Activity Logs - List

Servicio:

Monitor

Versión de la API:

2015-04-01

Proporciona la lista de registros de los registros de actividad.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}

Con parámetros opcionales:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}&$select={$select}

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
subscriptionId	path	True	string	Identificador de la suscripción de destino.
$filter	query	True	string	Reduce el conjunto de datos recopilados. Este argumento es necesario y también requiere al menos la fecha y la hora de inicio. El argumento $filter está muy restringido y solo permite los siguientes patrones. - Enumerar eventos de un grupo de recursos: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' y eventTimestamp le '2014-07-20T04:36:37.6407898Z' y resourceGroupName eq 'resourceGroupName'. - Enumerar eventos para el recurso: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' y eventTimestamp le '2014-07-20T04:36:37.6407898Z' y resourceUri eq 'resourceURI'. - Enumera los eventos de una suscripción en un intervalo de tiempo: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' y eventTimestamp le '2014-07-20T04:36:37.6407898Z'. - Enumeración de eventos para un proveedor de recursos: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' y eventTimestamp le '2014-07-20T04:36:37.6407898Z' y resourceProvider eq 'resourceProviderName'. - Enumerar eventos para un identificador de correlación: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' y eventTimestamp le '2014-07-20T04:36:37.6407898Z' y correlationId eq 'correlationID'. NOTA: No se permite ninguna otra sintaxis.
api-version	query	True	string	Versión de API que se usará para la operación.
$select	query		string	Se usa para capturar eventos con solo las propiedades especificadas. El argumento $select es una lista separada por comas de nombres de propiedad que se van a devolver. Los valores posibles son: authorization, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, level, operationId, operationName, properties, resourceGroupName, resourceProviderName, resourceId, status, submissionTimestamp, subStatus, subscriptionId

Respuestas

Nombre	Tipo	Description
200 OK	EventDataCollection	Solicitud correcta para obtener una página de eventos en los registros de actividad
Other Status Codes	ErrorResponse	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo OAuth2 de Azure Active Directory

Tipo: oauth2
Flujo: implicit
Dirección URL de autorización: https://login.microsoftonline.com/common/oauth2/authorize

Ámbitos

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

Get Activity Logs with filter

Get Activity Logs with filter and select

Get Activity Logs with filter

Solicitud de ejemplo

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
     */
    /**
     * Sample code: Get Activity Logs with filter.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilter(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilter() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			Description: to.Ptr(""),
		// 			Authorization: &armmonitor.SenderAuthorization{
		// 				Action: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Role: to.Ptr("Subscription Admin"),
		// 				Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"),
		// 			},
		// 			Caller: to.Ptr("admin@contoso.com"),
		// 			Claims: map[string]*string{
		// 				"name": to.Ptr("John Smith"),
		// 				"appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
		// 				"appidacr": to.Ptr("2"),
		// 				"aud": to.Ptr("https://management.core.windows.net/"),
		// 				"exp": to.Ptr("1421880271"),
		// 				"groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
		// 				"http://schemas.microsoft.com/claims/authnclassreference": to.Ptr("1"),
		// 				"http://schemas.microsoft.com/claims/authnmethodsreferences": to.Ptr("pwd"),
		// 				"http://schemas.microsoft.com/identity/claims/objectidentifier": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
		// 				"http://schemas.microsoft.com/identity/claims/scope": to.Ptr("user_impersonation"),
		// 				"http://schemas.microsoft.com/identity/claims/tenantid": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": to.Ptr("John"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": to.Ptr("admin@contoso.com"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": to.Ptr("Smith"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": to.Ptr("admin@contoso.com"),
		// 				"iat": to.Ptr("1421876371"),
		// 				"iss": to.Ptr("https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/"),
		// 				"nbf": to.Ptr("1421876371"),
		// 				"puid": to.Ptr("20030000801A118C"),
		// 				"ver": to.Ptr("1.0"),
		// 			},
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			HTTPRequest: &armmonitor.HTTPRequestInfo{
		// 				Method: to.Ptr("PUT"),
		// 				ClientIPAddress: to.Ptr("192.168.35.115"),
		// 				ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
		// 			},
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			Properties: map[string]*string{
		// 				"statusCode": to.Ptr("Created"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubStatus: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
		// 				Value: to.Ptr("Created"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 			SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
 */
async function getActivityLogsWithFilter() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Monitor;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

Respuesta de muestra

status code:

200

{
  "value": [
    {
      "authorization": {
        "action": "microsoft.support/supporttickets/write",
        "role": "Subscription Admin",
        "scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
      },
      "caller": "admin@contoso.com",
      "claims": {
        "aud": "https://management.core.windows.net/",
        "iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "iat": "1421876371",
        "nbf": "1421876371",
        "exp": "1421880271",
        "ver": "1.0",
        "http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
        "http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
        "http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
        "puid": "20030000801A118C",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
        "name": "John Smith",
        "groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@contoso.com",
        "appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
        "appidacr": "2",
        "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
        "http://schemas.microsoft.com/claims/authnclassreference": "1"
      },
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "description": "",
      "eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "httpRequest": {
        "clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
        "clientIpAddress": "192.168.35.115",
        "method": "PUT"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "level": "Informational",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "properties": {
        "statusCode": "Created"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "subStatus": {
        "value": "Created",
        "localizedValue": "Created (HTTP Status Code: 201)"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

Get Activity Logs with filter and select

Solicitud de ejemplo

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
     * GetActivityLogsFilteredAndSelected.json
     */
    /**
     * Sample code: Get Activity Logs with filter and select.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilterAndSelect(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilterAndSelect() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
 */
async function getActivityLogsWithFilterAndSelect() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const select =
    "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
  const options = { select };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter, options)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Monitor;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
string select = "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter, select: select))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

