audit_logs
Creates, updates, deletes, gets or lists an audit_logs resource.
Overview
| Name | audit_logs |
| Type | Resource |
| Id | datadog.organization.audit_logs |
Fields
The following fields are returned by SELECT queries:
- list_audit_logs
| Name | Datatype | Description |
|---|---|---|
id | string | Unique ID of the event. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | JSON object containing all event attributes and their associated values. |
type | string | Type of the event. (default: audit, example: audit) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_audit_logs | select | region | filter[query], filter[from], filter[to], sort, page[cursor], page[limit] | List endpoint returns events that match a Audit Logs search query. [Results are paginated][1]. Use this endpoint to see your latest Audit Logs events. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination |
search_audit_logs | exec | region | List endpoint returns Audit Logs events that match an Audit search query. [Results are paginated][1]. Use this endpoint to build complex Audit Logs events filtering and search. [1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
region | string | (default: datadoghq.com) |
filter[from] | string (date-time) | Minimum timestamp for requested events. (example: 2019-01-02T09:42:36.320Z) |
filter[query] | string | Search query following Audit Logs syntax. (example: @type:session @application_id:xxxx) |
filter[to] | string (date-time) | Maximum timestamp for requested events. (example: 2019-01-03T09:42:36.320Z) |
page[cursor] | string | List following results with a cursor provided in the previous query. (example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==) |
page[limit] | integer (int32) | Maximum number of events in the response. (example: 25) |
sort | string | Order of events in results. |
SELECT examples
- list_audit_logs
List endpoint returns events that match a Audit Logs search query.
[Results are paginated][1].
Use this endpoint to see your latest Audit Logs events.
[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination
SELECT
id,
attributes,
type
FROM datadog.organization.audit_logs
WHERE region = '{{ region }}' -- required
AND filter[query] = '{{ filter[query] }}'
AND filter[from] = '{{ filter[from] }}'
AND filter[to] = '{{ filter[to] }}'
AND sort = '{{ sort }}'
AND page[cursor] = '{{ page[cursor] }}'
AND page[limit] = '{{ page[limit] }}'
;
Lifecycle Methods
- search_audit_logs
List endpoint returns Audit Logs events that match an Audit search query.
[Results are paginated][1].
Use this endpoint to build complex Audit Logs events filtering and search.
[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination
EXEC datadog.organization.audit_logs.search_audit_logs
@region='{{ region }}' --required
@@json=
'{
"filter": "{{ filter }}",
"options": "{{ options }}",
"page": "{{ page }}",
"sort": "{{ sort }}"
}'
;