你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Activity Logs - List

服务:

Monitor

API 版本:

2015-04-01

提供活动日志中的记录列表。

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}

具有可选参数:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}&$select={$select}

URI 参数

名称	在	必需	类型	说明
subscriptionId	path	True	string	目标订阅的 ID。
$filter	query	True	string	减少收集的数据集。 此参数是必需的，它还至少需要开始日期/时间。 $filter 参数非常受限，仅允许以下模式。 - 列出资源组的事件：$filter=eventTimestamp ge '2014-07-16T04：36：37.6407898Z' 和 eventTimestamp le '2014-07-20T04：36：37.6407898Z' 和 resourceGroupName eq 'resourceGroupName'。 - 列出资源的事件：$filter=eventTimestamp ge '2014-07-16T04：36：37.6407898Z' 和 eventTimestamp le '2014-07-20T04：36：37.6407898Z' 和 resourceUri eq 'resourceURI'。 - 列出时间范围内的订阅事件：$filter=eventTimestamp ge '2014-07-16T04：36：37.6407898Z' 和 eventTimestamp le '2014-07-20T04：36：37.6407898Z'。 - 列出资源提供程序的事件：$filter=eventTimestamp ge '2014-07-16T04：36：37.6407898Z' 和 eventTimestamp le '2014-07-20T04：36：37.6407898Z' and resourceProvider eq 'resourceProviderName'. - 列出相关 ID 的事件：$filter=eventTimestamp ge '2014-07-16T04：36：37.6407898Z' 和 eventTimestamp le '2014-07-20T04：36：37.6407898Z' 和 correlationId eq 'correlationID'。 注意：不允许使用其他语法。
api-version	query	True	string	要用于此操作的 API 版本。
$select	query		string	用于提取仅具有给定属性的事件。 $select参数是要返回的属性名称的逗号分隔列表。 可能的值包括： authorization、 claims、 correlationId、 description、 eventDataId、 eventName、 eventTimestamp、 httpRequest、 level、 operationId、 operationName、 properties、 resourceGroupName、 resourceProviderName、 resourceId、 status、 submissionTimestamp、 subStatus、 subscriptionId

响应

名称	类型	说明
200 OK	EventDataCollection	成功请求获取活动日志中的事件页
Other Status Codes	ErrorResponse	描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 流

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

Get Activity Logs with filter

Get Activity Logs with filter and select

Get Activity Logs with filter

示例请求

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
     */
    /**
     * Sample code: Get Activity Logs with filter.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilter(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilter() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			Description: to.Ptr(""),
		// 			Authorization: &armmonitor.SenderAuthorization{
		// 				Action: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Role: to.Ptr("Subscription Admin"),
		// 				Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"),
		// 			},
		// 			Caller: to.Ptr("admin@contoso.com"),
		// 			Claims: map[string]*string{
		// 				"name": to.Ptr("John Smith"),
		// 				"appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
		// 				"appidacr": to.Ptr("2"),
		// 				"aud": to.Ptr("https://management.core.windows.net/"),
		// 				"exp": to.Ptr("1421880271"),
		// 				"groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
		// 				"http://schemas.microsoft.com/claims/authnclassreference": to.Ptr("1"),
		// 				"http://schemas.microsoft.com/claims/authnmethodsreferences": to.Ptr("pwd"),
		// 				"http://schemas.microsoft.com/identity/claims/objectidentifier": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
		// 				"http://schemas.microsoft.com/identity/claims/scope": to.Ptr("user_impersonation"),
		// 				"http://schemas.microsoft.com/identity/claims/tenantid": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": to.Ptr("John"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": to.Ptr("admin@contoso.com"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": to.Ptr("Smith"),
		// 				"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": to.Ptr("admin@contoso.com"),
		// 				"iat": to.Ptr("1421876371"),
		// 				"iss": to.Ptr("https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/"),
		// 				"nbf": to.Ptr("1421876371"),
		// 				"puid": to.Ptr("20030000801A118C"),
		// 				"ver": to.Ptr("1.0"),
		// 			},
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			HTTPRequest: &armmonitor.HTTPRequestInfo{
		// 				Method: to.Ptr("PUT"),
		// 				ClientIPAddress: to.Ptr("192.168.35.115"),
		// 				ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
		// 			},
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			Properties: map[string]*string{
		// 				"statusCode": to.Ptr("Created"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubStatus: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
		// 				Value: to.Ptr("Created"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 			SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
 */
async function getActivityLogsWithFilter() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Monitor;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFiltered.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

