I have to fetch logs using AZ commands:
If I add a filter on Resource Group, it is not giving result.
For e.g.--
Following commands is working fine:
az monitor activity-log list --subscription "subscription1"
In the result I am getting logs for ResourceGroup1.
But when I execute following:
az monitor activity-log list --resource-group "ResourceGroup1"
It is giving 0 result.
I am using "azure-cli": "2.26.1"
You can use the below command to read monitor activity logs at resource group level
az monitor activity-log list -g "resource-group"
Here is the command to pull activity monitor logs with filters
az monitor activity-log list -g 'resource-group' --start-time 2021-07-29T12:00:00 --select {ResourceGroupName,EventTimestamp,CorrelationId,ResourceId} -o table
When we do AZ login, there is one field "isDefault": true for only one subscription (Default subscription of your account). For other Subscriptions, it will be False.
You will get results for all RGs under default Subscription. For other RGs, it will give 0 result.
Therefore, when you apply filter on a RG, you need to confirm that it's corresponding Subscription should be set as default. You can set same as:
az account set -s <subscription ID>
Related
I have an Azure Monitor Diagnostic Settings object on which I am trying to set the logAnalyticsDestinationType property. But it does not stick:
~$ id=/subscriptions/4...d/resourceGroups/xyz/providers/Microsoft.ContainerService/managedClusters/abc
~$ az monitor diagnostic-settings show --resource $id -n loganalytics-diagnostics --query logAnalyticsDestinationType
~$ az monitor diagnostic-settings update --resource $id -n loganalytics-diagnostics --set logAnalyticsDestinationType=AzureDiagnostics --query logAnalyticsDestinationType
"AzureDiagnostics"
~$ az monitor diagnostic-settings show --resource $id -n loganalytics-diagnostics --query logAnalyticsDestinationType
~$
Without delving into much details on why I want to set it, is it possible to set it at all?
It seems that there's currently an open issue with Azure regarding this topic:
https://github.com/hashicorp/terraform-provider-azurerm/issues/20019
https://github.com/hashicorp/terraform-provider-azurerm/issues/20140
It seems to be that there's an erratic behaviour where the logAnalyticsDestinationType property is not being set and it is returing as either:
null
AzureDiagnostics
Some responses on the first issue suggests that if you delete the Monitoring diagnostics settings and re-create it "fixes" in a non consistent way.
Although, I've had to delete it from the Portal UI and then re-create it through Terraform, and the logAnalyticsDestinationType was still set to null.
I tried to update the logAnalyticsDestinationType. of azure monitor diagnostic settings with the Azure CLI command and was able to update it successfully like below:-
Azure CLI command:-
az monitor diagnostic-settings update --resource /subscriptions/xxxxxxx-xxxx-44d6-b4fd-e2b6e97cb2a7/resourceGroups/siliconrg/providers/Microsoft.OperationalInsights/workspaces/siliconLA -n LAdiag --set logAnalyticsDestinationType=AzureDiagnostics
Output:-
Where resource is the resource ID of the Azure resource that you want to update the diagnostic settings of, the Resource Id can be found in the Properties tab of your Azure resource, and -n is the name of the diagnostic settings you want to update and set value is used to set the new property of logAnalyticsDestinationType.
Make sure you use the correct resource ID in the $id variable, add the correct -n name and --set value to change the logAnalyticsDestinationType.
Reference:-
az monitor diagnostic-settings subscription | Microsoft Learn
I'm trying to fetch the event initiated by i.e. email id of the user who created the vm using az cli.
I tried running
az monitor activity-log list -g "resgroupname" --resource-id "my-res-id"
but it lists me all the vm details.
I'm trying to list the event of one vm by passing the resource id.
https://learn.microsoft.com/en-us/cli/azure/monitor/activity-log?view=azure-cli-latest
You need to make use of query filter to the above cmdlet in order to the pull the user name (Caller) who initiated the create vm operation from the activity logs.
az monitor activity-log list -g <resourceGroupName> --resource-id <VMResourceId> --query "[?contains(operationName.value,'Microsoft.Compute/virtualMachines/write')].{name:operationName.value,caller:caller,createdtime:submissionTimestamp}" -o table
I have tested the above cmdlet in my local environment(cloud shell), by creating a log analytics workspace and projecting the activity logs of the resource group to that log analytics workspace.
Here is the sample output for reference:
How can i get the Azure metrics , failed requests , app performance, CPU usage and Memory usage ?
There is the az monitor metrics list --resource
[--aggregation {Average, Count, Maximum, Minimum, None, Total}]
[--dimension]
[--end-time]
[--filter]
[--interval]
[--metadata]
[--metrics]
[--namespace]
[--offset]
[--orderby]
[--resource-group]
[--resource-namespace]
[--resource-parent]
[--resource-type]
[--start-t
I have tried to use t as follows
az monitor metrics list --resource "AppServiceName"
but get and error:
az : usage error: --resource ID | --resource NAME --resource-group NAME --resource-type
TYPE [--resource-parent PARENT] [--resource-namespace NAMESPACE]
Old now - but the resource ID required takes a few forms for example
/subscriptions/b6ff2c43-9c91-4c25-bf05-62fdea862e7b/resourceGroups/My-RSG/providers/Microsoft.Web/serverfarms/mywhatever.
This is found in the properties seciton of the portal for example.
you can then run in azure cli
az monitor metrics list --resource /subscriptions/b6ff2c43-9c91-4c25-bf05-62fdea862e7b/resourceGroups/My-RSG/providers/Microsoft.Web/serverfarms/mywhatever.
I have two resource groups in Azure, each contains one VMSS (Virtual Machine Scale Sets) and the resources are visible in Azure Portal. The problem is, the following commands return empty output:
az resource list --subscription MySubscription -g vmss-rg
az vmss list --subscription MySubscription -g vmss-rg
az vmss list
However, running az resource list with different resource groups which doesn't have VMSS works fine. I also tested it with different Azure account and subscription, it also worked.
We have tested the same command in our local as suggested by #VenkateshDodda-MT and it works fine. Posting it as an answer to help other community members for the similar issue so that they can find and fix their problem.
To achieve the above requirement we need to install the az powershell module in our local .
Post that run the command in powershell to get the vmss list under our subscription or resource groups:-
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets"
OUTPUT:-
To get the VMSS list under particular resource group run the below cmd:
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets" -g '<rgName>'
OUTPUT:-
For more information please refer this SO THREAD:Azure PS command returns empty list as suggested by #Olga Osinskaya - MSFT
I am trying to get list of web apps using az cli az webapp list. And when I try to get the diagnostic setting for the particular web app using az monitor diagnostic-settings list --resource-group nameRG --resource id. I dont get any information and logs and diagnostic settings are enabled for app services. I am not sure what i am doing wrong.
I am just trying to get the list of diagnostic settings for a resource. If you know better way please mention it.
Thanks
Usage:
az monitor diagnostic-settings list --resource Name --resource-group RGName --resource-type Microsoft.Web/sites
Or:
az monitor diagnostic-settings list --resource ID
Make sure the resource id correct like this format:
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
You could get the resource id by this command:
az webapp show --name MyWebapp --resource-group MyResourceGroup