Azure Monitor · Schema
Azure Monitor Activity Log Event
Represents an event record from the Azure Activity Log, containing information about subscription-level operations including resource creation, updates, deletions, and administrative actions.
Application InsightsCloudLogsMetricsMonitoringObservability
Properties
| Name | Type | Description |
|---|---|---|
| authorization | object | The sender authorization information. |
| claims | object | Key value pairs to identify ARM permissions. |
| caller | string | The email address of the user who has performed the operation, the UPN claim, or SPN claim based on availability. |
| description | string | The description of the event. |
| id | string | The ID of this event as required by ARM for RBAC. |
| eventDataId | string | The event data ID. This is a unique identifier for an event. |
| correlationId | string | The correlation ID, usually a GUID in the string format. |
| eventName | object | The event name. |
| category | object | The event category. |
| httpRequest | object | The HTTP request info. |
| level | string | The event level. |
| resourceGroupName | string | The resource group name of the impacted resource. |
| resourceProviderName | object | The resource provider name. |
| resourceId | string | The resource URI that uniquely identifies the resource that caused this event. |
| resourceType | object | The resource type. |
| operationId | string | It is usually a GUID shared among the events corresponding to single operation. |
| operationName | object | The operation name. |
| properties | object | The set of key-value pairs that includes details about the event. |
| status | object | A string describing the status of the operation. |
| subStatus | object | The event sub status. |
| eventTimestamp | string | The timestamp of when the event was generated by the Azure service processing the request. |
| submissionTimestamp | string | The timestamp of when the event became available for querying via this API. |
| subscriptionId | string | The Azure subscription ID. |
| tenantId | string | The Azure tenant ID. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://schema.azure.com/monitor/activity-log-event.json",
"title": "Azure Monitor Activity Log Event",
"description": "Represents an event record from the Azure Activity Log, containing information about subscription-level operations including resource creation, updates, deletions, and administrative actions.",
"type": "object",
"properties": {
"authorization": {
"type": "object",
"readOnly": true,
"properties": {
"action": { "type": "string", "description": "The permissible actions." },
"role": { "type": "string", "description": "The role of the user." },
"scope": { "type": "string", "description": "The scope." }
},
"description": "The sender authorization information."
},
"claims": {
"type": "object",
"readOnly": true,
"additionalProperties": { "type": "string" },
"description": "Key value pairs to identify ARM permissions."
},
"caller": {
"type": "string",
"readOnly": true,
"description": "The email address of the user who has performed the operation, the UPN claim, or SPN claim based on availability."
},
"description": {
"type": "string",
"readOnly": true,
"description": "The description of the event."
},
"id": {
"type": "string",
"readOnly": true,
"description": "The ID of this event as required by ARM for RBAC."
},
"eventDataId": {
"type": "string",
"readOnly": true,
"description": "The event data ID. This is a unique identifier for an event."
},
"correlationId": {
"type": "string",
"readOnly": true,
"description": "The correlation ID, usually a GUID in the string format."
},
"eventName": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The event name."
},
"category": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The event category."
},
"httpRequest": {
"type": "object",
"readOnly": true,
"properties": {
"clientRequestId": { "type": "string" },
"clientIpAddress": { "type": "string" },
"method": { "type": "string" },
"uri": { "type": "string" }
},
"description": "The HTTP request info."
},
"level": {
"type": "string",
"readOnly": true,
"enum": ["Critical", "Error", "Warning", "Informational", "Verbose"],
"description": "The event level."
},
"resourceGroupName": {
"type": "string",
"readOnly": true,
"description": "The resource group name of the impacted resource."
},
"resourceProviderName": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The resource provider name."
},
"resourceId": {
"type": "string",
"readOnly": true,
"description": "The resource URI that uniquely identifies the resource that caused this event."
},
"resourceType": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The resource type."
},
"operationId": {
"type": "string",
"readOnly": true,
"description": "It is usually a GUID shared among the events corresponding to single operation."
},
"operationName": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The operation name."
},
"properties": {
"type": "object",
"readOnly": true,
"additionalProperties": { "type": "string" },
"description": "The set of key-value pairs that includes details about the event."
},
"status": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "A string describing the status of the operation."
},
"subStatus": {
"$ref": "#/$defs/LocalizableString",
"readOnly": true,
"description": "The event sub status."
},
"eventTimestamp": {
"type": "string",
"format": "date-time",
"readOnly": true,
"description": "The timestamp of when the event was generated by the Azure service processing the request."
},
"submissionTimestamp": {
"type": "string",
"format": "date-time",
"readOnly": true,
"description": "The timestamp of when the event became available for querying via this API."
},
"subscriptionId": {
"type": "string",
"readOnly": true,
"description": "The Azure subscription ID."
},
"tenantId": {
"type": "string",
"readOnly": true,
"description": "The Azure tenant ID."
}
},
"$defs": {
"LocalizableString": {
"type": "object",
"required": ["value"],
"properties": {
"value": { "type": "string", "description": "The invariant value." },
"localizedValue": { "type": "string", "description": "The locale-specific value." }
}
}
}
}