No help really needed with code. I am just looking if anyone has a requirement to pull the logs available from Get-AzActivityLog and if so have you found a better way to pull them.
For background for others the above Azure command pulls admin activity logs from Azure. It is limited to 1000 records and your only option is finding the right time range. This is a PITA when you need logs over a months period.
I’ve been searching and searching for what REST api this cmdlet uses.
The better way is probably going to be send your logs to a Log Analytics workspace and use KQL to write custom queries.
I was hoping someone wouldn’t say ‘use a LAW’ lol
I finally got it to work without a LAW
The logs are retrievable through the REST API
This required
Then you can call…
Invoke-WebRequest -Method Get -Headers $manage_headers -Uri "$resource/subscriptions/$sub/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge ‘2024-10-01T00:00:00Z’ and eventTimestamp le ‘2024-10-31T23:59:59Z’"`
Where $resource = “https://management.azure.com”
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.