Open In App

Microsoft Azure – Check Resource Owner in Azure using KQL

Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will see how we can find the creation date of resources by using the Kusto Query Language. Azure KQL Queries helps in finding the resource creation date, time, created user email,…etc.

Note: You cannot retrieve log data if it is more than 90 days using KQL. In this case store log data to a storage account to fetch the logs for beyond 90 days.

Prerequisites:

  • Log Analytics Workspace
  • Diagnostic Logs should be enabled for subscription and log analytics.

KQL Queries to check Resource Owner:

1. Find who created a specific resource in a specific resource group with Activity Status Succeeded.

AzureActivity
| where ResourceGroup == "Add_Resource_Group_Name" and Resource == "Add_Resource_Type"
| where ActivityStatus == "Succeeded" 
| project ResourceGroup, Resource, CreatedBy = Caller, CreationTime = TimeGenerated

This query returns the name of the resource group, resource name, caller (one who created), and creation time.

Sample Output:

 2. To find who created a specific resource in a specific resource group with Activity Status Succeeded by specific user email id use the below KQL query:

AzureActivity
| where ResourceGroup == "Add_Resource_Group_Name" and Resource == "Add_Resource_Type"
| where ActivityStatus == "Succeeded" 
| project ResourceGroup, Resource, CreatedBy = Caller, CreationTime = TimeGenerated
| where CreatedBy == "UserName@domain.com" 

This query returns the name of the resource group, resource name, the caller (specific user), and creation time.

Sample Output:

3. To find all the resources created with the service principal use the below query:

AzureActivity
| where ResourceGroup != "" and Resource != ""
| where ActivityStatus == "Succeeded" 
| where Caller !has "@" 
| project ResourceGroup, Resource, CreatedBy = Caller, CreationTime = TimeGenerated

This query returns the name of resource group, resource name, caller (puts service principal name) and creation time.

Sample Output:


Last Updated : 30 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads