Retrieve the Audit Log Report
The Audit Log Report is sent by email according to the addresses set up when creating the report. It captures the following information:
-
User logins and information changes
-
Controller Tenant configuration changes
-
Application properties and object changes such as policies, health rules, and entities listed in the above table.
-
Environment properties changes
Splunk AppDynamics supports PDF, JSON, and CSV output formats.
Retrieve Audit History via API
You can retrieve audit history through the ControllerAuditHistory API
method, which returns the configuration and user activities record in a JSON or CSV
file for the time range specified. This information is the same as that found in the
file.
Format
GET /controller/ ControllerAuditHistory?startTime=<start-time>&endTime=<end-time>&include=<field>:<value>&exclude=<field>:<value>
For example:
http://localhost:8080/controller/ControllerAuditHistory?startTime=yyyy-MM-dd&&endTime=yyyy-MM-dd&include=filterName1:filterValue1&include=filterName1:filterValue1&exclude=filterName1:filterValue1&exclude=filterName1:filterValue1curl --user user1@customer1:welcome "http://demo.appdynamics.com:8090/controller/ControllerAuditHistory?startTime=2015-12-19T10:50:03.607-0700&endTime=2015-12-19T17:50:03.607-0700&timeZoneId=America&Francisco&include=userName:user1&include=action:LOGIN&exclude=accountName:system&exclude=action:OBJECT_UPDATE"
[{"timeStamp":1450569821811,"auditDateTime":"2015-12-20T00:03:41.811+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570234518,"auditDateTime":"2015-12-20T00:10:34.518+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570273841,"auditDateTime":"2015-12-20T00:11:13.841+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_CREATED","objectType":"AGENT_CONFIGURATION"},
...
{"timeStamp":1450570675345,"auditDateTime":"2015-12-20T00:17:55.345+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_DELETED","objectType":"BUSINESS_TRANSACTION"},{"timeStamp":1450570719240,"auditDateTime":"2015-12-20T00:18:39.240+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"APP_CONFIGURATION","objectType":"APPLICATION","objectName":"ACME Book Store Application"},{"timeStamp":1450571834835,"auditDateTime":"2015-12-20T00:37:14.835+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action
curl --user user1@customer1:welcome "http://127.0.0.1:8080/controller/ControllerAuditHistory?startTime=2019-05-28T08:00:03.607-0700&endTime=2019-05-28T11:32:03.607-0700&timeZoneId=America%2FSan%20Francisco&include=applicationName:ACME"
[{"timeStamp":1559066415823,"auditDateTime":"2019-05-28T18:00:15.823+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN","objectId":0,"applicationName":"ACME"}]Input parameters
| Parameter Name | Parameter Type | Value | Mandatory |
|---|---|---|---|
start-time
|
Query |
Start time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ" |
Yes |
end-time
|
Query |
End time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ" |
Yes |
time-zone-id
|
Query |
Time zone |
No |
include
|
Query |
Restricted information in the audit history |
No |
exclude
|
Query |
Restricted information in the audit history |
No |
-
Multiple filters of the same type are allowed.
-
The backend API treats include filters with the same <field> and relationship as "OR", and filters with different <field> and relationship as "AND".
-
There is no direct interaction between include and exclude filters.
-
Each filter needs to be a parameter, e.g.,
include=filterName1:filterValue1&include=filterName2:filterValue2. See the below examples.