openapi: 3.1.0 info: title: Azure Monitor Activity Log API description: >- Access Azure Activity Log events for subscription-level operations including resource creation, updates, deletions, and administrative actions. version: '2015-04-01' contact: name: Microsoft Azure Support url: https://azure.microsoft.com/en-us/support/options/ license: name: Microsoft API License url: https://azure.microsoft.com/en-us/support/legal/ servers: - url: https://management.azure.com description: Azure Resource Manager security: - oauth2: - https://management.azure.com/.default tags: - name: Activity Logs description: Operations for querying Azure Activity Log events paths: /subscriptions/{subscriptionId}/providers/Microsoft.Insights/eventtypes/management/values: get: operationId: ActivityLogs_List summary: Azure Monitor List Activity Log events description: >- Provides the list of records from the Activity Log. The $filter parameter is required and must include a time range. Optionally filter by resource group, resource, resource provider, or event status. tags: - Activity Logs parameters: - $ref: '#/components/parameters/SubscriptionIdParameter' - $ref: '#/components/parameters/ApiVersionParameter' - name: $filter in: query required: true description: >- Reduces the set of data collected. Must include a time range filter using eventTimestamp. Supports filtering by resourceGroupName, resourceUri, resourceProvider, eventChannels, status, subStatus, correlationId, and caller. Example: eventTimestamp ge '2024-01-01' and eventTimestamp le '2024-01-02'. schema: type: string - name: $select in: query required: false description: >- Used to fetch events with only the given properties. Accepts a comma-separated list of property names. schema: type: string responses: '200': description: Successful request to list Activity Log events. content: application/json: schema: $ref: '#/components/schemas/EventDataCollection' default: description: Error response describing why the operation failed. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' components: securitySchemes: oauth2: type: oauth2 flows: clientCredentials: tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token scopes: https://management.azure.com/.default: Access Azure Management API parameters: SubscriptionIdParameter: name: subscriptionId in: path required: true description: The ID of the target subscription. schema: type: string ApiVersionParameter: name: api-version in: query required: true description: Client API version. schema: type: string default: '2015-04-01' schemas: EventDataCollection: type: object required: - value properties: value: type: array items: $ref: '#/components/schemas/EventData' description: The collection of events. nextLink: type: string description: Provides the link to retrieve the next set of events. EventData: type: object properties: authorization: type: object readOnly: true properties: action: type: string description: The permissible actions. role: type: string description: The role of the user. scope: type: string description: The scope. description: The sender authorization information. claims: type: object readOnly: true additionalProperties: type: string description: Key value pairs to identify ARM permissions. caller: type: string readOnly: true description: The email address of the user who performed the operation. description: type: string readOnly: true description: The description of the event. id: type: string readOnly: true description: The Id of this event. eventDataId: type: string readOnly: true description: The event data ID. correlationId: type: string readOnly: true description: The correlation ID, usually a GUID. eventName: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The event name. category: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The event category. httpRequest: type: object readOnly: true properties: clientRequestId: type: string clientIpAddress: type: string method: type: string uri: type: string description: The HTTP request info. level: type: string readOnly: true enum: - Critical - Error - Warning - Informational - Verbose description: The event level. resourceGroupName: type: string readOnly: true description: The resource group name. resourceProviderName: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The resource provider name. resourceId: type: string readOnly: true description: The resource URI that uniquely identifies the resource. resourceType: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The resource type. operationId: type: string readOnly: true description: The operation ID. operationName: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The operation name. properties: type: object readOnly: true additionalProperties: type: string description: The set of key-value pairs that includes details about the event. status: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The event status. subStatus: type: object readOnly: true properties: value: type: string localizedValue: type: string description: The event sub status. eventTimestamp: type: string format: date-time readOnly: true description: The timestamp of when the event was generated. submissionTimestamp: type: string format: date-time readOnly: true description: The timestamp of when the event became available for querying. subscriptionId: type: string readOnly: true description: The Azure subscription ID. tenantId: type: string readOnly: true description: The Azure tenant ID. ErrorResponse: type: object properties: code: type: string description: Error code. message: type: string description: Error message indicating why the operation failed.