Gets the Activity Logs for the Tenant.
Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).
One thing to point out here is that this API does not retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01
With optional parameters:
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter={$filter}&$select={$select}
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
api-version
|
query |
True
|
string
minLength: 1
|
The API version to use for this operation.
|
|
$filter
|
query |
|
string
|
Reduces the set of data collected.
The $filter is very restricted and allows only the following patterns.
- List events for a resource group: $filter=eventTimestamp ge '<Start Time>' and eventTimestamp le '<End Time>' and eventChannels eq 'Admin, Operation' and resourceGroupName eq '<ResourceGroupName>'.
- List events for resource: $filter=eventTimestamp ge '<Start Time>' and eventTimestamp le '<End Time>' and eventChannels eq 'Admin, Operation' and resourceUri eq '<ResourceURI>'.
- List events for a subscription: $filter=eventTimestamp ge '<Start Time>' and eventTimestamp le '<End Time>' and eventChannels eq 'Admin, Operation'.
- List events for a resource provider: $filter=eventTimestamp ge '<Start Time>' and eventTimestamp le '<End Time>' and eventChannels eq 'Admin, Operation' and resourceProvider eq '<ResourceProviderName>'.
- List events for a correlation Id: api-version=2014-04-01&$filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and eventChannels eq 'Admin, Operation' and correlationId eq '<CorrelationID>'.
NOTE: No other syntax is allowed.
|
|
$select
|
query |
|
string
|
Used to fetch events with only the given properties.
The $select argument is a comma separated list of property names to be returned. Possible values are: authorization, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, level, operationId, operationName, properties, resourceGroupName, resourceProviderName, resourceId, status, submissionTimestamp, subStatus, subscriptionId
|
Responses
| Name |
Type |
Description |
|
200 OK
|
EventDataCollection
|
Successful request to get a page of events in the tenant activity logs
|
|
Other Status Codes
|
ErrorResponse
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
Get Tenant Activity Logs with filter
Sample request
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'
package armmonitor_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)
// Generated from example definition: 2015-04-01/GetTenantActivityLogsFiltered.json
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithFilter() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{
Filter: to.Ptr("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'")})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page = armmonitor.TenantActivityLogsClientListResponse{
// EventDataCollection: armmonitor.EventDataCollection{
// NextLink: to.Ptr("https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken"),
// Value: []*armmonitor.EventData{
// {
// OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// Description: to.Ptr(""),
// Authorization: &armmonitor.SenderAuthorization{
// Action: to.Ptr("microsoft.support/supporttickets/write"),
// Role: to.Ptr("Subscription Admin"),
// Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"),
// },
// Caller: to.Ptr("admin@contoso.com"),
// Claims: map[string]*string{
// "name": to.Ptr("John Smith"),
// "appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
// "appidacr": to.Ptr("2"),
// "aud": to.Ptr("https://management.core.windows.net/"),
// "exp": to.Ptr("1421880271"),
// "groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
// "http://schemas.microsoft.com/claims/authnclassreference": to.Ptr("1"),
// "http://schemas.microsoft.com/claims/authnmethodsreferences": to.Ptr("pwd"),
// "http://schemas.microsoft.com/identity/claims/objectidentifier": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
// "http://schemas.microsoft.com/identity/claims/scope": to.Ptr("user_impersonation"),
// "http://schemas.microsoft.com/identity/claims/tenantid": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": to.Ptr("John"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": to.Ptr("admin@contoso.com"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": to.Ptr("Smith"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": to.Ptr("admin@contoso.com"),
// "iat": to.Ptr("1421876371"),
// "iss": to.Ptr("https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/"),
// "nbf": to.Ptr("1421876371"),
// "puid": to.Ptr("20030000801A118C"),
// "ver": to.Ptr("1.0"),
// },
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.9792776Z"); return t}()),
// HTTPRequest: &armmonitor.HTTPRequestInfo{
// Method: to.Ptr("PUT"),
// ClientIPAddress: to.Ptr("192.168.35.115"),
// ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
// },
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
// Value: to.Ptr("microsoft.support/supporttickets/write"),
// },
// Properties: map[string]*string{
// "statusCode": to.Ptr("Created"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support"),
// Value: to.Ptr("microsoft.support"),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubStatus: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
// Value: to.Ptr("Created"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.9936304Z"); return t}()),
// SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
// },
// },
// },
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"nextLink": "https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken",
"value": [
{
"operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"description": "",
"authorization": {
