| title | description | services | author | ms.service | ms.date | ms.topic | ms.author | ms.devlang | ms.custom |
|---|---|---|---|---|---|---|---|---|---|
Enable Azure Storage blob inventory reports | Obtain an overview of your containers, blobs, snapshots, and blob versions within a storage account. | storage | normesta | azure-blob-storage | 05/02/2024 | how-to | normesta | powershell | devx-track-azurepowershell, devx-track-azurecli |
The Azure Storage blob inventory feature provides an overview of your containers, blobs, snapshots, and blob versions within a storage account. Use the inventory report to understand various attributes of blobs and containers such as your total data size, age, encryption status, immutability policy, and legal hold and so on. The report provides an overview of your data for business and compliance requirements.
To learn more about blob inventory reports, see Azure Storage blob inventory.
Enable blob inventory reports by adding a policy with one or more rules to your storage account. Add, edit, or remove a policy by using the Azure portal.
Sign in to the Azure portal to get started.
Locate your storage account and display the account overview.
Under Data management, select Blob inventory.
Select Add your first inventory rule.
The Add a rule page appears.
In the Add a rule page, name your new rule.
Choose the container that will store inventory reports.
Under Object type to inventory, choose whether to create a report for blobs or containers.
If you select Blob, then under Blob subtype, choose the types of blobs that you want to include in your report, and whether to include blob versions and/or snapshots in your inventory report.
[!NOTE] The option to include blob versions appears only for accounts that don't have the hierarchical namespace feature enabled. Versions and snapshots must be enabled on the account to save a new rule with the corresponding option enabled.
Select the fields that you would like to include in your report, and the format of your reports.
Choose how often you want to generate reports.
Optionally, add a prefix match to filter blobs in your inventory report.
Select Save.
[!div class="mx-imgBorder"]
You can add, edit, or remove a policy by using the Azure PowerShell module.
Open a Windows PowerShell command window.
Make sure that you have the latest Azure PowerShell module. See Install Azure PowerShell module.
Sign in to your Azure subscription with the
Connect-AzAccountcommand and follow the on-screen directions.Connect-AzAccountIf your identity is associated with more than one subscription, then set your active subscription.
$context=Get-AzSubscription-SubscriptionId <subscription-id>Set-AzContext$context
Replace the
<subscription-id>placeholder value with the ID of your subscription.Get the storage account context that defines the storage account you want to use.
$storageAccount=Get-AzStorageAccount-ResourceGroupName "<resource-group-name>"-AccountName "<storage-account-name>"$ctx=$storageAccount.Context
Replace the
<resource-group-name>placeholder value with the name of your resource group.Replace the
<storage-account-name>placeholder value with the name of your storage account.
Create inventory rules by using the New-AzStorageBlobInventoryPolicyRule command. Each rule lists report fields. For a complete list of report fields, see Azure Storage blob inventory.
$containerName="my-container"$rule1=New-AzStorageBlobInventoryPolicyRule-Name Test1 -Destination $containerName-Disabled -Format Csv -Schedule Daily -PrefixMatch con1,con2 `-ContainerSchemaField Name,Metadata,PublicAccess,Last-modified,LeaseStatus,LeaseState,LeaseDuration,HasImmutabilityPolicy,HasLegalHold $rule2=New-AzStorageBlobInventoryPolicyRule-Name test2 -Destination $containerName-Format Parquet -Schedule Weekly -BlobType blockBlob,appendBlob -PrefixMatch aaa,bbb `-BlobSchemaField name,Last-Modified,Metadata,LastAccessTime $rule3=New-AzStorageBlobInventoryPolicyRule-Name Test3 -Destination $containerName-Format Parquet -Schedule Weekly -IncludeBlobVersion -IncludeSnapshot -BlobType blockBlob,appendBlob -PrefixMatch aaa,bbb `-BlobSchemaField name,Creation-Time,Last-Modified,Content-Length,Content-MD5,BlobType,AccessTier,AccessTierChangeTime,Expiry-Time,hdi_isfolder,Owner,Group,Permissions,Acl,Metadata,LastAccessTime $rule4=New-AzStorageBlobInventoryPolicyRule-Name test4 -Destination $containerName-Format Csv -Schedule Weekly -BlobType blockBlob -BlobSchemaField Name,BlobType,Content-Length,Creation-Time
Use the Set-AzStorageBlobInventoryPolicy to create a blob inventory policy. Pass rules into this command by using the
-Ruleparameter.$policy=Set-AzStorageBlobInventoryPolicy-StorageAccount $storageAccount-Rule $rule1,$rule2,$rule3,$rule4
You can add, edit, or remove a policy via the Azure CLI.
