az monitor activity-log

Manage activity logs.

Commands

az monitor activity-log alert Manage activity log alerts.
az monitor activity-log alert action-group Manage action groups for activity log alerts.
az monitor activity-log alert action-group add Add action groups to this activity log alert. It can also be used to overwrite existing webhook properties of particular action groups.
az monitor activity-log alert action-group remove Remove action groups from this activity log alert.
az monitor activity-log alert create Create a default activity log alert.
az monitor activity-log alert delete Delete an activity log alert.
az monitor activity-log alert list List activity log alerts under a resource group or the current subscription.
az monitor activity-log alert scope Manage scopes for activity log alerts.
az monitor activity-log alert scope add Add scopes to this activity log alert.
az monitor activity-log alert scope remove Removes scopes from this activity log alert.
az monitor activity-log alert show Get an activity log alert.
az monitor activity-log alert update Update the details of this activity log alert.
az monitor activity-log list List and query activity log events.
az monitor activity-log list-categories List the event categories of activity logs.

az monitor activity-log list

List and query activity log events.

az monitor activity-log list [--caller]
[--correlation-id]
[--end-time]
[--filters]
[--max-events]
[--namespace]
[--offset]
[--resource-group]
[--resource-id]
[--select {authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId}]
[--start-time]
[--status]
[--subscription]

Examples

List all events from July 1st, looking forward one week.

az monitor activity-log list --start-time 2018-07-01 --offset 7d

List events within the past six hours based on a correlation ID.

az monitor activity-log list --correlation-id b5eac9d2-e829-4c9a-9efb-586d19417c5f

List events within the past hour based on resource group.

az monitor activity-log list -g {ResourceGroup} --offset 1h

Optional Parameters

--caller

Caller to query for, such as an e-mail address or service principal ID.

--correlation-id

Correlation ID to query.

--end-time

End time of the query. Defaults to the current time. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--filters

OData filters. Will ignore other filter arguments.

--max-events

Maximum number of records to return.

default value: 50
--namespace

Resource provider namespace.

--offset

Time offset of the query range, in ##d##h format.

default value: 6h
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-id

ARM ID of a resource.

--select

Space-separated list of properties to return.

accepted values: authorization, caller, category, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, id, level, operationId, operationName, properties, resourceGroupName, resourceId, resourceProviderName, resourceType, status, subStatus, submissionTimestamp, subscriptionId, tenantId
--start-time

Start time of the query. Format: date (yyyy-mm-dd) time (hh:mm:ss.xxxxx) timezone (+/-hh:mm).

--status

Status to query for (ex: Failed).

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az monitor activity-log list-categories

List the event categories of activity logs.

az monitor activity-log list-categories [--subscription]

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.