PowerShell
PowerShell
Azure Monitor - List Activity Logs
See more Azure Monitor Examples
Provides the list of records from the activity logs.Note: The $filter criteria cannot specify a time range that begins more than 90 days in the past.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$http = New-Object Chilkat.Http
# Load an OAuth2 access token previously fetched by this example: Get Azure OAuth2 Access Token
$jsonToken = New-Object Chilkat.JsonObject
$success = $jsonToken.LoadFile("qa_data/tokens/azureToken.json")
# Assuming success..
$http.AuthToken = $jsonToken.StringOf("access_token")
$("AuthToken: " + $http.AuthToken)
$http.Accept = "application/json"
$resp = New-Object Chilkat.HttpResponse
$success = $http.HttpNoBody("GET","https://management.azure.com/subscriptions/{subscriptionId}/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp%20ge%20%272019-05-16T04%3A36%3A37.6407898Z%27%20and%20eventTimestamp%20le%20%272019-06-12T04%3A36%3A37.6407898Z%27",$resp)
if ($success -eq $false) {
$($http.LastErrorText)
exit
}
$("Response Status Code: " + $resp.StatusCode)
$jsonResponse = New-Object Chilkat.JsonObject
$jsonResponse.Load($resp.BodyStr)
$jsonResponse.EmitCompact = $false
$($jsonResponse.Emit())
if ($resp.StatusCode -ne 200) {
$("Failed.")
exit
}
# Sample output...
# (See the parsing code below..)
#
# Use the this online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON
# {
# "value": [
# {
# "authorization": {
# "action": "microsoft.support/supporttickets/write",
# "role": "Subscription Admin",
# "scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841"
# },
# "caller": "admin@contoso.com",
# "claims": {
# "aud": "https://management.core.windows.net/",
# "iss": "https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/",
# "iat": "1421876371",
# "nbf": "1421876371",
# "exp": "1421880271",
# "ver": "1.0",
# "http://schemas.microsoft.com/identity/claims/tenantid": "1e8d8218-c5e7-4578-9acc-9abbd5d23315 ",
# "http://schemas.microsoft.com/claims/authnmethodsreferences": "pwd",
# "http://schemas.microsoft.com/identity/claims/objectidentifier": "2468adf0-8211-44e3-95xq-85137af64708",
# "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "admin@contoso.com",
# "puid": "20030000801A118C",
# "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
# "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "John",
# "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "Smith",
# "name": "John Smith",
# "groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
# "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": " admin@contoso.com",
# "appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
# "appidacr": "2",
# "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
# "http://schemas.microsoft.com/claims/authnclassreference": "1"
# },
# "correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
# "description": "",
# "eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
# "eventName": {
# "value": "EndRequest",
# "localizedValue": "End request"
# },
# "httpRequest": {
# "clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
# "clientIpAddress": "192.168.35.115",
# "method": "PUT"
# },
# "id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841/events/44ade6b4-3813-45e6-ae27-7420a95fa2f8/ticks/635574752669792776",
# "level": "Informational",
# "resourceGroupName": "MSSupportGroup",
# "resourceProviderName": {
# "value": "microsoft.support",
# "localizedValue": "microsoft.support"
# },
# "operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
# "operationName": {
# "value": "microsoft.support/supporttickets/write",
# "localizedValue": "microsoft.support/supporttickets/write"
# },
# "properties": {
# "statusCode": "Created"
# },
# "status": {
# "value": "Succeeded",
# "localizedValue": "Succeeded"
# },
# "subStatus": {
# "value": "Created",
# "localizedValue": "Created (HTTP Status Code: 201)"
# },
# "eventTimestamp": "2015-01-21T22:14:26.9792776Z",
# "submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
# "subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
# }
# ],
# "nextLink": "https://management.azure.com/########-####-####-####-############$skiptoken=######"
# }
#
$nextLink = $jsonResponse.StringOf("nextLink")
$i = 0
$count_i = $jsonResponse.SizeOfArray("value")
while ($i -lt $count_i) {
$jsonResponse.I = $i
$authorizationAction = $jsonResponse.StringOf("value[i].authorization.action")
$authorizationRole = $jsonResponse.StringOf("value[i].authorization.role")
$authorizationScope = $jsonResponse.StringOf("value[i].authorization.scope")
$caller = $jsonResponse.StringOf("value[i].caller")
$claimsAud = $jsonResponse.StringOf("value[i].claims.aud")
$claimsIss = $jsonResponse.StringOf("value[i].claims.iss")
$claimsIat = $jsonResponse.StringOf("value[i].claims.iat")
$claimsNbf = $jsonResponse.StringOf("value[i].claims.nbf")
$claimsExp = $jsonResponse.StringOf("value[i].claims.exp")
$claimsVer = $jsonResponse.StringOf("value[i].claims.ver")
$claims_identity_claims_tenantid = $jsonResponse.StringOf("value[i].claims.`"http://schemas.microsoft.com/identity/claims/tenantid`"")
$claims_claims_authnmethodsreferences = $jsonResponse.StringOf("value[i].claims.`"http://schemas.microsoft.com/claims/authnmethodsreferences`"")
$claims_identity_claims_objectidentifier = $jsonResponse.StringOf("value[i].claims.`"http://schemas.microsoft.com/identity/claims/objectidentifier`"")
$claims_ws_2005_05_identity_claims_upn = $jsonResponse.StringOf("value[i].claims.`"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn`"")
$claimsPuid = $jsonResponse.StringOf("value[i].claims.puid")
$claims_ws_2005_05_identity_claims_nameidentifier = $jsonResponse.StringOf("value[i].claims.`"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier`"")
$claims_ws_2005_05_identity_claims_givenname = $jsonResponse.StringOf("value[i].claims.`"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`"")
$claims_ws_2005_05_identity_claims_surname = $jsonResponse.StringOf("value[i].claims.`"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`"")
$claimsName = $jsonResponse.StringOf("value[i].claims.name")
$claimsGroups = $jsonResponse.StringOf("value[i].claims.groups")
$claims_ws_2005_05_identity_claims_name = $jsonResponse.StringOf("value[i].claims.`"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`"")
$claimsAppid = $jsonResponse.StringOf("value[i].claims.appid")
$claimsAppidacr = $jsonResponse.StringOf("value[i].claims.appidacr")
$claims_identity_claims_scope = $jsonResponse.StringOf("value[i].claims.`"http://schemas.microsoft.com/identity/claims/scope`"")
$claims_claims_authnclassreference = $jsonResponse.StringOf("value[i].claims.`"http://schemas.microsoft.com/claims/authnclassreference`"")
$correlationId = $jsonResponse.StringOf("value[i].correlationId")
$description = $jsonResponse.StringOf("value[i].description")
$eventDataId = $jsonResponse.StringOf("value[i].eventDataId")
$eventNameValue = $jsonResponse.StringOf("value[i].eventName.value")
$eventNameLocalizedValue = $jsonResponse.StringOf("value[i].eventName.localizedValue")
$httpRequestClientRequestId = $jsonResponse.StringOf("value[i].httpRequest.clientRequestId")
$httpRequestClientIpAddress = $jsonResponse.StringOf("value[i].httpRequest.clientIpAddress")
$httpRequestMethod = $jsonResponse.StringOf("value[i].httpRequest.method")
$id = $jsonResponse.StringOf("value[i].id")
$level = $jsonResponse.StringOf("value[i].level")
$resourceGroupName = $jsonResponse.StringOf("value[i].resourceGroupName")
$resourceProviderNameValue = $jsonResponse.StringOf("value[i].resourceProviderName.value")
$resourceProviderNameLocalizedValue = $jsonResponse.StringOf("value[i].resourceProviderName.localizedValue")
$operationId = $jsonResponse.StringOf("value[i].operationId")
$operationNameValue = $jsonResponse.StringOf("value[i].operationName.value")
$operationNameLocalizedValue = $jsonResponse.StringOf("value[i].operationName.localizedValue")
$propertiesStatusCode = $jsonResponse.StringOf("value[i].properties.statusCode")
$statusValue = $jsonResponse.StringOf("value[i].status.value")
$statusLocalizedValue = $jsonResponse.StringOf("value[i].status.localizedValue")
$subStatusValue = $jsonResponse.StringOf("value[i].subStatus.value")
$subStatusLocalizedValue = $jsonResponse.StringOf("value[i].subStatus.localizedValue")
$eventTimestamp = $jsonResponse.StringOf("value[i].eventTimestamp")
$submissionTimestamp = $jsonResponse.StringOf("value[i].submissionTimestamp")
$subscriptionId = $jsonResponse.StringOf("value[i].subscriptionId")
$i = $i + 1
}