示例响应

状态代码:

200

{
  "value": [
    {
      "authorization": {
        "action": "microsoft.support/supporttickets/write",
        "role": "Subscription Admin",
        "scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
      },
      "caller": "admin@contoso.com",
      "claims": {
        "aud": "https://management.core.windows.net/",
        "iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
        "iat": "1421876371",
        "nbf": "1421876371",
        "exp": "1421880271",
        "ver": "1.0",
        "http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
        "http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
        "http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
        "puid": "20030000801A118C",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
        "name": "John Smith",
        "groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@contoso.com",
        "appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
        "appidacr": "2",
        "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
        "http://schemas.microsoft.com/claims/authnclassreference": "1"
      },
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "description": "",
      "eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "httpRequest": {
        "clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
        "clientIpAddress": "192.168.35.115",
        "method": "PUT"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "level": "Informational",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "properties": {
        "statusCode": "Created"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "subStatus": {
        "value": "Created",
        "localizedValue": "Created (HTTP Status Code: 201)"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

Get Activity Logs with filter and select

示例请求

HTTP

GET https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level

Java

/**
 * Samples for ActivityLogs List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
     * GetActivityLogsFilteredAndSelected.json
     */
    /**
     * Sample code: Get Activity Logs with filter and select.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void getActivityLogsWithFilterAndSelect(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.diagnosticSettings().manager().serviceClient().getActivityLogs().list(
            "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
            "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmonitor_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/969fd0c2634fbcc1975d7abe3749330a5145a97c/specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
func ExampleActivityLogsClient_NewListPager_getActivityLogsWithFilterAndSelect() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActivityLogsClient().NewListPager("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'", &armmonitor.ActivityLogsClientListOptions{Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level")})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.EventDataCollection = armmonitor.EventDataCollection{
		// 	Value: []*armmonitor.EventData{
		// 		{
		// 			CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
		// 			EventName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("End request"),
		// 				Value: to.Ptr("EndRequest"),
		// 			},
		// 			EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
		// 			ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
		// 			Level: to.Ptr(armmonitor.EventLevelInformational),
		// 			OperationName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
		// 				Value: to.Ptr("microsoft.support/supporttickets/write"),
		// 			},
		// 			ResourceGroupName: to.Ptr("MSSupportGroup"),
		// 			ResourceProviderName: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("microsoft.support"),
		// 				Value: to.Ptr("microsoft.support"),
		// 			},
		// 			Status: &armmonitor.LocalizableString{
		// 				LocalizedValue: to.Ptr("Succeeded"),
		// 				Value: to.Ptr("Succeeded"),
		// 			},
		// 			SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Provides the list of records from the activity logs.
 *
 * @summary Provides the list of records from the activity logs.
 * x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
 */
async function getActivityLogsWithFilterAndSelect() {
  const subscriptionId =
    process.env["MONITOR_SUBSCRIPTION_ID"] || "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
  const filter =
    "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
  const select =
    "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
  const options = { select };
  const credential = new DefaultAzureCredential();
  const client = new MonitorClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.activityLogs.list(filter, options)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using System.Xml;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Monitor;

// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetActivityLogsFilteredAndSelected.json
// this example is just showing the usage of "ActivityLogs_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
string select = "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
await foreach (EventDataInfo item in subscriptionResource.GetActivityLogsAsync(filter, select: select))
{
    Console.WriteLine($"Succeeded: {item}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

CLI

az monitor activity-log list --start-time 2018-07-01 --offset 7d

Click here to learn more about the Azure CLI command.

示例响应

状态代码:

200

{
  "value": [
    {
      "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
      "eventName": {
        "value": "EndRequest",
        "localizedValue": "End request"
      },
      "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
      "resourceGroupName": "MSSupportGroup",
      "resourceProviderName": {
        "value": "microsoft.support",
        "localizedValue": "microsoft.support"
      },
      "operationName": {
        "value": "microsoft.support/supporttickets/write",
        "localizedValue": "microsoft.support/supporttickets/write"
      },
      "status": {
        "value": "Succeeded",
        "localizedValue": "Succeeded"
      },
      "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
      "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
      "level": "Informational"
    }
  ],
  "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
}