First, open the Azure Cloud Shell, or if you've installed the Azure CLI locally, open a command console application such as Windows PowerShell.
If your identity is associated with more than one subscription, then set your active subscription.
az account set --subscription <subscription-id>Replace the
<subscription-id>placeholder value with the ID of your subscription.Define the rules of your policy in a JSON document. The following shows the contents of an example JSON file named
policy.json.{ "enabled": true, "type": "Inventory", "rules": [ { "enabled": true, "name": "inventoryPolicyRule2", "destination": "mycontainer", "definition": { "filters": { "blobTypes": [ "blockBlob" ], "prefixMatch": [ "inventoryprefix1", "inventoryprefix2" ], "includeSnapshots": true, "includeBlobVersions": true }, "format": "Csv", "schedule": "Daily", "objectType": "Blob", "schemaFields": [ "Name", "Creation-Time", "Last-Modified", "Content-Length", "Content-MD5", "BlobType", "AccessTier", "AccessTierChangeTime", "Snapshot", "VersionId", "IsCurrentVersion", "Metadata" ] } } ] }Create a blob inventory policy by using the az storage account blob-inventory-policy create command. Provide the name of your JSON document by using the
--policyparameter.az storage account blob-inventory-policy create -g myresourcegroup --account-name mystorageaccount --policy @policy.json
While you can disable individual reports, you can also prevent blob inventory from running at all.
Sign in to the Azure portal.
Locate your storage account and display the account overview.
Under Data management, select Blob inventory.
Select Blob inventory settings, and in the Blob inventory settings pane, clear the Enable blob inventory checkbox, and then select Save.
[!div class="mx-imgBorder"]
Clearing the Enable blob inventory checkbox suspends all blob inventory runs. You can select this checkbox later if you want to resume inventory runs.
You can suscribe to blob inventory completed event to receive information on the outcome of your inventory runs. This event gets triggered when the inventory run completes for a rule that is defined an inventory policy. This event also occurs if the inventory run fails with a user error before it starts to run. For example, an invalid policy, or an error that occurs when a destination container isn't present will trigger the event.
Sign in to the Azure portal.
Locate your storage account and display the account overview.
In the left menu, select Events.
Select + Event Subscription.
The Create Event Subscription page appears.
In the Create Event Subscription page, name your event subscription and use default schema, Event Grid Schema.
Under EVENT TYPES, choose Blob Inventory Completed.
Under ENDPOINT DETAILS, choose Storage Queue as the Endpoint Type and select Configure an endpoint.
In the Queues page, choose the subscription, the storage account and create a new queue. Name your queue then click Create.
Optionally, select the Filters tab if you want to filter the subject of the event or its attributes.
Optionally, select the Additional Features tab if you want to enable dead-lettering, retry policies and set event subscription expiration time.
Optionally, select Delivery Properties tab to set the storage queue message time to live.
Select Create
To view the delivered queue messages
Locate your storage account and display the account overview.
Under Data Storage, select Queues and open the newly create queue used to configure the endpoint to access the messages.
Select the message for the desired inventory run time to access the message properties the review the message body for the event status.
For more methods on how to subscribe to blob storage events, see Azure Blob Storage as Event Grid source - Azure Event Grid | Microsoft Learn
You can choose to enable blob access time tracking. When access time tracking is enabled, inventory reports will include the LastAccessTime field based on the time that the blob was last accessed with a read or write operation. To minimize the effect on read access latency, only the first read of the last 24 hours updates the last access time. Subsequent reads in the same 24-hour period don't update the last access time. If a blob is modified between reads, the last access time is the more recent of the two values.
To enable last access time tracking with the Azure portal, follow these steps:
Sign in to the Azure portal.
Locate your storage account and display the account overview.
Under Data management, select Blob inventory.
Select Blob inventory settings, and in the Blob inventory settings pane, select the Enable last access tracking checkbox.
[!div class="mx-imgBorder"]
[!INCLUDE azure-storage-set-last-access-time-powershell]
[!INCLUDE azure-storage-set-last-access-time-azure-cli]
