Azure is in deed and in fact like an ocean with various entities within it pumping out enormous amounts of logging, event information. This is also what makes it somewhat overwhelming as to where to look for under the hood as to what happened. [Please click on pic to get a clearer version]
The below is an example of a simple requirement to list all VM Created, along with who created them and when they were created.
I outline two methods below. Pick and choose what is appropriate for your needs.
Method 1
Using the Activity Logs for the subscriptions from the Azure Portal
- Go to "More Services" as shown below.
[Please click on pic to get a clearer version]
- On the Search pane type "Log" and choose Activity Logs
[Please click on pic to get a clearer version]
Configure the Query parameters as follows:-
Method 2
Using OMS Log Analytics
For this one has to have an OMS workspace associated to the subscription.
QUERY TEXT
AzureActivity
| where OperationName endswith "Write"
| where ActivityStatus == "Succeeded"
| where ActivitySubstatus contains "Created"
| project resourceName=Resource, CreatedBy=Caller, dateTimeOfCreation=TimeGenerated, ResourceGroup, SubscriptionId, ResourceId
There are various schemas you can check to see if it is the one that contains the data that you want to query on. A sample of these schemas is shown below.This post first appeared on MSDN Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The MSDN Blogs., please read the originial post: here