Ruft die Aktivitätsprotokolle für den Mandanten ab.
Alles, was für die API zum Abrufen der Aktivitätsprotokolle für das Abonnement gilt, gilt für diese API (parameter, $filter usw.).
Hier ist zu beachten, dass diese API nicht die Protokolle im einzelnen Abonnement des Mandanten abruft, sondern nur die Protokolle, die auf Mandantenebene generiert wurden.
Mit optionalen Parametern:
Name |
In |
Erforderlich |
Typ |
Beschreibung |
query |
Hierbei handelt es sich um die für diesen Vorgang zu verwendende API-Version.
query |
Reduziert den gesammelten Datensatz. Die $filter ist sehr eingeschränkt und lässt nur die folgenden Muster zu. - Auflisten von Ereignissen für eine Ressourcengruppe: $filter=eventTimestamp ge '' und eventTimestamp le '' und eventChannels eq 'Admin, Operation' und resourceGroupName eq ''. - Auflisten von Ereignissen für Ressource: $filter=eventTimestamp ge '' und eventTimestamp le '' und eventChannels eq 'Admin, Operation' und resourceUri eq ''. - Auflisten von Ereignissen für ein Abonnement: $filter=eventTimestamp ge '' und eventTimestamp le '' und eventChannels eq 'Admin, Operation'. - Auflisten von Ereignissen für einen Ressourcenanbieter: $filter=eventTimestamp ge '' und eventTimestamp le '' und eventChannels eq 'Admin, Operation' und resourceProvider eq ''. - Auflisten von Ereignissen für eine Korrelations-ID: api-version=2014-04-01&$filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' und eventTimestamp le '2014-07-20T04:36:37.6407898Z' und eventChannels eq 'Admin, Operation' und correlationId eq ''.
HINWEIS: Es ist keine andere Syntax zulässig.
query |
Wird verwendet, um Ereignisse nur mit den angegebenen Eigenschaften abzurufen. Das $select-Argument ist eine durch Trennzeichen getrennte Liste von Eigenschaftennamen, die zurückgegeben werden sollen. Mögliche Werte sind: authorization, claims, correlationId, description, eventDataId, eventName, eventTimestamp, httpRequest, level, operationId, operationName, properties, resourceGroupName, resourceProviderName, resourceId, status, submissionTimestamp, subStatus, subscriptionId
Name |
Typ |
Beschreibung |
200 OK
Erfolgreiche Anforderung zum Abrufen einer Seite mit Ereignissen in den Mandantenaktivitätsprotokollen
Other Status Codes
Fehlerantwort mit Beschreibung des Grunds für den Fehler.
Azure Active Directory-OAuth2-Flow
Name |
Beschreibung |
Identitätswechsel Ihres Benutzerkontos
Get Tenant Activity Logs with filter
GET$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'
* Samples for TenantActivityLogs List.
public final class Main {
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
* GetTenantActivityLogsFiltered.json
* Sample code: Get Tenant Activity Logs with filter.
* @param azure The entry point for accessing resource management APIs in Azure.
public static void getTenantActivityLogsWithFilter( azure) {
"eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armmonitor_test
import (
// Generated from example definition:
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithFilter() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{Filter: to.Ptr("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'"),
Select: nil,
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.EventDataCollection = armmonitor.EventDataCollection{
// Value: []*armmonitor.EventData{
// {
// OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// Description: to.Ptr(""),
// Authorization: &armmonitor.SenderAuthorization{
// Action: to.Ptr(""),
// Role: to.Ptr("Subscription Admin"),
// Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// },
// Caller: to.Ptr(""),
// Claims: map[string]*string{
// "name": to.Ptr("John Smith"),
// "appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
// "appidacr": to.Ptr("2"),
// "aud": to.Ptr(""),
// "exp": to.Ptr("1421880271"),
// "groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
// "": to.Ptr("1"),
// "": to.Ptr("pwd"),
// "": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
// "": to.Ptr("user_impersonation"),
// "": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
// "": to.Ptr("John"),
// "": to.Ptr(""),
// "": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
// "": to.Ptr("Smith"),
// "": to.Ptr(""),
// "iat": to.Ptr("1421876371"),
// "iss": to.Ptr(""),
// "nbf": to.Ptr("1421876371"),
// "puid": to.Ptr("20030000801A118C"),
// "ver": to.Ptr("1.0"),
// },
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
// HTTPRequest: &armmonitor.HTTPRequestInfo{
// Method: to.Ptr("PUT"),
// ClientIPAddress: to.Ptr(""),
// ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
// },
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Properties: map[string]*string{
// "statusCode": to.Ptr("Created"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubStatus: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
// Value: to.Ptr("Created"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
// SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
// }},
// }
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");
* This sample demonstrates how to Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* @summary Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsFiltered.json
async function getTenantActivityLogsWithFilter() {
const filter =
"eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
const options = { filter };
const credential = new DefaultAzureCredential();
const client = new MonitorClient(credential);
const resArray = new Array();
for await (let item of client.tenantActivityLogs.list(options)) {
