In a Microsoft Azure subscription, a lot of activity can occur. Administrators can delete, update or create resources. Moreover, several users in a single subscription can do these tasks if they have the right permissions. To trace activities, Microsoft provides activity log attached to each resource and resource group in Azure. The below capture has been taken in a resource group activity log.

Microsoft Azure - IaaS - Activity log

Activity logs are useful to trace changes that occurred in a subscription. If a service went down because of a change, you can review all modifications applied to this service. These activity logs enable also to get input in case of deployment errors.

Natively, activity logs are not centralized and if you have a complex infrastructure spread in several resource groups, it can be difficult to use them to troubleshoot an issue. Thanks to Log Analytics, you can add a solution to centralize activity logs. In this topic, we will see how to install this solution and the benefits. To follow this topic, you need a running log analytics workspace.

Deploy the solution

To deploy the solution in the log analytics workspace, navigate to the marketplace. Inside the marketplace, specify activity logs in the search bar. Then select Activity Log Analytics.

Microsoft Azure - Marketplace - Activity Log Analytics

Then click on Create to start the deployment wizard.

Microsoft Azure - Marketplace - Activity Log Analytics - Create

In the wizard, specify your log analytics workspace and your subscription. The solution will be deployed in this workspace.

Microsoft Azure - Marketplace - Activity Log Analytics - Create a new Solution

Once the deployment is finished, you can check in your log analytics workspace if the solution is available. Its name is AzureActivity.

Microsoft Azure - Marketplace - Activity Log Analytics - AzureActivity

StarWind VSAN for vSphere uses your local hypervisor cluster to create fault-tolerant and robust virtual shared storage, eliminating the need to buy a costly physical SAN. You can deploy it on any off-the-shelf hardware you already got. Thanks to mirroring of internal hard disks and flash between hypervisor servers, you get a 2-node Highly Available cluster. There is no need for a witness instance, and you’re not restricted on storage size, features, or number of VMs. Your IT-environment will not only achieve constant uptime and skyrocketing performance, you will also save a good deal on CapEx and OpEx.
Find out more about ➡ StarWind VSAN for vSphere

Work with the solution Azure Activity Log

First, check if the solution is connected to your Azure subscription. To verify that, open your log analytics workspace and navigate in Workspace Data Sources > Azure Activity Log. The log analytics connection status should be connected.

Microsoft Azure - Workspace Data Sources - Azure Activity Log

Then open the workspace summary. You should get a tile called Azure Activity Logs. After you enabled the solution, it can take a while until you get information in the workspace. The tile can be pinned into the dashboard to get information about activity logs at a glance. If you click on the tile, you can get more information about activity logs.

Microsoft Azure - Azure Activity Log - Overview

The following screenshot introduces the information you can get in this solution. All information is centralized and you can review quickly who has made the most change and the status of change (failed, succeeded, etc.)

Microsoft Azure - Azure Activity Log - Solution Settings

If you click on a “caller”, you can review all operations made. It’s based on log analytics query so you can create your own queries to get the information you need.

Microsoft Azure - Azure Activity Log - Creation queries

The Activity Logs by Status tile enables to get an overview of the change states. If you click on a status (failed for example) you can list all failed logs.

Microsoft Azure - Azure Activity Logs by status

As above, you can create your own queries to find the information you need.

Microsoft Azure - Azure Activity Log - Showing results

The last tiles enable you to get which resources have the most change and which kind of resource are mostly changed. In the below example, it seems I work a lot on computing and network resources in a resource group called Mig-RG… How do I know it’s a resource group? Because I named my resource group with RG letters. So the naming of your resources is really important to quickly retrieve the information you need.

Microsoft Azure - Azure Activity Logs by resource and resource provider


Microsoft Azure provides a great way to trace changes. For small solutions deployed you can leverage activity logs in each resource. However, for complex solutions, you should get advantages by centralizing activity logs in log analytics. It can help you to troubleshoot issues after a change occurs in your solution.


Views All Time
Views Today
Appreciate how useful this article was to you?
No Ratings Yet
Back to blog
The following two tabs change content below.
Romain Serre
Romain Serre
Senior consultant at Exakis
Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).