Audit Logs API - Fetch Audit Logs (v2beta1)

APIs to retrieve audit logs of one or more services.

Download OpenAPI description

audit-trail-fetch-v2beta1.json

audit-trail-fetch-v2beta1.yaml

Overview

License

HPE License

Servers

https://global.api.greenlake.hpe.com/

Mock server

https://developer.greenlake.hpe.com/_mock/docs/greenlake/services/audit-logs/public/openapi/audit-logs-public/audit-trail-fetch-v2beta1/

Fetch Audit Logs

Retrieves audit logs of one or more services.

Operations

Retrieves audit logs of one or more services.

Request

The audit logs can be filtered using a variety of parameters. Queries should be separated by and and can utilize eq, contains, and in operators to construct the final query. Each query should follow the format:

key eq 'value' for equality operation.
contains(key, 'value') for contains operation.
key in ('value1', 'value2') for in operation.

Filter Parameter	Supported Operators	Type	Example
createdAt	`lt`, `ge`	RFC timestamp (string)	`createdAt ge '2024-02-16T07:54:55.0Z'`
category	`eq`, `in`	string	`category eq 'User Management'` `category in ('Device Management', 'User Activity')`
description	`eq`, `contains`	string	`contains(description, 'Logged in')` `description eq 'User test@test.com logged in via ping mode.'`
ipAddress	`eq`, `contains`	IP string	`ipAddress eq '192.168.12.12'` `contains(ipAddress, '192.168')`
username	`eq`, `contains`	email (string)	`username eq 'test@test.com'` `contains(username, '@gmail.com')`
workspace/name	`eq`, `contains`	string	`workspace/name eq 'Example workspace'` `contains(workspace/name, 'Example')`
workspace/type	`eq`	string	`workspace/type eq 'TENANT'` `workspace/type eq 'MSP'`
serviceOffer/id	`eq`, `in`	UUID (string)	`serviceOffer/id eq '902fa943-dcfc-432c-a92c-3a3a454923d9'` `serviceOffer/id in ('902fa943-dcfc-432c-a92c-3a3a454923d9', '00000000-0000-0000-0000-000000000000')`
region	`eq`	region code (string)	`region eq 'us-west'`
hasDetails	`eq`	boolean	`hasDetails eq 'true'`

Note: Maximum five serviceOffer/id can be passed in the filter. If no serviceOffer/id is passed, only platform audit logs will be fetched. Note: Maximum five serviceOffer/id can be passed in the filter. If no serviceOffer/id is passed, only HPE GreenLake Platform Audit logs will be fetched.

The API supports pagination and sorting options to efficiently retrieve large datasets

Rate limits:

100 requests per minute per user.
300 requests per minute overall.

Security

Bearer

Query

filterstring

Examples:

Get only platform audit logs

Get HPE GreenLake platform audit logs

filter=serviceOffer/id eq '00000000-0000-0000-0000-000000000000'

Get multiple service offer audit logs

Get HPE GreenLake platform and Compute cloud console logs

filter=serviceOffer/id in ('00000000-0000-0000-0000-000000000000', 'd46569ae-0516-4dd2-81ce-b6d645842acc') and region eq 'us-west'

Filter based on category and time range

Get audit logs for API Gateway category within a specific time range

filter=category eq 'API Gateway' and createdAt ge '2025-01-16T07:54:55.0Z' and createdAt lt '2025-02-16T07:54:55.0Z'

Filter based on username

Get audit logs for a specific user

filter=username eq 'test@test.com'

selectstring

Use the select query parameter to restrict the number of properties included in the audit log response. Specify as comma-separated values. The supported select parameters are:

serviceOffer
createdAt
category
hasDetails
workspace
description
username
ipAddress
additionalInfo

Examples:

Get all attributes

Get audit logs with all attributes

select=serviceOffer, createdAt, category, hasDetails, workspace, description, username, ipAddress, additionalInfo

Get selected attributes

Get audit logs with selected attributes

select=createdAt, username, category

limitinteger<= 2000

How many items to return at one time (max 2000)

Default 50

offsetinteger

Specifies the zero-based resource offset to start the response from.

Default 0

sortstring

Sort the results based on the specified field. The default sort order is descending. Each sort expression is a property name optionally followed by a direction indicator asc (ascending) or desc (descending).

Examples:

Sort by createdAt in descending order sort=createdAt

Sort by category in ascending order sort=category asc

curl -i -X GET \
  https://global.api.greenlake.hpe.com/audit-log/v2beta1/logs \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Audit logs fetched successfully.

