TechQA.

Azure KQL Query on Dashboard

61 views Asked by At

KQL query to reveal Azure Activity actions which should include users management activities based on any change performed by a users (create, update &delete) &identify the user by email/profile, tenant ID, subscription, activity logs under a tenant subscription

i got a query but could not identify user which perform a task.

azure kql azure-dashboard
Original Q&A
1

There are 1 answers

0
Jahnavi On

Use below KQL query to meet your requirements.

AzureActivity
| where ActivityStatus == "Succeeded"
| where ResourceProvider == "Microsoft.Authorization" and TenantId == "xxxx"
| extend properties = todynamic(tostring(Properties))
| extend tenantID = properties["tenantId"]
| extend subscriptionID = properties["subscriptionId"]
| extend activity = parse_json(properties["activityLogs"])
| project Caller, TenantId

Output:

enter image description here

Related Questions in AZURE

Related Questions in KQL

Related Questions in AZURE-DASHBOARD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions