-
-
Save mkol5222/a49570b8f5e651cc684db54a0336bf2d to your computer and use it in GitHub Desktop.
Get the last caller from the ActivityLog on a resource or resource group. Useful to find who what & when.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-AzLastCall { | |
<# | |
.SYNOPSIS | |
Get the last caller from the ActivityLog on a resource or resource group. | |
Useful to find who what & when. | |
.DESCRIPTION | |
Inputs: ResourceGroupName (required) and ResourceName (optional). | |
Outputs: Array-list of PSEvent Objects | |
.PARAMETER ResourceGroupName | |
Specifies the name of the resource group | |
.PARAMETER ResourceName | |
Specifies the name of a single resource | |
.EXAMPLE | |
Get-AzLastCallz -ResourceGroupName myawesome-rg | |
.EXAMPLE | |
Get-AzLastCallz -ResourceGroupName myawesome-rg -ResourceName cuestorfoo01 | |
#> | |
[CmdletBinding(DefaultParameterSetName='Group')] | |
param( | |
[Parameter(ParameterSetName='Group', Mandatory)] | |
[Parameter(ParameterSetName='SingleItem', Mandatory)] | |
$ResourceGroupName, | |
[Parameter(ParameterSetName='SingleItem', Mandatory)] | |
$ResourceName | |
) | |
$context = Get-AzContext | |
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true" # Suppress warnings | |
if(-not $context) { | |
Write-Warning 'Connect to your Azure account with Connect-AzAccount' | |
} | |
$logParams = @{ | |
Status = "Succeeded" | |
StartTime = (Get-Date).AddDays(-90) | |
} | |
if($PSCmdlet.ParameterSetName -eq 'SingleItem') { | |
[string]$resource = (Get-AzResource -ResourceGroupName $ResourceGroupName -Name $ResourceName).id | |
$logs = Get-AzActivityLog -ResourceId $resource | |
} elseif($PSCmdlet.ParameterSetName -eq 'Group') { | |
$logs = Get-AzActivityLog -ResourceGroupName $ResourceGroupName @logParams | |
} | |
$logs = $logs | Sort-Object EventTimestamp -Descending | Select-Object -First 10 | |
$activityReport = New-Object System.Collections.ArrayList; | |
foreach ($eventItem in ($logs | where {!($_.caller -as [guid])})) { | |
$EventSummary = [PSCustomObject][Ordered]@{ | |
Timestamp = $eventItem.EventTimestamp.ToLocalTime() | |
User = $eventItem.Caller | |
Operation = $eventItem.OperationName | |
Target = ($eventItem.ResourceId -replace '/.+/providers/.+?/(.+)','$1') | |
Status = $eventItem.Status.LocalizedValue | |
ResourceGroup = $eventItem.ResourceGroupName | |
ResourceId = $eventItem.ResourceId | |
} | |
$activityReport.Add($EventSummary); | |
} | |
return $activityReport | Select-Object Timestamp,User,Operation,Target,ResourceGroup,ResourceId -Unique | |
} | |
#PS> Get-AzLastCall -ResourceGroupName myawesome-rg | Format-Table | |
#PS> Get-AzLastCall -ResourceGroupName myawesome-rg -ResourceName cuestorfoo01 | Format-Table |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment