cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure Activity Log

%3CLINGO-SUB%20id%3D%22lingo-sub-105989%22%20slang%3D%22en-US%22%3EAzure%20Activity%20Log%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-105989%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20we%20are%20exporting%20all%20Activity%20Logs%20(from%20all%20subscriptions)%20to%20a%20separate%20storage%20account.%20There%20they%20are%20stored%20as%20json%20files.%20How%20can%20I%20query%20the%20files%20for%20special%20events%20with%20powershell%3F%20Are%20there%20any%20apps%20in%20the%20store%20for%20this%3F%20Can%20I%20query%20it%20with%20OMS%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-105989%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-107694%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Activity%20Log%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-107694%22%20slang%3D%22en-US%22%3EHi%20You%20can%20configure%20you%20Azure%20Activity%20Logs%20to%20be%20send%20directly%20to%20Log%20Analytics%20(part%20of%20OMS).%20From%20there%20using%20the%20new%20query%20language%20you%20can%20perform%20many%20functions%20to%20get%20the%20data%20you%20want.%20You%20can%20find%20more%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flog-analytics%2Flog-analytics-activity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Flog-analytics%2Flog-analytics-activity%3C%2FA%3E%20If%20you%20want%20to%20use%20Storage%20accounts%20and%20PowerShell%20for%20this%20you%20will%20need%20to%20create%20some%20custom%20powershell%20scripts%20that%20pull%20the%20data%20from%20the%20storage%20account.%20This%20won't%20be%20an%20easy%20task%20and%20will%20require%20a%20lot%20of%20engineering.%20I%20suggest%20to%20use%20Log%20Analytics%3C%2FLINGO-BODY%3E
Ruediger Holzwarth
Occasional Visitor

‎Sep 13 2017 08:03 AM

‎Sep 13 2017 08:03 AM

Azure Activity Log

Hi, we are exporting all Activity Logs (from all subscriptions) to a separate storage account. There they are stored as json files. How can I query the files for special events with powershell? Are there any apps in the store for this? Can I query it with OMS ?

Labels:
894 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Stanislav Zhelyazkov (MVP)
Stanislav Zhelyazkov

‎Sep 18 2017 11:21 PM

‎Sep 18 2017 11:21 PM

Solution

Re: Azure Activity Log

Hi You can configure you Azure Activity Logs to be send directly to Log Analytics (part of OMS). From there using the new query language you can perform many functions to get the data you want. You can find more here: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-activity If you want to use Storage accounts and PowerShell for this you will need to create some custom powershell scripts that pull the data from the storage account. This won't be an easy task and will require a lot of engineering. I suggest to use Log Analytics
0 Likes
Reply