search

turbot / steampipe-plugin-azure

Use SQL to instantly query Azure resources across regions and subscriptions. Open source CLI. No DB required.
https://hub.steampipe.io/plugins/turbot/azure
Apache License 2.0
37 stars 17 forks source link

Add table azure_monitor_activity_log_event Closes #621 #684

Closed ParthaI closed 10 months ago

ParthaI commented 11 months ago

Integration test logs

Logs ``` N/A ```

Example query results

Results ``` > select event_name, event_data_id, id, correlation_id, level, resource_id, event_timestamp from azure_monitor_activity_log_event; +--------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> | event_name | event_data_id | id > +--------------+--------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> | EndRequest | eb2786b3-9bb3-4b3d-874e-103e2a124f20 | /subscriptions/je8374th-f95f-4771-bbb5-hsje384658ke/resourceGroups/DefaultResourceGroup-EUS/providers/Microsoft.OperationalInsights/workspaces/DefaultWorkspace-je8374th-f95f-4771-bbb5-hsje384658ke-EUS/linkedServic> | BeginRequest | f1ee5ccf-9301-44e8-b502-4dcb84d248e0 | /subscriptions/je8374th-f95f-4771-bbb5-hsje384658ke/providers/Microsoft.Security/datascanners/StorageDataScanner/events/f1ee5ccf-9301-44e8-b502-4dcb84d248e0/ticks/638321063547517579 > > select event_name, event_timestamp, operation_name, resource_id, resource_type, status from azure_monitor_activity_log_event where event_timestamp >= now() - interval '300 minutes'; +--------------+---------------------------+--------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------> | event_name | event_timestamp | operation_name | resource_id > +--------------+---------------------------+--------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------> | EndRequest | 2023-10-05T18:09:47+05:30 | Microsoft.EventGrid/register/action | /subscriptions/je8374th-f95f-4771-bbb5-hsje384658ke/providers/Microsoft.EventGrid > | EndRequest | 2023-10-05T18:59:51+05:30 | Microsoft.OperationalInsights/workspaces/linkedServices/write | /subscriptions/je8374th-f95f-4771-bbb5-hsje384658ke/resourceGroups/DefaultResourceGroup-EUS/providers/Microsoft.OperationalInsights/workspaces/DefaultWorks > select event_name, operation_name, event_timestamp, http_request ->> 'ClientRequestID' as client_request_id, http_request ->> 'ClientIPAddress' as ClientIPAddress, http_request ->> 'Method' as method, http_request ->> 'URI' as uri from azure_monitor_activity_log_event; +--------------+---------------------------------------------------------------------------------------------------+---------------------------+-------------------+-----------------+--------+--------+ | event_name | operation_name | event_timestamp | client_request_id | clientipaddress | method | uri | +--------------+---------------------------------------------------------------------------------------------------+---------------------------+-------------------+-----------------+--------+--------+ | BeginRequest | Microsoft.EventGrid/register/action | 2023-10-05T18:09:16+05:30 | | | | | | BeginRequest | Microsoft.EventGrid/register/action | 2023-10-05T18:07:59+05:30 | | | | | | EndRequest | microsoft.insights/actiongroups/write | 2023-10-05T16:12:36+05:30 | | | | | ```