az policy event

Manage policy events.

Commands

Name	Description	Type	Status
az policy event list	List policy events.	Core	GA

az policy event list

Experimental Preview Deprecated

List policy events.

az policy event list [--apply]
                     [--filter]
                     [--from]
                     [--management-group]
                     [--namespace]
                     [--order-by]
                     [--parent]
                     [--policy-assignment]
                     [--policy-definition]
                     [--policy-set-definition]
                     [--resource]
                     [--resource-group]
                     [--resource-type]
                     [--select]
                     [--to]
                     [--top]

Examples

Get policy events at current subscription scope created in the last day.

az policy event list

Get policy events at management group scope.

az policy event list -m "myMg"

Get policy events at resource group scope in current subscription.

az policy event list -g "myRg"

Get policy events for a resource using resource ID.

az policy event list --resource "/subscriptions/fff10b27-fff3-fff5-fff8-fffbe01e86a5/resourceGroups/myResourceGroup /providers/Microsoft.EventHub/namespaces/myns1/eventhubs/eh1/consumergroups/cg1"

Get policy events for a resource using resource name.

az policy event list --resource "myKeyVault" --namespace "Microsoft.KeyVault" --resource-type "vaults" -g "myresourcegroup"

Get policy events for a nested resource using resource name.

az policy event list --resource "myRule1" --namespace "Microsoft.Network" --resource-type "securityRules" --parent "networkSecurityGroups/mysecuritygroup1" -g "myresourcegroup"

Get policy events for a policy set definition in current subscription.

az policy event list -s "fff58873-fff8-fff5-fffc-fffbe7c9d697"

Get policy events for a policy definition in current subscription.

az policy event list -d "fff69973-fff8-fff5-fffc-fffbe7c9d698"

Get policy events for a policy assignment in current subscription.

az policy event list -a "ddd8ef92e3714a5ea3d208c1"

Get policy events for a policy assignment in the specified resource group in current subscription.

az policy event list -g "myRg" -a "ddd8ef92e3714a5ea3d208c1"

Get top 5 policy events in current subscription, selecting a subset of properties and customizing ordering.

az policy event list --top 5 --order-by "timestamp desc, policyAssignmentName asc" --select "timestamp, resourceId, policyAssignmentId, policySetDefinitionId, policyDefinitionId"

Get policy events in current subscription during a custom time interval.

az policy event list --from "2018-03-08T00:00:00Z" --to "2018-03-15T00:00:00Z"

Get policy events in current subscription filtering results based on some property values.

az policy event list --filter "(policyDefinitionAction eq 'deny' or policyDefinitionAction eq 'audit') and resourceLocation ne 'eastus'"

Get number of policy events in current subscription.

az policy event list --apply "aggregate($count as numberOfRecords)"

Get policy events in current subscription aggregating results based on some properties.

az policy event list --apply "groupby((policyAssignmentId, policyDefinitionId, policyDefinitionAction, resourceId), aggregate($count as numEvents))"

Get policy events in current subscription grouping results based on some properties.

az policy event list --apply "groupby((policyAssignmentName, resourceId))"

Get policy events in current subscription aggregating results based on some properties specifying multiple groupings.

az policy event list --apply "groupby((policyAssignmentId, policyDefinitionId, resourceId))/groupby((policyAssignmentId, policyDefinitionId), aggregate($count as numResourcesWithEvents))"

Required Parameters

Optional Parameters

--apply

Experimental Preview Deprecated

Apply expression for aggregations using OData notation.

--filter

Experimental Preview Deprecated

Filter expression using OData notation.

--from

Experimental Preview Deprecated

ISO 8601 formatted timestamp specifying the start time of the interval to query.

--management-group -m

Experimental Preview Deprecated

Name of management group.

--namespace

Experimental Preview Deprecated

Provider namespace (Ex: Microsoft.Provider).

--order-by

Experimental Preview Deprecated

Ordering expression using OData notation.

--parent

Experimental Preview Deprecated

The parent path (Ex: resourceTypeA/nameA/resourceTypeB/nameB).

--policy-assignment -a

Experimental Preview Deprecated

Name of policy assignment.

--policy-definition -d

Experimental Preview Deprecated

Name of policy definition.

--policy-set-definition -s

Experimental Preview Deprecated

Name of policy set definition.

--resource

Experimental Preview Deprecated

Resource ID or resource name. If a name is given, please provide the resource group and other relevant resource id arguments.

--resource-group -g

Experimental Preview Deprecated

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-type

Experimental Preview Deprecated

Resource type (Ex: resourceTypeC).

--select

Experimental Preview Deprecated

Select expression using OData notation.

--to

Experimental Preview Deprecated

ISO 8601 formatted timestamp specifying the end time of the interval to query.

--top

Experimental Preview Deprecated

Maximum number of records to return.

Global Parameters

--debug

Experimental Preview Deprecated

Increase logging verbosity to show all debug logs.

--help -h

Experimental Preview Deprecated

Show this help message and exit.

--only-show-errors

Experimental Preview Deprecated

Only show errors, suppressing warnings.

--output -o

Experimental Preview Deprecated

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

Experimental Preview Deprecated

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Experimental Preview Deprecated

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Experimental Preview Deprecated

Increase logging verbosity. Use --debug for full debug logs.