You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/governance/includes/resource-graph/preview/change-analysis.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,8 +3,8 @@ ms.service: resource-graph
3
3
author: iancarter-msft
4
4
ms.author: iancarter
5
5
ms.topic: include
6
-
ms.date: 03/12/2024
6
+
ms.date: 06/14/2024
7
7
---
8
8
9
9
> [!IMPORTANT]
10
-
> The Change Analysis experience in the Azure portal is in preview and migrating from Azure Monitor to Azure Resource Graph. Previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use.
10
+
> The Change Analysis experience in the Azure portal is in preview and migrating from Azure Monitor to Azure Resource Graph. Previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use.
-`changedBy`: Who initiated a change in your resource, like an app ID or authorized person's email address.
24
+
-`clientType`: Which client made the change, like _Azure portal_.
25
+
-`operation`: Which [operation](../../../role-based-access-control/resource-provider-operations.md) was called, like `Microsoft.Compute/virtualmachines/write`.
22
26
23
27
## Prerequisites
24
28
@@ -27,23 +31,23 @@ In this article, you learn:
27
31
28
32
## Understand change event properties
29
33
30
-
When a resource is created, updated, or deleted, a new change resource (Microsoft.Resources/changes) is created to extend the modified resource and represent the changed properties. Change records should be available in less than five minutes. The following example JSON payload demonstrates the change resource properties:
34
+
When a resource is created, updated, or deleted, a new change resource (`Microsoft.Resources/changes`) is created to extend the modified resource and represent the changed properties. Change records should be available in less than five minutes. The following example JSON payload demonstrates the change resource properties:
@@ -67,30 +71,30 @@ When a resource is created, updated, or deleted, a new change resource (Microsof
67
71
68
72
## Run a query
69
73
70
-
Try out a tenant-based Resource Graph query of the `resourcechanges` table. The query returns the first five most recent Azure resource changes with the change time, change type, target resource ID, target resource type, and change details of each change record.
74
+
Try out a tenant-based Resource Graph query of the `resourcechanges` table. The query returns the first five most recent Azure resource changes with the change time, change type, target resource ID, target resource type, and change details of each change record.
71
75
72
76
# [Azure CLI](#tab/azure-cli)
73
-
```azurecli
77
+
```azurecli-interactive
74
78
# Login first with az login if not using Cloud Shell
1. Open the [Azure portal](https://portal.azure.com).
90
-
94
+
91
95
1. Select **All services** in the left pane. Search for and select **Resource Graph Explorer**.
92
-
93
-
:::image type="content" source="./media/get-resource-changes/resource-graph-explorer.png" alt-text="Screenshot of the searching for the Resource Graph Explorer in the All Services blade.":::
96
+
97
+
:::image type="content" source="./media/get-resource-changes/resource-graph-explorer.png" alt-text="Screenshot of the search for the Resource Graph Explorer in All Services.":::
94
98
95
99
96
100
1. In the **Query 1** portion of the window, enter the following query.
@@ -103,29 +107,29 @@ Try out a tenant-based Resource Graph query of the `resourcechanges` table. The
103
107
1. Select **Run query**.
104
108
105
109
:::image type="content" source="./media/get-resource-changes/change-query-resource-explorer.png" alt-text="Screenshot of how to run the query in Resource Graph Explorer and then view results.":::
106
-
107
-
1. Review the query response in the **Results** tab.
108
-
110
+
111
+
1. Review the query response in the **Results** tab.
112
+
109
113
1. Select the **Messages** tab to see details about the query, including the count of results and duration of the query. Any errors are displayed under this tab.
110
114
111
115
:::image type="content" source="./media/get-resource-changes/messages-tab-query.png" alt-text="Screenshot of the search results for Change Analysis in the Azure portal.":::
112
-
116
+
113
117
---
114
118
115
119
You can update this query to specify a more user-friendly column name for the **timestamp** property.
@@ -160,9 +164,9 @@ To limit query results to the most recent changes, update the query to `order by
160
164
| order by changeTime desc
161
165
| limit 5
162
166
```
163
-
167
+
164
168
Then select **Run query**.
165
-
169
+
166
170
---
167
171
168
172
You can also query by [management group](../../management-groups/overview.md) or subscription with the `-ManagementGroup` or `-Subscription` parameters, respectively.
@@ -172,7 +176,7 @@ You can also query by [management group](../../management-groups/overview.md) or
172
176
173
177
Resource Graph Explorer also provides a clean interface for converting the results of some queries into a chart that can be pinned to an Azure dashboard.
174
178
175
-
## Query resource changes
179
+
## Query resource changes
176
180
177
181
With Resource Graph, you can query either the `resourcechanges`, `resourcecontainerchanges`, or `healthresourcechanges` tables to filter or sort by any of the change resource properties. The following examples query the `resourcechanges` table, but can also be applied to the `resourcecontainerchanges` or `healthresourcechanges` table.
178
182
@@ -183,20 +187,24 @@ With Resource Graph, you can query either the `resourcechanges`, `resourcecontai
183
187
184
188
Before querying and analyzing changes in your resources, review the following best practices.
185
189
186
-
- Query for change events during a specific window of time and evaluate the change details.
190
+
- Query for change events during a specific window of time and evaluate the change details.
187
191
- This query works best during incident management to understand _potentially_ related changes.
188
-
- Keep an up-to-date Configuration Management Database (CMDB).
189
-
- Instead of refreshing all resources and their full property sets on a scheduled frequency, you'll only receive their changes.
190
-
- Understand what other properties may have been changed when a resource changes "compliance state".
191
-
- Evaluation of these extra properties can provide insights into other properties that may need to be managed via an Azure Policy definition.
192
+
- Keep an up-to-date Configuration Management Database (CMDB).
193
+
- Instead of refreshing all resources and their full property sets on a scheduled frequency, you only receive their changes.
194
+
- Understand which other properties were changed when a resource changes _compliance state_.
195
+
- Evaluation of these extra properties can provide insights into other properties that might need to be managed via an Azure Policy definition.
192
196
- The order of query commands is important. In the following examples, the `order by` must come before the `limit` command.
193
197
- The `order by` command orders the query results by the change time.
194
198
- The `limit` command then limits the ordered results to ensure that you get the five most recent results.
199
+
- What does **Unknown** mean?
200
+
- Unknown is displayed when the change happened on a client that's unrecognized. Clients are recognized based on the user agent and client application ID associated with the original change request.
201
+
- What does **System** mean?
202
+
- System is displayed as a `changedBy` value when a background change occurred that wasn't correlated with any direct user action.
0 commit comments