-
Notifications
You must be signed in to change notification settings - Fork 5.1k
/
activityLogs_API.json
348 lines (348 loc) · 13.3 KB
/
activityLogs_API.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
{
"swagger": "2.0",
"info": {
"title": "MonitorManagementClient",
"x-ms-code-generation-settings": {
"name": "MonitorManagementClient"
},
"version": "2015-04-01"
},
"host": "management.azure.com",
"schemes": [
"https"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"securityDefinitions": {
"azure_auth": {
"type": "oauth2",
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"flow": "implicit",
"description": "Azure Active Directory OAuth2 Flow",
"scopes": {
"user_impersonation": "impersonate your user account"
}
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values": {
"get": {
"tags": [
"ActivityLogs"
],
"operationId": "ActivityLogs_List",
"description": "Provides the list of records from the activity logs.",
"parameters": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"name": "$filter",
"in": "query",
"type": "string",
"required": true,
"description": "Reduces the set of data collected.<br>This argument is required and it also requires at least the start date/time.<br>The **$filter** argument is very restricted and allows only the following patterns.<br>- *List events for a resource group*: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceGroupName eq 'resourceGroupName'.<br>- *List events for resource*: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceUri eq 'resourceURI'.<br>- *List events for a subscription in a time range*: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z'.<br>- *List events for a resource provider*: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and resourceProvider eq 'resourceProviderName'.<br>- *List events for a correlation Id*: $filter=eventTimestamp ge '2014-07-16T04:36:37.6407898Z' and eventTimestamp le '2014-07-20T04:36:37.6407898Z' and correlationId eq 'correlationID'.<br><br>**NOTE**: No other syntax is allowed."
},
{
"$ref": "#/parameters/SelectParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
},
"200": {
"description": "Successful request to get a page of events in the activity logs",
"schema": {
"$ref": "#/definitions/EventDataCollection"
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
},
"x-ms-odata": "#/definitions/EventData",
"x-ms-examples": {
"Get Activity Logs with filter": {
"$ref": "./examples/GetActivityLogsFiltered.json"
},
"Get Activity Logs with filter and select": {
"$ref": "./examples/GetActivityLogsFilteredAndSelected.json"
}
}
}
}
},
"definitions": {
"LocalizableString": {
"required": [
"value"
],
"properties": {
"value": {
"type": "string",
"description": "the invariant value."
},
"localizedValue": {
"type": "string",
"description": "the locale specific value."
}
},
"description": "The localizable string class."
},
"SenderAuthorization": {
"properties": {
"action": {
"type": "string",
"description": "the permissible actions. For instance: microsoft.support/supporttickets/write"
},
"role": {
"type": "string",
"description": "the role of the user. For instance: Subscription Admin"
},
"scope": {
"type": "string",
"description": "the scope."
}
},
"description": "the authorization used by the user who has performed the operation that led to this event. This captures the RBAC properties of the event. These usually include the 'action', 'role' and the 'scope'"
},
"HttpRequestInfo": {
"properties": {
"clientRequestId": {
"type": "string",
"description": "the client request id."
},
"clientIpAddress": {
"type": "string",
"description": "the client Ip Address"
},
"method": {
"type": "string",
"description": "the Http request method."
},
"uri": {
"type": "string",
"description": "the Uri."
}
},
"description": "The Http request info."
},
"EventData": {
"properties": {
"authorization": {
"readOnly": true,
"$ref": "#/definitions/SenderAuthorization",
"description": "The sender authorization information."
},
"claims": {
"readOnly": true,
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "key value pairs to identify ARM permissions."
},
"caller": {
"readOnly": true,
"type": "string",
"description": "the email address of the user who has performed the operation, the UPN claim or SPN claim based on availability."
},
"description": {
"readOnly": true,
"type": "string",
"description": "the description of the event."
},
"id": {
"readOnly": true,
"type": "string",
"description": "the Id of this event as required by ARM for RBAC. It contains the EventDataID and a timestamp information."
},
"eventDataId": {
"readOnly": true,
"type": "string",
"description": "the event data Id. This is a unique identifier for an event."
},
"correlationId": {
"readOnly": true,
"type": "string",
"description": "the correlation Id, usually a GUID in the string format. The correlation Id is shared among the events that belong to the same uber operation."
},
"eventName": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"description": "the event name. This value should not be confused with OperationName. For practical purposes, OperationName might be more appealing to end users."
},
"category": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"description": "the event category."