"action": "microsoft.support/supporttickets/write",
"role": "Subscription Admin",
"scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
},
"caller": "admin@contoso.com",
"claims": {
"name": "John Smith",
"appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
"appidacr": "2",
"aud": "https://management.core.windows.net/",
"exp": "1421880271",
"groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@contoso.com",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
"iat": "1421876371",
"iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
"nbf": "1421876371",
"puid": "20030000801A118C",
"ver": "1.0"
},
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
"eventName": {
"localizedValue": "End request",
"value": "EndRequest"
},
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"httpRequest": {
"method": "PUT",
"clientIpAddress": "192.168.35.115",
"clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249"
},
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
"level": "Informational",
"operationName": {
"localizedValue": "microsoft.support/supporttickets/write",
"value": "microsoft.support/supporttickets/write"
},
"properties": {
"statusCode": "Created"
},
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"localizedValue": "microsoft.support",
"value": "microsoft.support"
},
"status": {
"localizedValue": "Succeeded",
"value": "Succeeded"
},
"subStatus": {
"localizedValue": "Created (HTTP Status Code: 201)",
"value": "Created"
},
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
}
]
}
Get Tenant Activity Logs with filter and select
Sample request
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level
package armmonitor_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)
// Generated from example definition: 2015-04-01/GetTenantActivityLogsFilteredAndSelected.json
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithFilterAndSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{
Filter: to.Ptr("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'"),
Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level")})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page = armmonitor.TenantActivityLogsClientListResponse{
// EventDataCollection: armmonitor.EventDataCollection{
// NextLink: to.Ptr("https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken"),
// Value: []*armmonitor.EventData{
// {
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.9792776Z"); return t}()),
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
// Value: to.Ptr("microsoft.support/supporttickets/write"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support"),
// Value: to.Ptr("microsoft.support"),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.9936304Z"); return t}()),
// },
// },
// },
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"nextLink": "https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken",
"value": [
{
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventName": {
"localizedValue": "End request",
"value": "EndRequest"
},
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
"level": "Informational",
"operationName": {
"localizedValue": "microsoft.support/supporttickets/write",
"value": "microsoft.support/supporttickets/write"
},
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"localizedValue": "microsoft.support",
"value": "microsoft.support"
},
"status": {
"localizedValue": "Succeeded",
"value": "Succeeded"
},
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z"
}
]
}
Get Tenant Activity Logs with select
Sample request
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level
package armmonitor_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)
// Generated from example definition: 2015-04-01/GetTenantActivityLogsSelected.json
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{
Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level")})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page = armmonitor.TenantActivityLogsClientListResponse{
// EventDataCollection: armmonitor.EventDataCollection{
// NextLink: to.Ptr("https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken"),
// Value: []*armmonitor.EventData{
// {
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.9792776Z"); return t}()),
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
// Value: to.Ptr("microsoft.support/supporttickets/write"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support"),
// Value: to.Ptr("microsoft.support"),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.9936304Z"); return t}()),
// },
// },
// },
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"nextLink": "https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken",
"value": [
{
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventName": {
"localizedValue": "End request",
"value": "EndRequest"
},
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
"level": "Informational",
"operationName": {
"localizedValue": "microsoft.support/supporttickets/write",
"value": "microsoft.support/supporttickets/write"
},
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"localizedValue": "microsoft.support",
"value": "microsoft.support"
},
"status": {
"localizedValue": "Succeeded",
"value": "Succeeded"
},
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z"
}
]
}
Get Tenant Activity Logs without filter or select
Sample request
GET https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01
package armmonitor_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor"
)
// Generated from example definition: 2015-04-01/GetTenantActivityLogsNoParams.json
