Ask Learn
Preview
Please sign in to use this experience.
Sign inNote
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure is in deed and in fact like an ocean with various entities within it pumping out enormous amounts of logging, event information. This is also what makes it somewhat overwhelming as to where to look for under the hood as to what happened. [Please click on pic to get a clearer version]
The below is an example of a simple requirement to list all VM Created, along with who created them and when they were created.
I outline two methods below. Pick and choose what is appropriate for your needs.
Method 1
- Go to "More Services" as shown below.
[Please click on pic to get a clearer version]
- On the Search pane type "Log" and choose Activity Logs
[Please click on pic to get a clearer version]
Configure the Query parameters as follows:-
[caption id="attachment_1756" align="alignnone" width="300"]
Activity Log Query [Please click on pic to get a clearer version] [/caption]
Method 2
For this one has to have an OMS workspace associated to the subscription.
AzureActivity
| where OperationName endswith "Write"
| where ActivityStatus == "Succeeded"
| where ActivitySubstatus contains "Created"
| project resourceName=Resource, CreatedBy=Caller, dateTimeOfCreation=TimeGenerated, ResourceGroup, SubscriptionId, ResourceId
[caption id="attachment_1765" align="aligncenter" width="734"]
OMS Log Analytics Query [Please click on pic to get a clearer version] [/caption]There are various schemas you can check to see if it is the one that contains the data that you want to query on. A sample of these schemas is shown below.
[caption id="attachment_1785" align="alignnone" width="300"]
Various Schemas[/caption]