Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AADGraphActivityLogs table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Entra |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| AADTenantId | string | The identifier of the tenant where the request was made. |
| ActorType | string | The type of actor making the request (e.g., User, Application). |
| ApiVersion | string | The API version of the operation. |
| AppId | string | The identifier of the application making the request. |
| CallerIpAddress | string | The IP address of the caller making the request. |
| Category | string | The log category, e.g., AzureADGraphActivityLogs. |
| ClientAuthMethod | string | The authentication method used by the client. |
| DeviceId | string | The identifier of the device used in the request. |
| DurationMs | int | The duration of the request in milliseconds. |
| IdentityProvider | string | The identity provider used during authentication. |
| Level | string | The severity level of the event (e.g., Informational). |
| Location | string | The name of the region that served the request. |
| OperationName | string | The name of the operation performed on the resource. |
| RequestId | string | The identifier representing the request. |
| RequestMethod | string | The HTTP method used (e.g., GET, POST). |
| RequestUri | string | The URI of the request sent to the AAD Graph API. |
| ResponseSizeBytes | int | The size of the response returned to the caller, in bytes. |
| ResponseStatusCode | int | The HTTP status code returned in the response. |
| ResultSignature | string | The HTTP response status or outcome of the operation. |
| Roles | string | The roles assigned in the token claims. |
| Scopes | string | The scopes included in the token claims. |
| ServicePrincipalId | string | The identifier of the service principal making the request. |
| SessionId | string | The session identifier from the request context. |
| SignInActivityId | string | The identifier representing the sign-in activity. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The date and time the request was received. |
| TimeRequested | datetime | The timestamp when the request was made. |
| TokenIssuedAt | datetime | The timestamp when the token was issued. |
| Type | string | The name of the table |
| UserAgent | string | The user agent string provided by the client. |
| UserId | string | The identifier of the user making the request. |
| Wids | string | The WIDs from the token claims. |
This table collects data from the following Azure resource types:
microsoft.azureadgraph/tenantsBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