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Monitor;
// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsFiltered.json
// this example is just showing the usage of "TenantActivityLogs_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this TenantResource created on azure
// for more information of creating TenantResource, please refer to the document of TenantResource
var tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;
// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
await foreach (EventDataInfo item in tenantResource.GetTenantActivityLogsAsync(filter: filter))
Console.WriteLine($"Succeeded: {item}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
"value": [
"authorization": {
"action": "",
"role": "Subscription Admin",
"scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"
"caller": "",
"claims": {
"aud": "",
"iss": "",
"iat": "1421876371",
"nbf": "1421876371",
"exp": "1421880271",
"ver": "1.0",
"": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
"": "pwd",
"": "2468adf0-8211-44e3-95xq-85137af64708",
"": "",
"puid": "20030000801A118C",
"": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
"": "John",
"": "Smith",
"name": "John Smith",
"groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
"": "",
"appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
"appidacr": "2",
"": "user_impersonation",
"": "1"
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"description": "",
"eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
"httpRequest": {
"clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
"clientIpAddress": "",
"method": "PUT"
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/",
"level": "Informational",
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"value": "",
"localizedValue": ""
"operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"operationName": {
"value": "",
"localizedValue": ""
"properties": {
"statusCode": "Created"
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
"subStatus": {
"value": "Created",
"localizedValue": "Created (HTTP Status Code: 201)"
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
"nextLink": "$skiptoken=######"
Get Tenant Activity Logs with filter and select
GET$filter=eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'&$select=eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level
* Samples for TenantActivityLogs List.
public final class Main {
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
* GetTenantActivityLogsFilteredAndSelected.json
* Sample code: Get Tenant Activity Logs with filter and select.
* @param azure The entry point for accessing resource management APIs in Azure.
public static void getTenantActivityLogsWithFilterAndSelect( azure) {
"eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'",
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armmonitor_test
import (
// Generated from example definition:
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithFilterAndSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{Filter: to.Ptr("eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'"),
Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level"),
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.EventDataCollection = armmonitor.EventDataCollection{
// Value: []*armmonitor.EventData{
// {
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
// }},
// }
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");
* This sample demonstrates how to Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* @summary Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsFilteredAndSelected.json
async function getTenantActivityLogsWithFilterAndSelect() {
const filter =
"eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
const select =
const options = { filter, select };
const credential = new DefaultAzureCredential();
const client = new MonitorClient(credential);
const resArray = new Array();
for await (let item of client.tenantActivityLogs.list(options)) {
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Monitor;
// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsFilteredAndSelected.json
// this example is just showing the usage of "TenantActivityLogs_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this TenantResource created on azure
// for more information of creating TenantResource, please refer to the document of TenantResource
var tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;
// invoke the operation and iterate over the result
string filter = "eventTimestamp ge '2015-01-21T20:00:00Z' and eventTimestamp le '2015-01-23T20:00:00Z' and resourceGroupName eq 'MSSupportGroup'";
string select = "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
await foreach (EventDataInfo item in tenantResource.GetTenantActivityLogsAsync(filter: filter, select: select))
Console.WriteLine($"Succeeded: {item}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
"value": [
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/",
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"value": "",
"localizedValue": ""
"operationName": {
"value": "",
"localizedValue": ""
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"level": "Informational"
"nextLink": "$skiptoken=######"
Get Tenant Activity Logs with select
* Samples for TenantActivityLogs List.
public final class Main {
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
* GetTenantActivityLogsSelected.json
* Sample code: Get Tenant Activity Logs with select.
* @param azure The entry point for accessing resource management APIs in Azure.
public static void getTenantActivityLogsWithSelect( azure) {
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armmonitor_test
import (
// Generated from example definition:
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{Filter: nil,
Select: to.Ptr("eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level"),
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.EventDataCollection = armmonitor.EventDataCollection{
// Value: []*armmonitor.EventData{
// {
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
// }},
// }
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");
* This sample demonstrates how to Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* @summary Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsSelected.json
async function getTenantActivityLogsWithSelect() {
const select =
const options = { select };
const credential = new DefaultAzureCredential();
const client = new MonitorClient(credential);
const resArray = new Array();
for await (let item of client.tenantActivityLogs.list(options)) {
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Monitor;
// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsSelected.json
// this example is just showing the usage of "TenantActivityLogs_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this TenantResource created on azure
// for more information of creating TenantResource, please refer to the document of TenantResource
var tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;
// invoke the operation and iterate over the result
string select = "eventName,id,resourceGroupName,resourceProviderName,operationName,status,eventTimestamp,correlationId,submissionTimestamp,level";
await foreach (EventDataInfo item in tenantResource.GetTenantActivityLogsAsync(select: select))
Console.WriteLine($"Succeeded: {item}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
"value": [
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/",
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"value": "",
"localizedValue": ""
"operationName": {
"value": "",
"localizedValue": ""
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"level": "Informational"
"nextLink": "$skiptoken=######"
Get Tenant Activity Logs without filter or select
* Samples for TenantActivityLogs List.
public final class Main {
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/
* GetTenantActivityLogsNoParams.json
* Sample code: Get Tenant Activity Logs without filter or select.
* @param azure The entry point for accessing resource management APIs in Azure.
public static void
getTenantActivityLogsWithoutFilterOrSelect( azure) {
azure.diagnosticSettings().manager().serviceClient().getTenantActivityLogs().list(null, null,;
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armmonitor_test
import (
// Generated from example definition:
func ExampleTenantActivityLogsClient_NewListPager_getTenantActivityLogsWithoutFilterOrSelect() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
ctx := context.Background()
clientFactory, err := armmonitor.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
pager := clientFactory.NewTenantActivityLogsClient().NewListPager(&armmonitor.TenantActivityLogsClientListOptions{Filter: nil,
Select: nil,
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.EventDataCollection = armmonitor.EventDataCollection{
// Value: []*armmonitor.EventData{
// {
// OperationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// Description: to.Ptr(""),
// Authorization: &armmonitor.SenderAuthorization{
// Action: to.Ptr(""),
// Role: to.Ptr("Subscription Admin"),
// Scope: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// },
// Caller: to.Ptr(""),
// Claims: map[string]*string{
// "name": to.Ptr("John Smith"),
// "appid": to.Ptr("c44b4083-3bq0-49c1-b47d-974e53cbdf3c"),
// "appidacr": to.Ptr("2"),
// "aud": to.Ptr(""),
// "exp": to.Ptr("1421880271"),
// "groups": to.Ptr("cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c"),
// "": to.Ptr("1"),
// "": to.Ptr("pwd"),
// "": to.Ptr("2468adf0-8211-44e3-95xq-85137af64708"),
// "": to.Ptr("user_impersonation"),
// "": to.Ptr("1e8d8218-c5e7-4578-9acc-9abbd5d23315"),
// "": to.Ptr("John"),
// "": to.Ptr(""),
// "": to.Ptr("9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM"),
// "": to.Ptr("Smith"),
// "": to.Ptr(""),
// "iat": to.Ptr("1421876371"),
// "iss": to.Ptr(""),
// "nbf": to.Ptr("1421876371"),
// "puid": to.Ptr("20030000801A118C"),
// "ver": to.Ptr("1.0"),
// },
// CorrelationID: to.Ptr("1e121103-0ba6-4300-ac9d-952bb5d0c80f"),
// EventDataID: to.Ptr("44ade6b4-3813-45e6-ae27-7420a95fa2f8"),
// EventName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("End request"),
// Value: to.Ptr("EndRequest"),
// },
// EventTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:26.979Z"); return t}()),
// HTTPRequest: &armmonitor.HTTPRequestInfo{
// Method: to.Ptr("PUT"),
// ClientIPAddress: to.Ptr(""),
// ClientRequestID: to.Ptr("27003b25-91d3-418f-8eb1-29e537dcb249"),
// },
// ID: to.Ptr("/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"),
// Level: to.Ptr(armmonitor.EventLevelInformational),
// OperationName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Properties: map[string]*string{
// "statusCode": to.Ptr("Created"),
// },
// ResourceGroupName: to.Ptr("MSSupportGroup"),
// ResourceProviderName: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr(""),
// Value: to.Ptr(""),
// },
// Status: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Succeeded"),
// Value: to.Ptr("Succeeded"),
// },
// SubStatus: &armmonitor.LocalizableString{
// LocalizedValue: to.Ptr("Created (HTTP Status Code: 201)"),
// Value: to.Ptr("Created"),
// },
// SubmissionTimestamp: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2015-01-21T22:14:39.993Z"); return t}()),
// SubscriptionID: to.Ptr("089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"),
// }},
// }
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { MonitorClient } = require("@azure/arm-monitor");
const { DefaultAzureCredential } = require("@azure/identity");
* This sample demonstrates how to Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* @summary Gets the Activity Logs for the Tenant.<br>Everything that is applicable to the API to get the Activity Logs for the subscription is applicable to this API (the parameters, $filter, etc.).<br>One thing to point out here is that this API does *not* retrieve the logs at the individual subscription of the tenant but only surfaces the logs that were generated at the tenant level.
