Audit API filter example with createdOn and userName fields
- Updated: 2020/04/22
Audit API filter example with createdOn and userName fields
Create a filter that finds audit log entries for a specified date range for users with a specific string in their userName.
Request body
Finding the audit log entries you need is a formidable task. Use filtering to help narrow your results. The following example request identifies successful logins for users with the string "2fa" in their userName and that logged on to this Control Room on December 5, 2019.
Example:
{
"sort": [
{
"field": "createdOn",
"direction": "desc"
}
],
"filter": {
"operator": "and",
"operands": [
{
"operator": "gt",
"field": "createdOn",
"value": "2019-12-05T00:00:00.001Z"
},
{
"operator": "lt",
"field": "createdOn",
"value": "2019-12-05T23:59:59.999Z"
},
{
"operator": "eq",
"field": "status",
"value": "Successful"
},
{
"operator": "substring",
"field": "userName",
"value": "2fa"
}
]
}
}- sort
-
- field: the name of the field used to sort the response.
- direction: the sort order. It can be asc, ascending, or desc, descending.
- filter
-
Filter consists for an operator, value, and field. Filters are operands when used in conjunction with a boolean operator, such as and.
-
operands: filters are used as operands when
combined in a filter by using a boolean operator. There are two
available boolean operators:
- or: one of the conditions must be met.
- and: all of the conditions must be met.
-
operator: there are 11 operators
NONE, lt, le, eq, ne, ge, gt, substring, and, or, not. And and or are used to evaluate multiple filters together. The other operators are used to evaluate values within individual filters. Not all operators work with all fields. - field: the name of the field used in the filter.
- value: the value of the field to be evaluated.
-
operands: filters are used as operands when
combined in a filter by using a boolean operator. There are two
available boolean operators: