Last active
January 29, 2024 05:53
-
-
Save s4parke/d7a457060d3508197ec768c99d1a3a83 to your computer and use it in GitHub Desktop.
Get the last caller from the ActivityLog on a resource or resource group. Useful to find who what & when.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AzLastCall { | |
| <# | |
| .SYNOPSIS | |
| Get the last caller from the ActivityLog on a resource or resource group. | |
| Useful to find who what & when. | |
| .DESCRIPTION | |
| Inputs: ResourceGroupName (required) and ResourceName (optional). | |
| Outputs: Array-list of PSEvent Objects | |
| .PARAMETER ResourceGroupName | |
| Specifies the name of the resource group | |
| .PARAMETER ResourceName | |
| Specifies the name of a single resource | |
| .EXAMPLE | |
| Get-AzLastCallz -ResourceGroupName myawesome-rg | |
| .EXAMPLE | |
| Get-AzLastCallz -ResourceGroupName myawesome-rg -ResourceName cuestorfoo01 | |
| #> | |
| [CmdletBinding(DefaultParameterSetName='Group')] | |
| param( | |
| [Parameter(ParameterSetName='Group', Mandatory)] | |
| [Parameter(ParameterSetName='SingleItem', Mandatory)] | |
| $ResourceGroupName, | |
| [Parameter(ParameterSetName='SingleItem', Mandatory)] | |
| $ResourceName | |
| ) | |
| $context = Get-AzContext | |
| Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true" # Suppress warnings | |
| if(-not $context) { | |
| Write-Warning 'Connect to your Azure account with Connect-AzAccount' | |
| } | |
| $logParams = @{ | |
| Status = "Succeeded" | |
| StartTime = (Get-Date).AddDays(-90) | |
| } | |
| if($PSCmdlet.ParameterSetName -eq 'SingleItem') { | |
| [string]$resource = (Get-AzResource -ResourceGroupName $ResourceGroupName -Name $ResourceName).id | |
| $logs = Get-AzActivityLog -ResourceId $resource | |
| } elseif($PSCmdlet.ParameterSetName -eq 'Group') { | |
| $logs = Get-AzActivityLog -ResourceGroupName $ResourceGroupName @logParams | |
| } | |
| $logs = $logs | Sort-Object EventTimestamp -Descending | Select-Object -First 10 | |
| $activityReport = New-Object System.Collections.ArrayList; | |
| foreach ($eventItem in ($logs | where {!($_.caller -as [guid])})) { | |
| $EventSummary = [PSCustomObject][Ordered]@{ | |
| Timestamp = $eventItem.EventTimestamp.ToLocalTime() | |
| User = $eventItem.Caller | |
| Operation = $eventItem.OperationName | |
| Target = ($eventItem.ResourceId -replace '/.+/providers/.+?/(.+)','$1') | |
| Status = $eventItem.Status.LocalizedValue | |
| ResourceGroup = $eventItem.ResourceGroupName | |
| ResourceId = $eventItem.ResourceId | |
| } | |
| $activityReport.Add($EventSummary); | |
| } | |
| return $activityReport | Select-Object Timestamp,User,Operation,Target,ResourceGroup,ResourceId -Unique | |
| } | |
| #PS> Get-AzLastCall -ResourceGroupName myawesome-rg | Format-Table | |
| #PS> Get-AzLastCall -ResourceGroupName myawesome-rg -ResourceName cuestorfoo01 | Format-Table |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment