Audit logs

You can retrieve audit logs by using the TM1® REST APIs the same way that you retrieve other logging data such as transaction and message logs. You can also use ODATA filters such as top, skip, and select for querying the details of audit logs. The contents of the audit log is unchanged.

If you are authorized to get audit logs, you can use the following query to retrieve audit logs:

/api/v1/AuditLogEntries

Note: If you are not authorized to get audit logs, for example if you are not an administrator, the result of this query is empty.

If the audit log has details, you can expand the AuditDetails by using the following query:

/api/v1/AuditLogEntries?$expand=AuditDetails

You can use filter options, such as top, skip, and select, to create queries based on any data field, including the time stamp. For example:

$filter=TimeStamp gt 2019-04-23T11:13:45Z
$filter=contains(Description, 'New')
$filter=ObjectType eq ‘Dimension’
$select=UserName,Description,ObjectType,ObjectName
$count=true
$skip=2
$top=4

You can also use change tracking. When you set the Prefer header to odata.track-changes, a delta link is appended to each response body.

You can use TailAuditLog() to obtain the current timeStamp only. Then, you can use /api/v1/AuditLogEntries/!delta('<timestamp>') to retrieve any audit logs that occur after that timeStamp. For example:

/api/v1/AuditLogEntries
/api/v1/AuditLogEntries/!delta('<timestamp>')

Or:

/api/v1/AuditLogEntries?$select=User,ObjectType,ObjectName,Details&$expand=
AuditDetails($select=ID,User,Description,ObjectType,ObjectName)

Example of an auditLog entry

{
   "ID":"<id>",
   "TimeStamp":"2019-01-16T13:57:46Z",
   "User":"",
   "Description":"Server 'lemonade' was shutdown.",
   "ObjectType":"Server",
   "ObjectName":"SYSTEM"
}

Example auditLogEntry with AuditDetails

{
   "ID":"<id>",
   "TimeStamp":"2019-01-16T13:59:50Z",
   "User":"",
   "Description":"Server 'lemonade' was started.",
   "ObjectType":"Server",
   "ObjectName":"SYSTEM",
   "AuditDetails":[  
      {  
         "DetailID":"<id>",
         "TimeStamp":"2019-01-16T13:59:50Z",
         "User":"",
         "Description":"Property ChangedSinceLoaded was set to 'FALSE' for server 'lemonade'.",
         "ObjectType":"Server",
         "ObjectName":"SYSTEM"
      }
   ]
}

TM1 REST API updates

The following entity types were added to support audit logging:

The following function was added to support audit logging:

TailAuditLog

What's next?

For more information about audit logging in general, see Using the audit log.