Azure Activity Log confusion

All,

This might be obvious, but I have questions regarding Azure Activity Logs. Could I please ask someone to review the following and let me know whether me reasoning is accurate ?

- Azure Activity log events are retained in Azure for 90 days and then deleted by default.

- When I browse the Activity Log tab on a given subscription, I’ll get insight into operation on each Azure resource in that subscription from the management plane.

- When I browse a resource, say Key Vault in that subscription, and view the Activity Log tab from within the resource, I would get events narrowed down to this very specific Key Vault (but I would find the same events for this Key Vault in the Activity Log tab on subscription level).

- The Activity Log events are retained in Azure for 90 days and then deleted by default.

- If I want to store the Activity Log events beyond 90 days, I could export them to a Log Analytics workspace ( Iknow of Storage Account and Event Hub). 

- I can export the Activity Log events to a Log Analytics workspace to store the vents beyond the 90 days.

- I can export the Activity Log events from subscription (Activity Log -> Export Activity Logs). If I do so, the exported data will contain ALL the Activity Log events from ALL resources in the given subscription.

- Since there’s a single activity log for each Azure subscription, I would have to perform the step above for each single subscription.

What if I export the Activity Log events from a resource in a subscription, rather than the subscription itself (will it only export events for the given resource)?

Thanks a lot!