AuditLogEntries
Retrieves all audit log entries. This table includes custom fields which are automatically discovered when 'IncludeCustomFields' is enabled.
Table Specific Information
Select
The cmdlet uses the Azure DevOps API to process WHERE clause conditions built with the following columns and operators:
- BatchSize supports the '=' operator.
- DownloadWindow supports the '>,>=,<,<=' operators.
- SkipAggregation supports the '=' operator.
For example:
SELECT * FROM AuditLogEntries WHERE BatchSize = 5 SELECT * FROM AuditLogEntries WHERE DownloadWindow > '2020-04-06 05:50:00' AND DownloadWindow < '2020-04-06T06:50:00.000+00:00'
Columns
Name | Type | References | Description |
Id [KEY] | String | Id of the audit log entry. | |
ActionId | String | The action if for the event, i.e Git.CreateRepo, Project.RenameProject. | |
ActivityId | String | Id of the activity. | |
ActorCUID | String | The actor's CUID. | |
ActorDisplayName | String | DisplayName of the user who initiated the action. | |
ActorImageUrl | String | URL of actor's profile image. | |
ActorUserId | String | The actor's user Id. | |
Area | String | Area of Azure DevOps the action occurred. | |
AuthenticationMechanism | String | Type of authentication used by the actor. | |
Category | String | Type of action executed. | |
CategoryDisplayName | String | DisplayName of the category. | |
CorrelationId | String | This allows related audit entries to be grouped together. Generally this occurs when a single action causes a cascade of audit entries. For example, project creation. | |
Details | String | Decorated details. | |
IpAddress | String | IP Address where the event was originated. | |
ScopeDisplayName | String | Display Name of the scope. | |
ScopeId | String | The organization or project Id. | |
ScopeType | String | The type of the scope, organization or project. | |
Timestamp | Datetime | The time when the event occurred in UTC. | |
UserAgent | String | The user agent from the request. | |
Data | String | External data such as CUIDs, item names, etc. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements, and offer a more granular control over the tuples that are returned from the data source. Unless otherwise specified, only the = operator is permitted when filtering on pseudocolumns.
Name | Type | Description | |
BatchSize | Integer | Max number of results to return. | |
DownloadWindow | Datetime | Start and end time of download window. | |
SkipAggregation | Boolean | Skips aggregating events and leaves them as individual entries instead. |