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithoutFilterOrSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscriptionID>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page = armmonitor.TenantActivityLogsClientListResponse{
// EventDataCollection: armmonitor.EventDataCollection{
// NextLink: to.Ptr("https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken"),
// Value: []*armmonitor.EventData{
// {
// OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// Description: to.Ptr(""),
// Authorization: &armmonitor.SenderAuthorization{
// Action: to.Ptr("microsoft.support/supporttickets/write"),
// Role: to.Ptr("Subscription Admin"),
// Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"),
// },
// Caller: to.Ptr("admin@contoso.com"),
// Claims: map[string]*string{
// "name": to.Ptr("John Smith"),
// "appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
// "appidacr": to.Ptr("2"),
// "aud": to.Ptr("https://management.core.windows.net/"),
// "exp": to.Ptr("1421880271"),
// "groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
// "http://schemas.microsoft.com/claims/authnclassreference": to.Ptr("1"),
// "http://schemas.microsoft.com/claims/authnmethodsreferences": to.Ptr("pwd"),
// "http://schemas.microsoft.com/identity/claims/objectidentifier": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
// "http://schemas.microsoft.com/identity/claims/scope": to.Ptr("user_impersonation"),
// "http://schemas.microsoft.com/identity/claims/tenantid": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": to.Ptr("John"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": to.Ptr("admin@contoso.com"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": to.Ptr("Smith"),
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": to.Ptr("admin@contoso.com"),
// "iat": to.Ptr("1421876371"),
// "iss": to.Ptr("https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/"),
// "nbf": to.Ptr("1421876371"),
// "puid": to.Ptr("20030000801A118C"),
// "ver": to.Ptr("1.0"),
// },
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.9792776Z"); return t}()),
// HTTPRequest: &armmonitor.HTTPRequestInfo{
// Method: to.Ptr("PUT"),
// ClientIPAddress: to.Ptr("192.168.35.115"),
// ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
// },
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support/supporttickets/write"),
// Value: to.Ptr("microsoft.support/supporttickets/write"),
// },
// Properties: map[string]*string{
// "statusCode": to.Ptr("Created"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("microsoft.support"),
// Value: to.Ptr("microsoft.support"),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubStatus: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
// Value: to.Ptr("Created"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.9936304Z"); return t}()),
// SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
// },
// },
// },
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"nextLink": "https://management.azure.com/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/providers/microsoft.insights/eventtypes/management/values?$skiptoken=opaqueSkipToken",
"value": [
{
"operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"description": "",
"authorization": {
"action": "microsoft.support/supporttickets/write",
"role": "Subscription Admin",
"scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
},
"caller": "admin@contoso.com",
"claims": {
"name": "John Smith",
"appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
"appidacr": "2",
"aud": "https://management.core.windows.net/",
"exp": "1421880271",
"groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
"http://schemas.microsoft.com/claims/authnclassreference": "1",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
"http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
"http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
"http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "admin@contoso.com",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
"iat": "1421876371",
"iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
"nbf": "1421876371",
"puid": "20030000801A118C",
"ver": "1.0"
},
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
"eventName": {
"localizedValue": "End request",
"value": "EndRequest"
},
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"httpRequest": {
"method": "PUT",
"clientIpAddress": "192.168.35.115",
"clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249"
},
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
"level": "Informational",
"operationName": {
"localizedValue": "microsoft.support/supporttickets/write",
"value": "microsoft.support/supporttickets/write"
},
"properties": {
"statusCode": "Created"
},
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"localizedValue": "microsoft.support",
"value": "microsoft.support"
},
"status": {
"localizedValue": "Succeeded",
"value": "Succeeded"
},
"subStatus": {
"localizedValue": "Created (HTTP Status Code: 201)",
"value": "Created"
},
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
}
]
}
Definitions
| Name |
Description |
|
ErrorResponse
|
Describes the format of Error response.
|
|
EventData
|
The Azure event log entries are of type EventData
|
|
EventDataCollection
|
Represents collection of events.
|
|
EventLevel
|
the event level
|
|
HttpRequestInfo
|
The Http request info.
|
|
LocalizableString
|
The localizable string class.
|
|
SenderAuthorization
|
the authorization used by the user who has performed the operation that led to this event. This captures the RBAC properties of the event. These usually include the 'action', 'role' and the 'scope'
|
ErrorResponse
Object
Describes the format of Error response.
