoft.Web" -StartTime 2017-05-22T04:30This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 20: Get an event log by resource provider with a start time and end time
PS C:\>Get-AzureRmLog -ResourceProvider "Microsoft.Web" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Parameters
-Caller
Specifies a caller.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-CorrelationId
Specifies the correlation ID. This parameter is required.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DetailedOutput
Indicates that this cmdlet displays detailed output. By default, output is summarized.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | Switch not present = False, i.e. output summarized |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-EndTime
Specifies the end time of the query in local time. The default value is the current time. The value must be later than StartTime. You can use the Get-Date cmdlet to get a DateTime object.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | Current date (time: 00:00:00 AM) + 1 day |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-MaxRecord
Specifies the total number of records to fetch for the specified filter. The default value is 1000 and the maximum value accepted is 100000. Negative values and 0 are ignored and the default value will be used.
| Type: | Int32 |
| Position: | Named |
| Default value: | 1000 |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
Specifies the name of the resource group.
| Type: | String |
| Aliases: | ResourceGroup |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
Specifies the resource ID.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceProvider
Specifies a filter by resource provider.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-StartTime
Specifies the start time of the query in local time. The default value is EndTime minus seven days. You can use the Get-Date cmdlet to get a DateTime object.
| Type: | Nullable<T>[DateTime] |
| Position: | Named |
| Default value: | EndTime - 7 days |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Status
Specifies the status.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.DateTime, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]