Audit API filter example with createdOn and userName fields

Create a filter that finds audit log entries for a specified date range for users with a specific string in their userName.

Request body

Finding the audit log entries you need is a formidable task. Use filtering to help narrow your results. The following example request identifies successful logins for users with the string "2fa" in their userName and that logged on to this Control Room on December 5, 2019.

Example:
{
  "sort": [
    {
      "field": "createdOn",
      "direction": "desc"
    }
  ],
  "filter": {
    "operator": "and",
    "operands": [
      {
        "operator": "gt",
        "field": "createdOn",
        "value": "2019-12-05T00:00:00.001Z"
      },
      {
        "operator": "lt",
        "field": "createdOn",
        "value": "2019-12-05T23:59:59.999Z"
      },
      {
        "operator": "eq",
        "field": "status",
        "value": "Successful"
      },
      {
        "operator": "substring",
        "field": "userName",
        "value": "2fa"
      }
    ]
  }
}
sort
  • field: the name of the field used to sort the response.
  • direction: the sort order. It can be asc, ascending, or desc, descending.
filter

Filter consists for an operator, value, and field. Filters are operands when used in conjunction with a boolean operator, such as and.

  • operands: filters are used as operands when combined in a filter by using a boolean operator. There are two available boolean operators:
    • or: one of the conditions must be met.
    • and: all of the conditions must be met.
  • operator: there are 11 operators NONE, lt, le, eq, ne, ge, gt, substring, and, or, not. And and or are used to evaluate multiple filters together. The other operators are used to evaluate values within individual filters. Not all operators work with all fields.
  • field: the name of the field used in the filter.
  • value: the value of the field to be evaluated.