The Azure Monitor activity log is a platform log that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started. This article provides information on how to view the activity log and send it to different destinations.
View the activity log
You can access the activity log from most menus in the Azure portal. The menu that you open it from determines its initial filter. If you open it from the Monitor menu, the only filter is on the subscription. If you open it from a resource's menu, the filter is set to that resource. You can always change the filter to view all other entries. Select Add Filter to add more properties to the filter.
Select Download as CSV to download the events in the current view.
View change history
For some events, you can view the change history, which shows what changes happened during that event time. Select an event from the activity log you want to look at more deeply. Select the Change history tab to view any changes on the resource up to 30 minutes before and after the time of the operation.
If any changes are associated with the event, you'll see a list of changes that you can select. Selecting a change opens the Change history page. This page displays the changes to the resource. In the following example, you can see that the VM changed sizes. The page displays the VM size before the change and after the change. To learn more about change history, see Get resource changes.
Retention period
Activity log events are retained in Azure for 90 days and then deleted. There's no charge for entries during this time regardless of volume. For more functionality, such as longer retention, create a diagnostic setting and route the entries to another location based on your needs. See the criteria in the preceding section.
Activity log insights
Activity log insights provide you with a set of dashboards that monitor the changes to resources and resource groups in a subscription. The dashboards also present data about which users or services performed activities in the subscription and the activities' status. This article explains how to onboard and view activity log insights in the Azure portal.
Activity log insights are a curated Log Analytics workbook with dashboards that visualize the data in the AzureActivity table. For example, data might include which administrators deleted, updated, or created resources and whether the activities failed or succeeded.
In the Insights section, select Activity Logs Insights.
At the top of the Activity Logs Insights page, select:
One or more subscriptions from the Subscriptions dropdown.
Resources and resource groups from the CurrentResource dropdown.
A time range for which to view data from the TimeRange dropdown.
View resource-level activity log insights
Note
Activity log insights does not currently support Application Insights resources.
To view activity log insights at the resource level:
In the Azure portal, go to your resource and select Workbooks.
In the Activity Logs Insights section, select Activity Logs Insights.
At the top of the Activity Logs Insights page, select a time range for which to view data from the TimeRange dropdown:
Azure Activity Log Entries shows the count of activity log records in each activity log category.
Activity Logs by Status shows the count of activity log records in each status.
At the subscription and resource group level, Activity Logs by Resource and Activity Logs by Resource Provider show the count of activity log records for each resource and resource provider.
In conclusion, Azure Monitor and Log Analytics collectively offer a robust solution for monitoring Azure resources. While Azure Monitor provides a lot of features including aggregation of logs, real-time insights and performance metrics, Log Analytics allows advanced query capabilities and extensive log data analysis.
In summary, Azure Application Insights focuses on monitoring the performance and user behavior of applications, while Azure Monitor provides a broader scope of monitoring for applications, infrastructure, and operating systems.
Azure Monitor collects and aggregates data from various sources into a common data platform where it can be used for analysis, visualization, and alerting. It provides a consistent experience on top of data from multiple sources.
The Azure Monitor activity log is a platform log that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started.
Whereas log monitoring is the process of tracking logs, log analytics evaluates logs in context to understand their significance. This includes troubleshooting issues with software, services, applications, and any infrastructure with which they interact.
Azure Application Insights is an extensible analytics service that helps you understand the performance and usage of your live web application. Connect to your Application Insights resource to run and visualize various Analytics queries.
Azure Application Insights with Grafana offers a unified monitoring platform, enabling you to gather data from various sources within your application. This comprehensive approach helps you gain holistic insights into performance, usage patterns, and user behaviors.
Visualizations, including charts and graphs for insights into resource performance. Application Insights, built-in metrics for understanding resource use, including inbound and outbound data, state, and application performance. Easy-to-create alerts.
Activity log alert rules are Azure resources, so they can be created by using an Azure Resource Manager template. They also can be created, updated, or deleted in the Azure portal. An activity log alert only monitors events in the subscription in which the alert is created.
From the docs: Resource logs/Diagnostic Logs capture activity to the data access plane while the Activity log is a subscription-level log for the control plane. Resource-level diagnostic logs provide insight into operations that were performed within that resource itself.
Each workspace has its own data repository, configuration, and permissions. Log Analytics workspaces contain logs and metrics data from multiple Azure resources, whereas Azure Monitor workspaces currently contain only metrics related to Prometheus.
Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs and interactively analyze their results. You can use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into your data.
Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments. You can use Azure Monitor to maximize the availability and performance of your applications and services.
The Azure Monitor activity log is a platform log that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started.
Introduction: My name is Saturnina Altenwerth DVM, I am a witty, perfect, combative, beautiful, determined, fancy, determined person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.