Search code examples
azurereporting-servicesterraformazure-resource-managerazure-rest-api

How to generate reports for Azure Log Activity Data using python for any resource alongwith 'Tags'?

My colleague used the below powershell query to retrieve log data for past 4 days excluding today which matches operations of the resources and collects features such as EventTimeStamp, Caller, SubscriptionId etc.

Get-AzureRmLog -StartTime (Get-Date).AddDays(-4) -EndTime (Get-Date).AddDays(-1) | Where-Object {$_.OperationName.LocalizedValue -match "Start|Stop|Restart|Create|Update|Delete"} |
Select-Object EventTimeStamp, Caller, SubscriptionId, @{name="Operation"; Expression = {$_.operationname.LocalizedValue}},

I am a newbie to azure and want to generate a report where I can also fetch the 'Tags' name & value against a resource for past 90 days in this report. What will be the powershell query for this? Can I also use python to query this data? I tried searching the documentation and was unable to dig into it, so if anybody could redirect me to the right place it will be helpful.

Solution

  • First of all, you should know that not all azure resources can specify tags, so you should consider this in your code. Please refer to Tag support for Azure resources to check which azure resource supports tags.

    For powershell query, I suggest using the new azure powershell az module instead of the old azureRM module.

    Here is a simple powershell code with az module. And for testing purpose, I just introduce how to fetch and add tags to the output. Please feel free to change it as per your requirement.

    #for testing purpose, I just get the azure activity logs from a specified resource group
$mylogs = Get-AzLog -ResourceGroupName "a resource group name"

foreach($log in $mylogs)
{   

    if(($log.Properties.Content.Values -ne $null))
    {
        #the tags is contains in the Properties of the log entry.
        $s = $log.Properties.Content.Values -as [string]
        if($s.startswith("{"))
        {
            $log | Select-Object EventTimeStamp, Caller, SubscriptionId,@{name="Operation"; Expression = {$_.operationname.LocalizedValue}}, @{name="tags"; Expression = {($s | ConvertFrom-Json).tags}}      
        }
        #if it does not contains tags.
        else
        {
            $log | Select-Object EventTimeStamp, Caller, SubscriptionId,@{name="Operation"; Expression = {$_.operationname.LocalizedValue}}, @{name="tags"; Expression = {""}}
        }
    }
    #if it does not contains tags.
    else
    {
        $log | Select-Object EventTimeStamp, Caller, SubscriptionId,@{name="Operation"; Expression = {$_.operationname.LocalizedValue}}, @{name="tags"; Expression = {""}}
    }

    Write-Output "************************"
}

    The test result:

    enter image description here

    For python, you can take a look at this github issue which introduces how to fetch logs from azure activity logs, but you need do some research on how to add tags to the output.

    Hope it helps.