Respuesta de muestra

status code:

200

{
  "value": [
    {
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "level": "Informational"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

Definiciones

Nombre	Description
ErrorResponse	Describe el formato de respuesta de error.
EventData	Las entradas del registro de eventos de Azure son de tipo EventData.
EventDataCollection	Representa la colección de eventos.
EventLevel	el nivel de evento
HttpRequestInfo	La información de la solicitud Http.
LocalizableString	Clase de cadena localizable.
SenderAuthorization	la autorización utilizada por el usuario que ha realizado la operación que llevó a este evento. Esto captura las propiedades RBAC del evento. Normalmente se incluyen "action", "role" y "scope"

ErrorResponse

Describe el formato de respuesta de error.

Nombre	Tipo	Description
code	string	Código de error
message	string	Mensaje de error que indica por qué se produjo un error en la operación.

EventData

Las entradas del registro de eventos de Azure son de tipo EventData.

Nombre	Tipo	Description
authorization	SenderAuthorization	Información de autorización del remitente.
caller	string	la dirección de correo electrónico del usuario que ha realizado la operación, la notificación UPN o la notificación SPN en función de la disponibilidad.
category	LocalizableString	la categoría de eventos.
claims	object	pares clave-valor para identificar los permisos de ARM.
correlationId	string	el identificador de correlación, normalmente un GUID en el formato de cadena. El identificador de correlación se comparte entre los eventos que pertenecen a la misma operación uber.
description	string	la descripción del evento.
eventDataId	string	el identificador de datos del evento. Se trata de un identificador único para un evento.
eventName	LocalizableString	el nombre del evento. Este valor no debe confundirse con OperationName. Con fines prácticos, OperationName podría ser más atractivo para los usuarios finales.
eventTimestamp	string	la marca de tiempo de cuando el servicio de Azure generó el evento que procesa la solicitud correspondiente al evento. Está en formato ISO 8601.
httpRequest	HttpRequestInfo	la información de solicitud HTTP. Normalmente incluye "clientRequestId", "clientIpAddress" (dirección IP del usuario que inició el evento) y "method" (método HTTP, por ejemplo, PUT).
id	string	el identificador de este evento según sea necesario para ARM para RBAC. Contiene eventDataID y una información de marca de tiempo.
level	EventLevel	el nivel de evento
operationId	string	Normalmente es un GUID compartido entre los eventos correspondientes a una sola operación. Este valor no debe confundirse con EventName.
operationName	LocalizableString	el nombre de la operación.
properties	object	el conjunto de <pares clave, valor> (normalmente una cadena de diccionario<, cadena>) que incluye detalles sobre el evento.
resourceGroupName	string	el nombre del grupo de recursos del recurso afectado.
resourceId	string	el URI del recurso que identifica de forma única el recurso que provocó este evento.
resourceProviderName	LocalizableString	el nombre del proveedor de recursos del recurso afectado.
resourceType	LocalizableString	el tipo de recurso
status	LocalizableString	una cadena que describe el estado de la operación. Algunos valores típicos son: Started, In progress, Succeeded, Failed, Resolved.
subStatus	LocalizableString	el subestado del evento. La mayor parte del tiempo, cuando se incluye, captura el código de estado HTTP de la llamada REST. Los valores comunes son: Ok (código de estado HTTP: 200), creado (código de estado HTTP: 201), aceptado (código de estado HTTP: 202), sin contenido (código de estado HTTP: 204), solicitud incorrecta (código de estado HTTP: 40)0), no encontrado (código de estado HTTP: 404), conflicto (código de estado HTTP: 409), error interno del servidor (código de estado HTTP: 500), servicio no disponible (código de estado HTTP:503), tiempo de espera de la puerta de enlace (código de estado HTTP: 504)
submissionTimestamp	string	la marca de tiempo de cuando el evento estaba disponible para realizar consultas a través de esta API. Está en formato ISO 8601. Este valor no debe confundirse eventTimestamp. Como puede haber un retraso entre la hora de repetición del evento y la hora en que se envía el evento a la infraestructura de registro de Azure.
subscriptionId	string	el identificador de suscripción de Azure suele ser un GUID.
tenantId	string	el identificador de inquilino de Azure

EventDataCollection

Representa la colección de eventos.

Nombre	Tipo	Description
nextLink	string	Proporciona el vínculo para recuperar el siguiente conjunto de eventos.
value	EventData[]	esta lista que incluye los registros de auditoría de Azure.

EventLevel

el nivel de evento

Nombre	Tipo	Description
Critical	string
Error	string
Informational	string
Verbose	string
Warning	string

HttpRequestInfo

La información de la solicitud Http.

Nombre	Tipo	Description
clientIpAddress	string	la dirección IP del cliente
clientRequestId	string	el identificador de solicitud de cliente.
method	string	el método de solicitud Http.
uri	string	el URI.

LocalizableString

Clase de cadena localizable.

Nombre	Tipo	Description
localizedValue	string	valor específico de la configuración regional.
value	string	el valor invariable.

SenderAuthorization

la autorización utilizada por el usuario que ha realizado la operación que llevó a este evento. Esto captura las propiedades RBAC del evento. Normalmente se incluyen "action", "role" y "scope"

Nombre	Tipo	Description
action	string	las acciones permitidas. Por ejemplo: microsoft.support/supporttickets/write
role	string	el rol del usuario. Por ejemplo: Administración de suscripción
scope	string	el ámbito.