Example: Audit Events REST API
This example shows how to use the cloud operations Audit Events REST API to retrieve audit events.
The example covers getting a list of audit events types enabled
on a cloud subscription and some of the ways you can retrieve and
filter audit events.
- Before you begin
- All API calls require a valid cross site forgery request (CSRF) token in the IBM®-CSRF-TOKEN header of the call. Obtain a CSRF token by using
POST /instance/services/csrf_token. For more information, see Preventing cross site request forgery. - Display a list of audit event types available on your subscription
- Use the following call to retrieve the audit event types:
The returned list contains the audit event types that are currently enabled on your subscription or were enabled in the past. For information about event types, see Monitoring user actions.GET /instance/services/audit_event_types - Display a list of audit events
- To retrieve a list of all audit events for a specific day, use the following call:
Always include a start day in the call. To see the events for a time period, add the days parameter to the call. If you don't specify the days parameter, audit events are returned only for the start day. For example, to see data for 30 days from the start date, modify the call as follows:GET /instance/services/audit_events?start_day=2019-07-24
If you're interested in the 30-day period prior to the start date, use a negative value for the days parameter:GET /instance/services/audit_events?start_day=2019-07-24&days=30GET /instance/services/audit_events?start_day=2019-07-24&days=-30If you want to filter the list to return the recorded events for a specific audit event type, such as the dba.user.invited event type, add the event_types parameter to the call:GET /instance/services/audit_events?start_day=2019-07-24&event_types=dba.user.invitedThe event_types parameter accepts all values that were returned by the /instance/services/audit_event_types call. To filter the list of audit events to return data for several audit events, use a comma separated list. For example:
If you don't include an event_types parameter, the call returns data for all audit event types.GET /instance/services/audit_events?start_day=2019-07-24&event_types=dba.user.invited,dba.user.deletedThe API also supports paging using the offset and size parameters:GET /instance/services/audit_events?start_day=2019-07-24&offset=11&size=10