You can filter the included events based on the following parameters:
event_category - The general category of event.
For example, to filter the results to only include events related to permission sets:
event_category=PermissionSet
You can provide multiple event category values.
For example, to filter the results to include events related to both assigned permissions and permission sets:
event_type - The specific type of event.
To get the available events for an event type, in the Schemas list, go to categoryNameEventType.
For example, for the list of available event types for the PermissionSet event category, go to PermissionSetEventType.
For example, to filter the results to only include when a permission set was created:
event_type=PermissionSetCreated
You can provide multiple event type values.
For example, to filter the results to include both when a permission set was created and when a permission set was updated:
outcome - Whether the event was successful (Success) or failed (Fail).
For example, to filter the results to only include successful events:
outcome=Success
created_before - Used to only include events that occurred before the specified timestamp.
The timestamp uses the ISO 8601 format (yyyy-MM-dd'T'HH:mm:ssZ).
For example, to filter the results to only include events that occurred before 6:30 PM UTC on August 1, 2023:
created_before=2023-08-01T18:30:00Z
created_after - Used to only include events that occurred after the specified timestamp.
The timestamp uses the ISO 8601 format (yyyy-MM-dd'T'HH:mm:ssZ).
For example, to filter the results to only include events that occurred after 10:00 AM UTC on July 27, 2023:
created_after=2023-07-27T10:00:00Z
include_unidentified_events - For self-hosted instances, whether to include events that do not have an identified user.
By default, is false. These events might be server-generated or might be related to an unauthenticated action.
To include events that do not have an identified user:
include_unidentified_events=true
Sample requests:
First 100 results by most recent:
GET /api/audit-events/search
Returns the first 20 results for permission set events that were successful:
GET /api/workspace/search?limit=20&event_category=PermissionSet&outcome=Success
Query parameters
offsetinteger · int32Optional
limitinteger · int32Optional
event_typestring[]Optional
outcomeall ofOptional
string · enumOptional
The status of the audit event. Some event types may only log Success or Fail events.
Possible values:
created_beforestring · date-timeOptional
created_afterstring · date-timeOptional
include_unidentified_eventsbooleanOptional
Responses
200
OK
get
GET /api/audit-events/search HTTP/1.1
Host:
Accept: */*