v1/events
The v1/events/inventory and v1/events/bulk APIs show the current event log. The event log stores audit records and other operations that have occurred in the system.
URI
http://<hostname>/ws/v1/events
Formats
| HTTP method | Format | Description | Parameters |
|---|---|---|---|
| GET | /ws/v1/events | Get a summary of the events APIs. | None |
| GET | /ws/v1/events/bulk | Retrieve events for the current user’s account in CSV format. | cursor end_time query size start_time fields |
| GET | /ws/v1/events/inventory | Retrieve events for the current user’s account. | cursor end_time query size start_time |
Event Data
Each event stores a variety of information about the operation. The fields are displayed below. Depending on the type of the operation some fields may be missing, have default values, or other fields may be present.
count- The count associated with the operation, if anycustomer_id- The account in which the event occurreddetails- The detail string describing the event. For example: “ui login authenticated”, “connected using protocol TLSv1.2 with cipher TLS_RSA_WITH_AES_128_CBC_SHA and no client cert” or “RCI Facility,send_message”duration- The number of milliseconds an operation tookend_time- The time the operation endedfacility- The Remote Manager facility that the operation is a part of. For example: AUTHENTICATION, COMMANDid- The ID of the event. For example: d6cb13a3-2216-11ed-842b-0a6c5efc4b7cip- The IP address associated with the operationjobs- The list of job IDs associated with the operation, if anymodification_type- The type of change associated with the operation. For example: CREATE, UPDATE, DELETEprotocol- The protocol describing how the operation occurred. For example: HTTP, EDP, KAFKA.request_size- The size of the request payload associated with the operationresponse_size- The size of the response payload associated with the operationsource- The source of the operation. For example: /ws/scistart_time- The time the operation startedsuccess- Boolean indicating if the operation was successfultarget- The target object for the operation. For example: a device ID like 00000000-00000000-0040FFFF-FF8001B0target_type- The type of object for the target of the operation. For example: DEVICEuser- The user (or device) that did the operation
Parameters
Parameters for the v1/events/inventory and v1/events/bulk APIs include the following:
Unlike other APIs, the orderby parameter cannot be specified. The event logs are strictly ordered from newest to oldest in the event log storage engine. Sort the events on the client side after retrieving the pagest of events.
| Name | Type | Description |
|---|---|---|
| cursor | string | If a full page is returned and more events are available a cursor value is returned in the full page. The cursor parameter can be used to continue with the same query parameters and fetch the next page. For example, cursor=d7eec0d4-557a-11e9-ab8e-d20bcc91db8a |
| end_time | timestamp or relative time | Retrieve events occurring only before the specified time |
| fields | string | Comma-separated list of fields to return for bulk API |
| query | string | The Remote Manager query language query condition used to filter results |
| size | integer | Number of items to return. The maximum and default is 1000. |
| start_time | timestamp or relative time | Retrieve events occurring only after the specified time |
Time parameters
The start_time and end_time parameters can be one of:
- A timestamp specified as an ISO time format in UTC. For example:
2019-01-29T13:48:49Z - A timestamp value specified in milliseconds since the epoc in UTC. For example: 2019-01-29T13:48:49Z is specified as
1548769729000 - A timestamp specified using a relative time shortcut as described below. For example, to see events between 1 and 2 hours ago, specify
start_time=-2handend_time=-1h
Relative timestamp shortcuts
A timestamp shortcut can be used to specify a time in the past relative to the time when the API is called. For example -1h represents objects from 1 hour ago. The relative times are not adjusted for the timezones or daylight saving time they represent. For example -1d is always exactly 24 hours ago.
-30s- 30 seconds ago-15m- 15 minutes ago-4h- 4 hours ago-3d- 3 days ago (exactly 72 hours)-2w- 2 weeks ago (exactly 14 days)+30s- 30 seconds from now+15m- 15 minutes from now