Table: azure_monitor_log_profile - Query Azure Monitor Log Profiles using SQL
Azure Monitor Log Profile is a configuration in Azure Monitor that specifies how activity logs are collected and retained. These profiles are essential for managing and controlling the export of Azure activity logs, which include logs related to resource usage, service health, and operations within a Azure subscription. By setting up a Log Profile, administrators can define where these logs are stored, how long they are retained, and can ensure that they have access to historical data for compliance, auditing, and troubleshooting purposes.
Table Usage Guide
The azure_monitor_log_profile table provides insights into logs related to resource usage, service health, and operations within a Azure subscription. By setting up a Log Profile, administrators can define where these logs are stored, how long they are retained, and can ensure that they have access to historical data for compliance, auditing, and troubleshooting purposes.
Examples
Basic info
Explore the quite useful for managing and understanding Azure Monitor Log Profiles. It selects key attributes of log profiles, which are crucial for monitoring and auditing purposes in Azure environments.
select id, name, storage_account_id, service_bus_rule_id, locations, retention_policyfrom azure_monitor_log_profile;select id, name, storage_account_id, service_bus_rule_id, locations, retention_policyfrom azure_monitor_log_profile;List events with event-level critical
This example helps identify critical events in your Azure activity log. By doing so, it allows you to promptly respond to potential issues or security threats.
select event_name, id, operation_name, event_timestamp, level, callerfrom azure_monitor_log_profilewhere level = 'EventLevelCritical';select event_name, id, operation_name, event_timestamp, level, callerfrom azure_monitor_log_profilewhere level = 'EventLevelCritical';Get retention policy details of log profiles
The query helps in efficiently tracking and managing log retention settings, ensuring that data retention complies with organizational policies and regulatory requirements.
select id, name, retention_policy -> 'Enabled' as retention_policy_enabled, retention_policy -> 'Days' as retention_policy_daysfrom azure_monitor_log_profile;select id, name, json_extract(retention_policy, '$.Enabled') as retention_policy_enabled, json_extract(retention_policy, '$.Days') as retention_policy_daysfrom azure_monitor_log_profile;Get the location for which Activity Log events should be stored
Retrieve the specific locations associated with each log profile to understand where log data is being accumulated.
select p.name, p.id, p.storage_account_id, l as locationfrom azure_monitor_log_profile as p, jsonb_array_elements_text(locations) as l;select p.name, p.id, p.storage_account_id, json_each.value as locationfrom azure_monitor_log_profile as p, json_each(p.locations);Get storage account details associated with the log profile
Highly beneficial for organizations using Azure services, as it helps in assessing the configuration and security aspects of their storage solutions linked with log profiles. By retrieving data such as the storage account's name, type, access tier, and various security and feature enablements like HTTPS traffic only, blob change feed, container soft delete, and encryption key sources, administrators
select l.name, l.type, s.access_tier, s.kind, s.blob_change_feed_enabled, s.blob_container_soft_delete_enabled, s.enable_https_traffic_only, s.encryption_key_sourcefrom azure_monitor_log_profile as l, azure_storage_account as swhere l.storage_account_id = s.idselect l.name, l.type, s.access_tier, s.kind, s.blob_change_feed_enabled, s.blob_container_soft_delete_enabled, s.enable_https_traffic_only, s.encryption_key_sourcefrom azure_monitor_log_profile as l join azure_storage_account as s on l.storage_account_id = s.id;Schema for azure_monitor_log_profile
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | text | Array of globally unique identifier strings (also known as) for the resource. | |
| categories | jsonb | The categories of the logs. These categories are created as is convenient to the user. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| id | text | Azure resource Id. | |
| location | text | The resource location. | |
| locations | jsonb | List of regions for which Activity Log events should be stored or streamed. It is a comma separated list of valid ARM locations including the 'global' location. | |
| name | text | = | Azure resource name. |
| retention_policy | jsonb | The retention policy for the events in the log. | |
| service_bus_rule_id | text | The service bus rule ID of the service bus namespace in which you would like to have Event Hubs created for streaming the Activity Log. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| storage_account_id | text | The resource id of the storage account to which you would like to send the Activity Log. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | Azure resource type. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_monitor_log_profile