* x-ms-original-file: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsNoParams.json
async function getTenantActivityLogsWithoutFilterOrSelect() {
const credential = new DefaultAzureCredential();
const client = new MonitorClient(credential);
const resArray = new Array();
for await (let item of client.tenantActivityLogs.list()) {
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Monitor.Models;
using Azure.ResourceManager.Monitor;
// Generated from example definition: specification/monitor/resource-manager/Microsoft.Insights/stable/2015-04-01/examples/GetTenantActivityLogsNoParams.json
// this example is just showing the usage of "TenantActivityLogs_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this TenantResource created on azure
// for more information of creating TenantResource, please refer to the document of TenantResource
var tenantResource = client.GetTenants().GetAllAsync().GetAsyncEnumerator().Current;
// invoke the operation and iterate over the result
await foreach (EventDataInfo item in tenantResource.GetTenantActivityLogsAsync())
Console.WriteLine($"Succeeded: {item}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Beispiel für eine Antwort
"value": [
"authorization": {
"action": "",
"role": "Subscription Admin",
"scope": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/"
"caller": "",
"claims": {
"aud": "",
"iss": "",
"iat": "1421876371",
"nbf": "1421876371",
"exp": "1421880271",
"ver": "1.0",
"": "1e8d8218-c5e7-4578-9acc-9abbd5d23315",
"": "pwd",
"": "2468adf0-8211-44e3-95xq-85137af64708",
"": "",
"puid": "20030000801A118C",
"": "9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM",
"": "John",
"": "Smith",
"name": "John Smith",
"groups": "cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c",
"": "",
"appid": "c44b4083-3bq0-49c1-b47d-974e53cbdf3c",
"appidacr": "2",
"": "user_impersonation",
"": "1"
"correlationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"description": "",
"eventDataId": "44ade6b4-3813-45e6-ae27-7420a95fa2f8",
"eventName": {
"value": "EndRequest",
"localizedValue": "End request"
"httpRequest": {
"clientRequestId": "27003b25-91d3-418f-8eb1-29e537dcb249",
"clientIpAddress": "",
"method": "PUT"
"id": "/subscriptions/089bd33f-d4ec-47fe-8ba5-0753aa5c5b33/resourceGroups/MSSupportGroup/providers/",
"level": "Informational",
"resourceGroupName": "MSSupportGroup",
"resourceProviderName": {
"value": "",
"localizedValue": ""
"operationId": "1e121103-0ba6-4300-ac9d-952bb5d0c80f",
"operationName": {
"value": "",
"localizedValue": ""
"properties": {
"statusCode": "Created"
"status": {
"value": "Succeeded",
"localizedValue": "Succeeded"
"subStatus": {
"value": "Created",
"localizedValue": "Created (HTTP Status Code: 201)"
"eventTimestamp": "2015-01-21T22:14:26.9792776Z",
"submissionTimestamp": "2015-01-21T22:14:39.9936304Z",
"subscriptionId": "089bd33f-d4ec-47fe-8ba5-0753aa5c5b33"
"nextLink": "$skiptoken=######"
Name |
Beschreibung |
Beschreibt das Format der Fehlerantwort.
Die Azure-Ereignisprotokolleinträge sind vom Typ EventData.
Stellt die Auflistung von Ereignissen dar.
die Ereignisebene
Die HTTP-Anforderungsinformationen.
Die lokalisierbare Zeichenfolgenklasse.
die Autorisierung, die vom Benutzer verwendet wird, der den Vorgang ausgeführt hat, der zu diesem Ereignis geführt hat. Dadurch werden die RBAC-Eigenschaften des Ereignisses erfasst. Dazu gehören in der Regel die "Aktion", "Rolle" und der "Bereich".
Beschreibt das Format der Fehlerantwort.
Name |
Typ |
Beschreibung |
Eine Fehlermeldung, die angibt, warum der Vorgang fehlgeschlagen ist.
Die Azure-Ereignisprotokolleinträge sind vom Typ EventData.
Name |
Typ |
Beschreibung |
Die Informationen zur Absenderautorisierung.
die E-Mail-Adresse des Benutzers, der den Vorgang ausgeführt hat, der UPN-Anspruch oder der SPN-Anspruch basierend auf der Verfügbarkeit.
die Ereigniskategorie.
