List Audit Events

Lists audit events that match query parameters.

Query parameters

filterOps.context.changeIDstringOptionalformat: "uuid"<=36 characters

ID for the audit event.

filterOps.context.requestIDstringOptionalformat: "uuid"<=36 characters

ID for the request that caused the event.

filterOps.context.traceIDstringOptional<=2048 characters

ID for the request set by the service that received the request.

filterOps.context.sessionIDstringOptionalformat: "uuid"<=36 characters

ID for the session in which the request was sent.

filterOps.context.actorstringOptional<=2048 characters

Member who sent the request. Depending on actorType, this may be a user ID or a service account ID.

filterOps.context.actorTypeenumOptional

Type of member who sent the request.

Allowed values:

filterOps.context.accessTypeenumOptional

Type of access for the request.

Allowed values:

filterOps.context.ipAddressstringOptionalformat: "ipv4"<=15 characters

IP Address of the client that made the request.

filterOps.context.originstringOptional<=2048 characters

HTTP Origin request header (including scheme, hostname, and port) of the request.

filterOps.context.authModeenumOptional

Authentication mode the actor used.

Allowed values:

filterOps.context.jwtIDstringOptional<=2048 characters

ID of the JWT token.

filterOps.context.bearerTokenContextIDstringOptional<=2048 characters

Embedded User Context.

filterOps.parentAccountIDstringOptional<=2048 characters

Resources with the specified parent account ID.

filterOps.accountIDstringRequired<=2048 characters

Resources with the specified account ID.

filterOps.workspaceIDstringOptional<=2048 characters

Resources with the specified workspace ID.

filterOps.vaultIDstringOptional<=2048 characters

Resources with the specified vault ID.

filterOps.resourceIDsstringOptional<=2048 characters

Resources with a specified ID. If a resource matches at least one ID, the associated event is returned. Format is a comma-separated list of “<resourceType>/<resourceID>”. For example, “VAULT/12345, USER/67890”.

filterOps.actionTypeenumOptional

Events with the specified action type.

filterOps.resourceTypeenumOptional

Resources with the specified type.

filterOps.tagsstringOptional<=2048 characters

Events with associated tags. If an event matches at least one tag, the event is returned. Comma-separated list. For example, “login, get”.

filterOps.responseCodeintegerOptional>=100<=599

HTTP response code of the request.

filterOps.startTimestringOptionalformat: "date-time"<=100 characters

Start timestamp for the query, in SQL format.

filterOps.endTimestringOptionalformat: "date-time"<=100 characters

End timestamp for the query, in SQL format.

filterOps.apiNamestringOptional<=2048 characters

Name of the API called in the request.

filterOps.responseMessagestringOptional<=2048 characters

Response message of the request.

filterOps.httpMethodstringOptional<=2048 characters

HTTP method of the request.

filterOps.httpURIstringOptional<=2048 characters

HTTP URI of the request.

sortOps.sortBystringOptional<=2048 characters

Fully-qualified field by which to sort results. Field names should be in camel case (for example, “capitalization.camelCase”).

sortOps.orderByenumOptionalDefaults to ASCENDING

Ascending or descending ordering of results.

Allowed values:

afterOps.timestampstringOptionalformat: "date-time"<=100 characters

Timestamp provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

afterOps.changeIDstringOptionalformat: "uuid"<=36 characters

Change ID provided in the previous audit response’s nextOps attribute. An alternate way to manage response pagination. Can’t be used with sortOps or offset. For the first request in a series of audit requests, leave blank.

limitlongOptionalDefaults to 25

Number of results to return.

offsetlongOptionalDefaults to 0

Record position at which to start returning results.

Response

A successful response.

eventlist of objects or null

Events matching the query.

