92 lines
3.5 KiB
YAML
92 lines
3.5 KiB
YAML
groups:
|
|
- id: event.az.resource.log
|
|
stability: development
|
|
type: event
|
|
name: az.resource.log
|
|
brief: >
|
|
Describes Azure Resource Log event, see
|
|
[Azure Resource Log Top-level Schema](https://learn.microsoft.com/azure/azure-monitor/essentials/resource-logs-schema#top-level-common-schema)
|
|
for more details.
|
|
attributes:
|
|
- ref: az.service_request_id
|
|
- ref: cloud.resource_id
|
|
brief: The [Fully Qualified Azure Resource ID](https://docs.microsoft.com/rest/api/resources/resources/get-by-id) the log is emitted for.
|
|
note: ""
|
|
body:
|
|
id: az.resource.log
|
|
requirement_level: recommended
|
|
stability: development
|
|
type: map
|
|
fields:
|
|
- id: category
|
|
type: string
|
|
stability: development
|
|
brief: "The Azure category of the log entry."
|
|
requirement_level: recommended
|
|
examples: ["AuditEvent", "GatewayLogs", "ApplicationGatewayAccessLog"]
|
|
- id: correlation.id
|
|
type: string
|
|
requirement_level: recommended
|
|
stability: development
|
|
brief: "The correlation ID of the log entry."
|
|
examples: ["607964b6-41a5-4e24-a5db-db7aab3b9b34"]
|
|
- id: duration
|
|
type: int
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: "The duration of the operations in milliseconds."
|
|
examples: [1000]
|
|
- id: identity
|
|
type: undefined
|
|
stability: development
|
|
brief: >
|
|
"A JSON blob that describes the identity of the user or application that performed the operation."
|
|
note: |
|
|
Typically, this field includes the authorization and claims or JWT token from Active Directory.
|
|
|
|
> [!Warning]
|
|
> This field contains sensitive (PII) information.
|
|
requirement_level: opt_in
|
|
- id: operation.name
|
|
type: string
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: "The name of the operation."
|
|
examples: ["SecretGet", "Microsoft.ApiManagement/GatewayLogs", "ApplicationGatewayAccess"]
|
|
- id: operation.version
|
|
type: string
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: "The version of the operation."
|
|
examples: ["1.0"]
|
|
- id: properties
|
|
type: undefined
|
|
requirement_level: recommended
|
|
stability: development
|
|
brief: The properties provided in the Azure Resource Log.
|
|
- id: result.type
|
|
type: string
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: The status associated with the logged event.
|
|
examples: ["Succeeded", "Failed", "Started"]
|
|
- id: result.signature
|
|
type: string
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: The substatus of associated with the logged event.
|
|
examples: ["OK"]
|
|
- id: result.description
|
|
type: string
|
|
stability: development
|
|
requirement_level: recommended
|
|
brief: "The description of the result."
|
|
examples: ["The operation was successful", "The operation failed"]
|
|
- id: tenant.id
|
|
type: string
|
|
stability: development
|
|
brief: "The tenant ID of the Active Directory tenant that this event is tied to."
|
|
requirement_level:
|
|
conditionally_required: "if the event is tied to an Active Directory tenant."
|
|
examples: ["00000000-0000-0000-0000-000000000000"]
|