Schlüsselwertpaare zum Identifizieren von ARM-Berechtigungen.
die Korrelations-ID, in der Regel eine GUID im Zeichenfolgenformat. Die Korrelations-ID wird für die Ereignisse freigegeben, die zum gleichen Uber-Vorgang gehören.
Die Beschreibung des Ereignisses.
die Ereignisdaten-ID. Dies ist ein eindeutiger Bezeichner für ein Ereignis.
der Ereignisname. Dieser Wert sollte nicht mit OperationName verwechselt werden. Aus praktischen Gründen kann OperationName für Endbenutzer attraktiver sein.
der Zeitstempel des Zeitpunkts, zu dem das Ereignis vom Azure-Dienst generiert wurde, der die Anforderung verarbeitet, die dem Ereignis entspricht. Es im ISO 8601-Format.
die HTTP-Anforderungsinformationen. Umfasst in der Regel die "clientRequestId", "clientIpAddress" (IP-Adresse des Benutzers, der das Ereignis initiiert hat) und "method" (HTTP-Methode z. B. PUT).
die ID dieses Ereignisses, wie von ARM für RBAC erforderlich. Sie enthält die EventDataID und eine Zeitstempelinformation.
die Ereignisebene
Es handelt sich in der Regel um eine GUID, die für die Ereignisse freigegeben wird, die einem einzelnen Vorgang entsprechen. Dieser Wert sollte nicht mit EventName verwechselt werden.
der Vorgangsname.
die Gruppe der Schlüssel-Wert-Paare> (in der <Regel eine Wörterbuchzeichenfolge<, Zeichenfolge>), die Details zum Ereignis enthält.
der Ressourcengruppenname der betroffenen Ressource.
der Ressourcen-URI, der die Ressource eindeutig identifiziert, die dieses Ereignis verursacht hat.
der Ressourcenanbietername der betroffenen Ressource.
eine Zeichenfolge, die die status des Vorgangs beschreibt. Einige typische Werte sind: Gestartet, In Bearbeitung, Erfolgreich, Fehler, Aufgelöst.
der Ereignisunterteil status. Die meiste Zeit erfasst dies den HTTP-status Code des REST-Aufrufs. Allgemeine Werte sind: OK (HTTP-Statuscode: 200), Erstellt (HTTP-Statuscode: 201), Akzeptiert (HTTP-Statuscode: 202), No Content (HTTP-Statuscode: 204), Bad Request(HTTP-Statuscode: 400)), Nicht gefunden (HTTP-Statuscode: 404), Konflikt (HTTP-Statuscode: 409), Interner Serverfehler (HTTP-Statuscode: 500), Dienst nicht verfügbar (HTTP-Statuscode:503), Gatewaytimeout (HTTP-Statuscode: 504)
der Zeitstempel, zu dem das Ereignis für Abfragen über diese API verfügbar wurde. Es ist im ISO 8601-Format. Dieser Wert sollte nicht verwechselt werden eventTimestamp. Es kann zu einer Verzögerung zwischen dem Zeitpunkt des Auftretens des Ereignisses und dem Zeitpunkt der Übermittlung des Ereignisses an die Azure-Protokollierungsinfrastruktur kommen.
Die Azure-Abonnement-ID ist in der Regel eine GUID.
Die Azure-Mandanten-ID
Stellt die Auflistung von Ereignissen dar.
Name |
Typ |
Beschreibung |
Stellt den Link zum Abrufen der nächsten Ereignismenge bereit.
diese Liste, die die Azure-Überwachungsprotokolle enthält.
die Ereignisebene
Name |
Typ |
Beschreibung |
Die HTTP-Anforderungsinformationen.
Name |
Typ |
Beschreibung |
die Client-IP-Adresse
die Clientanforderungs-ID.
die HTTP-Anforderungsmethode.
der URI.
Die lokalisierbare Zeichenfolgenklasse.
Name |
Typ |
Beschreibung |
der gebietsschemaspezifische Wert.
der invariante Wert.
die Autorisierung, die vom Benutzer verwendet wird, der den Vorgang ausgeführt hat, der zu diesem Ereignis geführt hat. Dadurch werden die RBAC-Eigenschaften des Ereignisses erfasst. Dazu gehören in der Regel die "Aktion", "Rolle" und der "Bereich".
Name |
Typ |
Beschreibung |
die zulässigen Handlungen. Für instance:
die Rolle des Benutzers. Für instance: Abonnement-Admin
der Bereich.