| Name |
Type |
Description |
|
code
|
string
|
Error code
|
|
message
|
string
|
Error message indicating why the operation failed.
|
EventData
Object
The Azure event log entries are of type EventData
| Name |
Type |
Description |
|
authorization
|
SenderAuthorization
|
The sender authorization information.
|
|
caller
|
string
|
the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability.
|
|
category
|
LocalizableString
|
the event category.
|
|
claims
|
object
|
key value pairs to identify ARM permissions.
|
|
correlationId
|
string
|
the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation.
|
|
description
|
string
|
the description of the event.
|
|
eventDataId
|
string
|
the event data Id. This is a unique identifier for an event.
|
|
eventName
|
LocalizableString
|
the event name. This value should not be confused with OperationName. For practical purposes, OperationName might be more appealing to end users.
|
|
eventTimestamp
|
string
(date-time)
|
the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format.
|
|
httpRequest
|
HttpRequestInfo
|
the HTTP request info. Usually includes the 'clientRequestId', 'clientIpAddress' (IP address of the user who initiated the event) and 'method' (HTTP method e.g. PUT).
|
|
id
|
string
|
the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information.
|
|
level
|
EventLevel
|
the event level
|
|
operationId
|
string
|
It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName.
|
|
operationName
|
LocalizableString
|
the operation name.
|
|
properties
|
object
|
the set of <Key, Value> pairs (usually a Dictionary<String, String>) that includes details about the event.
|
|
resourceGroupName
|
string
|
the resource group name of the impacted resource.
|
|
resourceId
|
string
|
the resource uri that uniquely identifies the resource that caused this event.
|
|
resourceProviderName
|
LocalizableString
|
the resource provider name of the impacted resource.
|
|
resourceType
|
LocalizableString
|
the resource type
|
|
status
|
LocalizableString
|
a string describing the status of the operation. Some typical values are: Started, In progress, Succeeded, Failed, Resolved.
|
|
subStatus
|
LocalizableString
|
the event sub status. Most of the time, when included, this captures the HTTP status code of the REST call. Common values are: OK (HTTP Status Code: 200), Created (HTTP Status Code: 201), Accepted (HTTP Status Code: 202), No Content (HTTP Status Code: 204), Bad Request(HTTP Status Code: 400), Not Found (HTTP Status Code: 404), Conflict (HTTP Status Code: 409), Internal Server Error (HTTP Status Code: 500), Service Unavailable (HTTP Status Code:503), Gateway Timeout (HTTP Status Code: 504)
|
|
submissionTimestamp
|
string
(date-time)
|
the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure.
|
|
subscriptionId
|
string
|
the Azure subscription Id usually a GUID.
|
|
tenantId
|
string
|
the Azure tenant Id
|
EventDataCollection
Object
Represents collection of events.
| Name |
Type |
Description |
|
nextLink
|
string
|
Provides the link to retrieve the next set of events.
|
|
value
|
EventData[]
|
this list that includes the Azure audit logs.
|
EventLevel
Enumeration
the event level
| Value |
Description |
|
Critical
|
|
|
Error
|
|
|
Warning
|
|
|
Informational
|
|
|
Verbose
|
|
HttpRequestInfo
Object
The Http request info.
| Name |
Type |
Description |
|
clientIpAddress
|
string
|
the client Ip Address
|
|
clientRequestId
|
string
|
the client request id.
|
|
method
|
string
|
the Http request method.
|
|
uri
|
string
|
the Uri.
|
LocalizableString
Object
The localizable string class.
| Name |
Type |
Description |
|
localizedValue
|
string
|
the locale specific value.
|
|
value
|
string
|
the invariant value.
|
SenderAuthorization
Object
the authorization used by the user who has performed the operation that led to this event. This captures the RBAC properties of the event. These usually include the 'action', 'role' and the 'scope'
| Name |
Type |
Description |
|
action
|
string
|
the permissible actions. For instance: microsoft.support/supporttickets/write
|
|
role
|
string
|
the role of the user. For instance: Subscription Admin
|
|
scope
|
string
|
the scope.
|