定义

名称	说明
ErrorResponse	描述错误响应的格式。
EventData	Azure 事件日志条目的类型为 EventData
EventDataCollection	表示事件的集合。
EventLevel	事件级别
HttpRequestInfo	Http 请求信息。
LocalizableString	可本地化的字符串类。
SenderAuthorization	执行导致此事件的操作的用户使用的授权。 这会捕获事件的 RBAC 属性。 这些通常包括“action”、“role”和“scope”

ErrorResponse

描述错误响应的格式。

名称	类型	说明
code	string	错误代码
message	string	指示操作失败原因的错误消息。

EventData

Azure 事件日志条目的类型为 EventData

名称	类型	说明
authorization	SenderAuthorization	发件人授权信息。
caller	string	已执行操作的用户的电子邮件地址、UPN 声明或 SPN 声明（基于可用性）。
category	LocalizableString	事件类别。
claims	object	用于标识 ARM 权限的键值对。
correlationId	string	相关性 ID，通常是字符串格式的 GUID。 关联 ID 在属于同一 uber 操作的事件之间共享。
description	string	事件的说明。
eventDataId	string	事件数据 ID。这是事件的唯一标识符。
eventName	LocalizableString	事件名称。 此值不应与 OperationName 混淆。 出于实际目的，OperationName 可能更吸引最终用户。
eventTimestamp	string	处理与事件对应的请求的 Azure 服务生成事件的时间戳。 它采用 ISO 8601 格式。
httpRequest	HttpRequestInfo	HTTP 请求信息。 通常包括发起事件的用户的“clientRequestId”、“clientIpAddress” (IP 地址) 和“method” (HTTP 方法，例如 PUT) 。
id	string	ARM for RBAC 所需的此事件的 ID。 它包含 EventDataID 和时间戳信息。
level	EventLevel	事件级别
operationId	string	它通常是在对应于单个操作的事件之间共享的 GUID。 此值不应与 EventName 混淆。
operationName	LocalizableString	操作名称。
properties	object	<键、值>对集 (通常是包含事件详细信息的字典<字符串、字符串>) 。
resourceGroupName	string	受影响资源的资源组名称。
resourceId	string	唯一标识导致此事件的资源的资源 URI。
resourceProviderName	LocalizableString	受影响资源的资源提供程序名称。
resourceType	LocalizableString	资源类型
status	LocalizableString	描述操作状态的字符串。 一些典型值包括：Started、In progress、Succeeded、Failed、Resolved。
subStatus	LocalizableString	事件子状态。 大多数情况下，如果包含，这会捕获 REST 调用的 HTTP 状态代码。 常见值包括：正常 (HTTP 状态代码：200) 、创建 (HTTP 状态代码：201) 、 接受 (HTTP 状态代码：202) ，无内容 (HTTP 状态代码：204) ，错误请求 (HTTP 状态代码：400) ，找不到 (http 状态代码：404) ，冲突 (HTTP 状态代码：409) ，内部服务器错误 (HTTP 状态代码： 500) ，服务不可用 (HTTP 状态代码：503) ，网关超时 (HTTP 状态代码：504)
submissionTimestamp	string	事件可通过此 API 进行查询的时间戳。 它采用 ISO 8601 格式。 此值不应混淆 eventTimestamp。 因为事件发生时间与将事件提交到 Azure 日志记录基础结构的时间之间可能存在延迟。
subscriptionId	string	Azure 订阅 ID 通常是 GUID。
tenantId	string	Azure 租户 ID

EventDataCollection

表示事件的集合。

名称	类型	说明
nextLink	string	提供用于检索下一组事件的链接。
value	EventData[]	此列表包含 Azure 审核日志。

EventLevel

事件级别

名称	类型	说明
Critical	string
Error	string
Informational	string
Verbose	string
Warning	string

HttpRequestInfo

Http 请求信息。

名称	类型	说明
clientIpAddress	string	客户端 IP 地址
clientRequestId	string	客户端请求 ID。
method	string	Http 请求方法。
uri	string	URI。

LocalizableString

可本地化的字符串类。

名称	类型	说明
localizedValue	string	区域设置特定的值。
value	string	固定值。

SenderAuthorization

执行导致此事件的操作的用户使用的授权。 这会捕获事件的 RBAC 属性。 这些通常包括“action”、“role”和“scope”

名称	类型	说明
action	string	允许的操作。 例如：microsoft.support/supporttickets/write
role	string	用户的角色。 例如：订阅管理员
scope	string	范围。