Get-AzLog
Retrieve Activity Log events.
Syntax
Get-AzLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-CorrelationId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceId] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceGroupName] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-ResourceProvider] <String>
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Get-AzLog
[-StartTime <DateTime>]
[-EndTime <DateTime>]
[-Status <String>]
[-Caller <String>]
[-DetailedOutput]
[-MaxRecord <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Get-AzLog cmdlet retrieve Activity Log events. The events can be associated with the current subscription ID, correlation ID, resource group, resource ID, or resource provider.
Examples
Example 1: Get an event log by subscription ID
PS C:\>Get-AzLog
This command lists at most 1000 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 2: Get an event log by subscription ID with a maximum number of events
PS C:\>Get-AzLog -MaxRecord 100
This command lists at most 100 events associated with the user's subscription ID that took place 7 days from the current date/time.
Example 3: Get an event log by subscription ID with a start time.
PS C:\>Get-AzLog -StartTime 2017-06-01T10:30
This command lists at most 1000 events associated with the user's subscription ID that took place on or after 2017-06-01T10:30 local time if that date/time is not older than 90 days from the current date/time.
Example 4: Get an event log by subscription ID with a start time and end time.
PS C:\>Get-AzLog -StartTime 2017-04-01T10:30 -EndTime 2017-04-14T11:30
This command lists at most 1000 of the events associated with the user's subscription ID that took place on or after 2017-04-01T10:30 local time, and before 2017-04-14T11:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 5: Get an event log by correlation ID
PS C:\>Get-AzLog -CorrelationId "aaaa0000-bb11-2222-33cc-444444dddddd"
This command lists at most 1000 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 6: Get an event log by correlation ID with a maximum number of events
PS C:\>Get-AzLog -CorrelationId "aaaa0000-bb11-2222-33cc-444444dddddd" -MaxRecord 100
This command lists at most 100 events associated with the specified correlation ID that took place 7 days from the current date/time. NOTE: this is usually only one event.
Example 7: Get an event log by correlation ID and start time
PS C:\>Get-AzLog -CorrelationId "aaaa0000-bb11-2222-33cc-444444dddddd" -StartTime 2017-05-22T04:30:00
This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time. NOTE: this is usually only one event.
Example 8: Get an event log by correlation ID with start time and end time
PS C:\>Get-AzLog -CorrelationId "aaaa0000-bb11-2222-33cc-444444dddddd" -StartTime 2017-04-15T04:30:00 -EndTime 2017-04-25T12:30:00
This command lists at most 1000 events associated with the specified correlation ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 9: Get an event log for a resource group
PS C:\>Get-AzLog -ResourceGroupName "Contoso-Web-CentralUS"
This command lists at most 1000 the events associated with the specified resource group that took place 7 days from the current date/time.
Example 10: Get an event log for a resource group with a maximum number of events
PS C:\>Get-AzLog -ResourceGroup "Contoso-Web-CentralUS" -MaxRecord 100
This command lists at most 100 events associated with the specified resource group that took place 7 days from the current date/time.
Example 11: Get an event log for a resource group by start time
PS C:\>Get-AzLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-05-22T04:30:00
This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 12: Get an event log for a resource group with a start time and end time
PS C:\>Get-AzLog -ResourceGroup "Contoso-Web-CentralUS" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource group that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 13: Get an event log by resource ID
PS C:\>Get-AzLog -ResourceId "/subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1"
This command lists at most 1000 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 14: Get an event log by resource ID with a maximum number of events
PS C:\>Get-AzLog -ResourceId "/subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -MaxRecord 100
This command lists at most 100 events associated with the specified resource ID that took place 7 days from the current date/time.
Example 15: Get an event log by resource ID with a start time
PS C:\>Get-AzLog -ResourceId "/subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-05-22T04:30
This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 16: Get an event log by resource ID with a start time and end time
PS C:\>Get-AzLog -ResourceId "/subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/ResourceGroups/Contoso-Web-CentralUS/providers/Microsoft.Web/ServerFarms/Contoso1" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource ID that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Example 17: Get an event log by resource provider
PS C:\>Get-AzLog -ResourceProvider "Microsoft.Web"
This command lists at most 1000 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 18: Get an event log by resource provider with a maximum number of events
PS C:\>Get-AzLog -ResourceProvider "Microsoft.Web" -MaxRecord 100
This command lists at most 100 events associated with the specified resource provider that took place 7 days from the current date/time.
Example 19: Get an event log by resource provider with a start time
PS C:\>Get-AzLog -ResourceProvider "Microsoft.Web" -StartTime 2017-05-22T04:30
This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-05-22T04:30:00 local time if the start time is not older than 90 days from the current date/time.
Example 20: Get an event log by resource provider with a start time and end time
PS C:\>Get-AzLog -ResourceProvider "Microsoft.Web" -StartTime 2017-04-15T04:30 -EndTime 2017-04-25T12:30
This command lists at most 1000 events associated with the specified resource provider that took place on or after 2017-04-15T04:30 local time, but before 2017-04-25T12:30 local time if the whole date/time range is not older than 90 days from the current date/time, i.e.: the retention period.
Parameters
-Caller
Specifies a caller.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-CorrelationId
Specifies the correlation ID. This parameter is required.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DetailedOutput
Indicates that this cmdlet displays detailed output. By default, output is summarized.
Type: | SwitchParameter |
Position: | Named |
Default value: | Switch not present = False, i.e. output summarized |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-EndTime
Specifies the end time of the query in local time. The default value is the current time. The value must be later than StartTime. You can use the Get-Date cmdlet to get a DateTime object.
Type: | Nullable<T>[DateTime] |
Position: | Named |
Default value: | Current date (time: 00:00:00 AM) + 1 day |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-MaxRecord
Specifies the total number of records to fetch for the specified filter. The default value is 1000 and the maximum value accepted is 100000. Negative values and 0 are ignored and the default value will be used.
Type: | Int32 |
Position: | Named |
Default value: | 1000 |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
Specifies the name of the resource group.
Type: | String |
Aliases: | ResourceGroup |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
Specifies the resource ID.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceProvider
Specifies a filter by resource provider.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-StartTime
Specifies the start time of the query in local time. The default value is EndTime minus seven days. You can use the Get-Date cmdlet to get a DateTime object.
Type: | Nullable<T>[DateTime] |
Position: | Named |
Default value: | EndTime - 7 days |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Status
Specifies the status.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.DateTime, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]