Get-AzLog

Retrieves log events from Azure resources.

SYNOPSIS


Get-AzLog
    [-ResourceGroup string]
    [-ResourceId string]
    [-StartTime DateTime]
    [-EndTime DateTime]
    [-OperationName string]
    [-Caller string]
    [-SubscriptionId string]
    [-DefaultProfile IAzureContextContainer]
    [-Force]
    [-AsJob]
    [-WhatIf]
    [-Confirm]

DESCRIPTION

The Get-AzLog cmdlet retrieves log events from Azure resources. This cmdlet is useful for monitoring and auditing the activities performed on your Azure resources.

PARAMETERS

-ResourceGroup string
Specifies the name of the resource group from which to retrieve logs.
-ResourceId string
Specifies the ID of the Azure resource from which to retrieve logs.
-StartTime DateTime
Specifies the start time for filtering log events. Log events will be retrieved from this time onwards.
-EndTime DateTime
Specifies the end time for filtering log events. Log events will be retrieved up to this time.
-OperationName string
Filters logs based on the name of the operation performed.
-Caller string
Filters logs based on the caller principal name.
-SubscriptionId string
Specifies the subscription ID to retrieve logs from.
-DefaultProfile IAzureContextContainer
The Azure context to use for the command.
-Force switch
Forces the command to run without asking for confirmation.
-AsJob switch
Runs the cmdlet as a background job. Use this cmdlet to send commands that take a long time to complete.
-WhatIf switch
Shows what would happen if the cmdlet runs. The cmdlet is not run.
-Confirm switch
Prompts you for confirmation before running the cmdlet.

INPUTS

None

OUTPUTS

Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.AzureLog

The cmdlet outputs an object that represents a log event, containing properties such as:

Level: The severity level of the log event (e.g., 'Informational', 'Warning', 'Error').
OperationName: The name of the operation performed.
Caller: The principal that performed the operation.
ResourceId: The ID of the resource affected by the operation.
TimeGenerated: The timestamp when the log event was generated.
Properties: Additional details about the event.

EXAMPLES

Example 1: Get all logs for a resource group

This command retrieves all log events for the resource group named "MyResourceGroup".


Get-AzLog -ResourceGroup "MyResourceGroup"

Example 2: Get logs within a specific time range

This command retrieves log events for a specific resource ID between 2023-10-26 09:00:00 and 2023-10-26 17:00:00.


Get-AzLog -ResourceId "/subscriptions/YOUR_SUBSCRIPTION_ID/resourceGroups/MyResourceGroup/providers/Microsoft.Web/sites/MyWebApp" `
    -StartTime "2023-10-26T09:00:00Z" -EndTime "2023-10-26T17:00:00Z"

Example 3: Get logs for a specific operation

This command retrieves all log events related to the 'Microsoft.Compute/virtualMachines/start/action' operation within your subscription.


Get-AzLog -OperationName "Microsoft.Compute/virtualMachines/start/action"