},
"httpRequest": {
"readOnly": true,
"$ref": "#/definitions/HttpRequestInfo",
"description": "the HTTP request info. Usually includes the 'clientRequestId', 'clientIpAddress' (IP address of the user who initiated the event) and 'method' (HTTP method e.g. PUT)."
},
"level": {
"readOnly": true,
"type": "string",
"description": "the event level",
"enum": [
"Critical",
"Error",
"Warning",
"Informational",
"Verbose"
],
"x-ms-enum": {
"name": "EventLevel",
"modelAsString": false
}
},
"resourceGroupName": {
"readOnly": true,
"externalDocs": {
"url": "http://msdn.microsoft.com/en-us/library/azure/dn790546.aspx"
},
"type": "string",
"description": "the resource group name of the impacted resource."
},
"resourceProviderName": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"externalDocs": {
"url": "http://msdn.microsoft.com/en-us/library/azure/dn790572.aspx"
},
"description": "the resource provider name of the impacted resource."
},
"resourceId": {
"readOnly": true,
"externalDocs": {
"url": "http://msdn.microsoft.com/en-us/library/azure/dn790569.aspx"
},
"type": "string",
"description": "the resource uri that uniquely identifies the resource that caused this event."
},
"resourceType": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"externalDocs": {
"url": "http://msdn.microsoft.com/en-us/library/azure/dn790569.aspx"
},
"description": "the resource type"
},
"operationId": {
"readOnly": true,
"type": "string",
"description": "It is usually a GUID shared among the events corresponding to single operation. This value should not be confused with EventName."
},
"operationName": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"description": "the operation name."
},
"properties": {
"readOnly": true,
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "the set of <Key, Value> pairs (usually a Dictionary<String, String>) that includes details about the event."
},
"status": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"description": "a string describing the status of the operation. Some typical values are: Started, In progress, Succeeded, Failed, Resolved."
},
"subStatus": {
"readOnly": true,
"$ref": "#/definitions/LocalizableString",
"description": "the event sub status. Most of the time, when included, this captures the HTTP status code of the REST call. Common values are: OK (HTTP Status Code: 200), Created (HTTP Status Code: 201), Accepted (HTTP Status Code: 202), No Content (HTTP Status Code: 204), Bad Request(HTTP Status Code: 400), Not Found (HTTP Status Code: 404), Conflict (HTTP Status Code: 409), Internal Server Error (HTTP Status Code: 500), Service Unavailable (HTTP Status Code:503), Gateway Timeout (HTTP Status Code: 504)"
},
"eventTimestamp": {
"readOnly": true,
"type": "string",
"format": "date-time",
"description": "the timestamp of when the event was generated by the Azure service processing the request corresponding the event. It in ISO 8601 format."
},
"submissionTimestamp": {
"readOnly": true,
"type": "string",
"format": "date-time",
"description": "the timestamp of when the event became available for querying via this API. It is in ISO 8601 format. This value should not be confused eventTimestamp. As there might be a delay between the occurrence time of the event, and the time that the event is submitted to the Azure logging infrastructure."
},
"subscriptionId": {
"readOnly": true,
"type": "string",
"description": "the Azure subscription Id usually a GUID."
},
"tenantId": {
"readOnly": true,
"type": "string",
"description": "the Azure tenant Id"
}
},
"description": "The Azure event log entries are of type EventData"
},
"EventDataCollection": {
"properties": {
"value": {
"type": "array",
"items": {
"$ref": "#/definitions/EventData"
},
"description": "this list that includes the Azure audit logs."
},
"nextLink": {
"type": "string",
"description": "Provides the link to retrieve the next set of events."
}
},
"required": [
"value"
],
"description": "Represents collection of events."
},
"ErrorResponse": {
"description": "Describes the format of Error response.",
"type": "object",
"properties": {
"code": {
"description": "Error code",
"type": "string"
},
"message": {
"description": "Error message indicating why the operation failed.",
"type": "string"
}
}
}
},
"parameters": {
"SelectParameter": {
"name": "$select",
"in": "query",
"required": false,
"type": "string",
"description": "Used to fetch events with only the given properties.<br>The **$select** argument is a comma separated list of property names to be returned. Possible values are: *authorization*, *claims*, *correlationId*, *description*, *eventDataId*, *eventName*, *eventTimestamp*, *httpRequest*, *level*, *operationId*, *operationName*, *properties*, *resourceGroupName*, *resourceProviderName*, *resourceId*, *status*, *submissionTimestamp*, *subStatus*, *subscriptionId*",
"x-ms-parameter-location": "method"
}
}
}