none
Automating data provision of Activity logs of a Resource group RRS feed

  • Question

  • Hello Team,

    I have access to multiple Resource groups within a subscription

    wherein within each RG we have multiple components:

    We have a requirement wherein we need to provide our business a file weekly with details such as what all new components were created within the RG: XYZ ,who had created those new components, what was the overall cost incurred because of 1 RG out of all RGS and component wise bifurcation of the cost of 1 RG.

    Your response would be very helpful.

    Thanks

    Thursday, April 11, 2019 7:38 AM

Answers

  •  

    You can link your subscription to the log analytics, so that all the azure activity will be collected in log analytics. For more information , please refer this article.

     

    From the logs console, you can query the logs to generate the requested data. An example of query for quick start

     

    AzureActivity
    |where EventSubmissionTimestamp >= ago(7d)
    |where OperationName contains "Create" and ActivityStatus == "Succeeded" 
    |project OperationName , ActivityStatus , ActivitySubstatus , ResourceGroup , Caller , OperationNameValue
    |summarize by ResourceGroup ,OperationName , ActivityStatus , Caller


    To visualize the data, you can use Power Bi. Please refer article here

     For Cost management ,you can go through this  article and filter out according to your criteria



    Friday, April 12, 2019 6:54 AM
    Moderator

All replies

  •  

    You can link your subscription to the log analytics, so that all the azure activity will be collected in log analytics. For more information , please refer this article.

     

    From the logs console, you can query the logs to generate the requested data. An example of query for quick start

     

    AzureActivity
    |where EventSubmissionTimestamp >= ago(7d)
    |where OperationName contains "Create" and ActivityStatus == "Succeeded" 
    |project OperationName , ActivityStatus , ActivitySubstatus , ResourceGroup , Caller , OperationNameValue
    |summarize by ResourceGroup ,OperationName , ActivityStatus , Caller


    To visualize the data, you can use Power Bi. Please refer article here

     For Cost management ,you can go through this  article and filter out according to your criteria



    Friday, April 12, 2019 6:54 AM
    Moderator
  • Hi Swathi,

    Thank you for your reply.

    Isn't there any other way directly wherein I can fetch the data without adding in a new component (Log Analytics)?
    Since that would also incur the cost whereas the azure automation is 3000 runs free and we need to incur as less cost as possible for the management purpose.

    Still,the log analytics part pretty much covers my whole requirement:)

    Thank you for the help.

    Friday, April 12, 2019 11:22 AM
  • Hi Nandan,

    You can use Az modules for getting the Activity Logs. Please import modules Az.Accounts,  Az.Automation and   Az.Monitor .Please refer articles Connect-Azaccount , Get-AzAutomationAccount  , Get-AzLog for respective command description and usage. Below Code snippet will help you for quickstart.

        try
        {
            $servicePrincipalConnection = Get-AzAutomationConnection -Name AzureRunAsConnection -AutomationAccountName SCOMAutomationRS -ResourceGroupName SCOM
            Write-Host $servicePrincipalConnection
            
            "Logging in to Azure..."
            Connect-AzAccount -ServicePrincipal ($servicePrincipalConnection.FieldDefinitionValues).TenantId -ApplicationId ($servicePrincipalConnection.FieldDefinitionValues).ApplicationId -CertificateThumbprint ($servicePrincipalConnection.FieldDefinitionValues).CertificateThumbprint
        }
        catch 
        {
            if (!$servicePrincipalConnection)
            {
                $ErrorMessage = "Connection $connectionName not found."
                throw $ErrorMessage
            } else{
                Write-Error -Message $_.Exception
                throw $_.Exception
            }
        }
    
    $report = @()
     
    $Log = Get-AzLog -StartTime (Get-Date).AddDays(-1) -MaxRecord 5
        foreach($L in $Log){          
            if($L -eq $null){"No Logs found "}
            else{
    
                $ResourceGroupName = $L.ResourceGroupName
                $OperationNameLocValue = $L.OperationName.LocalizedValue
                $Status= $L.Status.LocalizedValue
    
    			$obj = New-Object -TypeName PSObject
    			$obj | Add-Member -MemberType NoteProperty -Name OperationName -Value $OperationNameLocValue 
    			$obj | Add-Member -MemberType NoteProperty -Name ResourceGroupName -Value $ResourceGroupName
    			$obj | Add-Member -MemberType NoteProperty -Name Status -value $Status
    			
    			$report += $obj
                }
    
        }
    	
    	$report | select OperationName,ResourceGroupName,Status 


    Monday, April 15, 2019 10:58 AM
    Moderator