Bodyapplication/json

countintegerrequired

Number of items returned in the response.

offsetintegerrequired

Zero-based offset of the first item in the response.

totalintegerrequired

Total number of items matching the query. Maximum value is 10,000. If more than 10,000 items match the query, then remainingRecords is set to true.

remainingRecordsbooleanrequired

Boolean value indicating if there are more than 10,000 records available that match the query. Client can apply filters to narrow down the results.

itemsArray of objects(AuditLogItem)required

items[].idstring(uuid)required

items[].typestringrequired

items[].categorystringrequired

items[].createdAtstring(date-time)required

items[].descriptionstringrequired

items[].usernamestringrequired

items[].serviceOfferobject(ServiceOfferResponse)required

items[].serviceOffer.idstring(uuid)required

Service offer ID.

items[].serviceOffer.regionstringrequired

Service offer region where it is provisioned.

items[].serviceOffer.namestringrequired

Service offer name.

items[].workspaceobject(WorkspaceRef)required

items[].workspace.idstring(uuid)required

Unique identifier for the workspace.

items[].workspace.namestringrequired

Name of the workspace where the audit log event occurred.

items[].workspace.typestring

Type of the workspace.

Enum"STANDALONE""TENANT""MSP"

items[].additionalInfoobject(AuditLogAdditionalInfo)

items[].hasDetailsboolean

items[].ipAddressstring

IPv4 or IPv6 address of the user who performed the action.

Response

application/json

{
  "count": 3,
  "offset": 0,
  "total": 100,
  "remainingRecords": true,
  "items": [
    { … },
    { … },
    { … }
  ]
}

Get a specific audit log.

Request

Security

Bearer

Path

idstringrequired

Provide the ID of the audit log record to fetch the audit log.

curl -i -X GET \
  'https://global.api.greenlake.hpe.com/audit-log/v2beta1/logs/{id}' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Audit log details.

Bodyapplication/json

idstring(uuid)required

typestringrequired

categorystringrequired

createdAtstring(date-time)required

descriptionstringrequired

usernamestringrequired

serviceOfferobject(ServiceOfferResponse)required

serviceOffer.idstring(uuid)required

Service offer ID.

serviceOffer.regionstringrequired

Service offer region where it is provisioned.

serviceOffer.namestringrequired

Service offer name.

workspaceobject(WorkspaceRef)required

workspace.idstring(uuid)required

Unique identifier for the workspace.

workspace.namestringrequired

Name of the workspace where the audit log event occurred.

workspace.typestring

Type of the workspace.

Enum"STANDALONE""TENANT""MSP"

additionalInfoobject(AuditLogAdditionalInfo)

hasDetailsboolean

ipAddressstring

IPv4 or IPv6 address of the user who performed the action.

Response

application/json

{
  "id": "8RtJaZQBITMTdBbBUxzz",
  "type": "/audit-log/log",
  "serviceOffer": {
    "id": "68067533-5764-401a-9620-24e6e2cdc574",
    "name": "Backup and Recovery",
    "region": "us-east"
  },
  "username": "testuser@test.com",
  "category": "Storage settings",
  "description": "Storage firmware updated",
  "workspace": {
    "id": "3e35c938fb5911edbb4c660832a054ff",
    "name": "workspace name",
    "type": "STANDALONE"
  },
  "createdAt": "2024-02-10T07:54:55.0Z",
  "ipAddress": "192.168.11.21",
  "additionalInfo": {
    "serverName": "test"
  },
  "hasDetails": true
}

Get a specific audit log details.

Request

Security

Bearer

Path

idstringrequired

Provide the ID of the audit log record to fetch the audit log details.

curl -i -X GET \
  'https://global.api.greenlake.hpe.com/audit-log/v2beta1/logs/{id}/details' \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Audit log details.

Bodyapplication/json

idstring(uuid)required

Audit log ID

typestringrequired

Resource type

Default "/audit-log/log/details"

headerstringrequired

Heading summarizing the audit log details.

bodyArray of stringsrequired

Array of action or detail strings describing the audit event.

Response

application/json

{
  "id": "8RtJaZQBITMTdBbBUxzz",
  "type": "/audit-log/log/details",
  "header": "Storage Firmware Update",
  "body": [
    "Firmware version: 1.2.3",
    "Update status: Successful"
  ]
}

Audit Logs API - Fetch Audit Logs (v2beta1)

Fetch Audit Logs

Retrieves audit logs of one or more services.

Request

Responses

Was this helpful?

Get a specific audit log.

Request

Responses

Was this helpful?

Get a specific audit log details.

Request

Responses

Was this helpful?