nextOpsobject or null

1	curl -G https://{{vault_url_identifier}}.vault.skyflowapis.com/v1/audit/events \
2	-H "Authorization: Bearer <token>" \
3	-d filterOps.context.changeID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
4	-d filterOps.context.requestID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
5	-d filterOps.context.sessionID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
6	-d filterOps.context.actor=a451b783713e4424a7c761bb7bbc84ea \
7	-d filterOps.context.actorType=SERVICE_ACCOUNT \
8	-d filterOps.context.accessType=API \
9	-d filterOps.context.ipAddress=74.160.148.217 \
10	--data-urlencode filterOps.context.origin=https://try.skyflow.com \
11	-d filterOps.context.authMode=SERVICE_ACCOUNT_JWT \
12	-d filterOps.context.jwtID=a451b783713e4424a7c761bb7bbc84ea \
13	-d filterOps.context.bearerTokenContextID=a451b783713e4424a7c761bb7bbc84ea \
14	-d filterOps.parentAccountID=a451b783713e4424a7c761bb7bbc84ea \
15	-d filterOps.accountID=a451b783713e4424a7c761bb7bbc84ea \
16	-d filterOps.workspaceID=a451b783713e4424a7c761bb7bbc84ea \
17	-d filterOps.vaultID=a451b783713e4424a7c761bb7bbc84ea \
18	--data-urlencode "filterOps.resourceIDs=VAULT/12345, USER/67890" \
19	-d filterOps.actionType=CREATE \
20	-d filterOps.resourceType=VAULT \
21	--data-urlencode "filterOps.tags=login, get" \
22	-d filterOps.responseCode=201 \
23	--data-urlencode "filterOps.startTime=2023-06-27 14:01:14.271659365" \
24	--data-urlencode "filterOps.endTime=2023-06-27 14:01:14.271659365" \
25	--data-urlencode "filterOps.apiName=Create Vault" \
26	--data-urlencode "filterOps.responseMessage=Vault created successfully" \
27	-d filterOps.httpMethod=POST \
28	--data-urlencode filterOps.httpURI=/v1/vaults \
29	-d sortOps.sortBy=persons.name \
30	-d sortOps.orderBy=DESCENDING \
31	--data-urlencode "afterOps.timestamp=2023-06-27 14:01:14.271659365" \
32	-d afterOps.changeID=d4410ea0-1d83-473c-a09a-24c6b03096d4 \
33	-d limit=25 \
34	-d offset=26

1	{
2	"event": [
3	{
4	"context": {
5	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d",
6	"requestID": "5a682b12-1a44-922b-a487-ab108f018cc4",
7	"traceID": "9f1707bd-3da0-4946-bf7a-ca99e7e12e5b",
8	"sessionID": "cb598f8c-786e-48da-898d-830ec92417b7",
9	"actor": "web31628f5a74bf7994459921c67eef8",
10	"actorType": "USER",
11	"accessType": "API",
12	"ipAddress": "27.116.16.50",
13	"origin": "https://acme.skyflow.com",
14	"authMode": "PAT_JWT",
15	"jwtID": "o82d1d5bcbf148eb890a937593321ff8",
16	"bearerTokenContextID": "bcf4b254-a415-4b3f-a8b9-0a1f02e52e18",
17	"keyID": "y72c0826fb1146b3bb8a0d48ab4d0653"
18	},
19	"request": {
20	"data": {
21	"content": "select * from persons where skyflow_id=\"5b6c8110-58b3-4aa0-8b36-d2cfd5c7b259\""
22	},
23	"apiName": "/.QueryService/ExecuteQuery",
24	"workspaceID": "e01054d5ff3411eab9f2360c405de1ab",
25	"vaultID": "cd1d815aa09b4cbfbb803bd20349f202",
26	"tags": [
27	"dml"
28	],
29	"timestamp": "2023-06-27 14:01:14.264739714",
30	"actionType": "READ",
31	"resourceType": "RECORD",
32	"httpInfo": {
33	"URI": "//vaults/cd1d815aa09b4cbfbb803bd20349f202/query",
34	"method": "POST"
35	}
36	},
37	"response": {
38	"code": 200,
39	"message": "success",
40	"timestamp": "2023-06-27 14:01:14.271659365"
41	},
42	"parentAccountID": "b894gg34fbn866eabd6c2ce1457r4b45",
43	"accountID": "f244fg04bgh876qemk6c3a32256e2k90",
44	"resourceIDs": [
45	"ACCOUNT/f244fg04bgh876qemk6c3a32256e2k90",
46	"TABLE/persons",
47	"VAULT/cd1d815aa09b4cbfbb803bd20349f202"
48	]
49	}
50	],
51	"nextOps": {
52	"timestamp": "2023-06-27 14:01:14.264739714",
53	"changeID": "a13de9af-3331-4bee-b45c-95031d4c5b5d"
54	}
55	}

Headers

Query parameters

Response

Errors