tenant_activity_logs
Creates, updates, deletes, gets or lists a tenant_activity_logs resource.
Overview
| Name | tenant_activity_logs |
| Type | Resource |
| Id | azure.monitor.tenant_activity_logs |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information. |
description | string | the description of the event. |
authorization | object | the authorization used by the user who has performed the operation that led to this event. This captures the RBAC properties of the event. These usually include the 'action', 'role' and the 'scope' |
caller | string | the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability. |
category | object | The localizable string class. |
claims | object | key value pairs to identify ARM permissions. |
correlationId | string | the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation. |
eventDataId | string | the event data Id. This is a unique identifier for an event. |
eventName | object | The localizable string class. |
eventTimestamp | string | the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format. |
httpRequest | object | The Http request info. |
level | string | the event level |
operationId | string | It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName. |
operationName | object | The localizable string class. |
properties | object | the set of <Key, Value> pairs (usually a Dictionary<String, String>) that includes details about the event. |
resourceGroupName | string | the resource group name of the impacted resource. |
resourceId | string | the resource uri that uniquely identifies the resource that caused this event. |
resourceProviderName | object | The localizable string class. |
resourceType | object | The localizable string class. |
status | object | The localizable string class. |
subStatus | object | The localizable string class. |
submissionTimestamp | string | the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure. |
subscriptionId | string | the Azure subscription Id usually a GUID. |
tenantId | string | the Azure tenant Id |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
list | SELECT | | Gets the Activity Logs for the Tenant. Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.). One thing to point out here is that this API does not retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level. |
SELECT examples
Gets the Activity Logs for the Tenant. Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.). One thing to point out here is that this API does not retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
SELECT
id,
description,
authorization,
caller,
category,
claims,
correlationId,
eventDataId,
eventName,
eventTimestamp,
httpRequest,
level,
operationId,
operationName,
properties,
resourceGroupName,
resourceId,
resourceProviderName,
resourceType,
status,
subStatus,
submissionTimestamp,
subscriptionId,
tenantId
FROM azure.monitor.tenant_activity_logs
;