Audits

List audit entries

get

Returns a list of audit entries

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Query parameters

pageintegerOptional

pageSizeintegerOptional

userstringOptional

actionstring · enumOptionalPossible values:

typestring · enumOptionalPossible values:

filterstringOptional

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

/api/v1/environments/{environment}/proxy/api/audit

GET /api/v1/environments/{environment}/proxy/api/audit HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "type": "TOPIC",
      "action": "ADD",
      "user": "text",
      "timestamp": 1,
      "resourceId": "text",
      "resourceName": "text",
      "content": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      }
    }
  ],
  "pagesAmount": 1,
  "totalCount": 1
}

Delete audit entries up to timestamp

delete

Deletes the audit entries up to the timestamp

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Query parameters

timestampinteger · int64Required

Responses

200Success

No content

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

delete

/api/v1/environments/{environment}/proxy/api/audit

DELETE /api/v1/environments/{environment}/proxy/api/audit?timestamp=1 HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Get audit metadata information

get

Returns the audits metadata information

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

/api/v1/environments/{environment}/proxy/api/audit/values

GET /api/v1/environments/{environment}/proxy/api/audit/values HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "users": [
    "text"
  ],
  "actions": [
    "ADD"
  ],
  "types": [
    "TOPIC"
  ]
}

List audit channels

get

Lists audit channels ordered by their creation time (most recent first)

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Query parameters

pageintegerOptional

The page number to be returned, must be greater than zero. Defaults to 1.

Example: 1

pageSizeintegerRequired

The elements amount on a single page, must be greater than zero.

Example: 25

templateNamestringOptional

Filter by channel template name

channelNamestringOptional

Matches channels by name

sortFieldstring · enumOptional

The field to sort results by

Possible values:

sortOrderstring · enumOptional

Sorting order. Defaults to ascending

Possible values:

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

/api/v1/environments/{environment}/proxy/api/v1/audit/channels

GET /api/v1/environments/{environment}/proxy/api/v1/audit/channels?pageSize=1 HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "2c1fc20d-59b4-4f67-8982-6e0377e8fdbd",
      "name": "splunk-prd",
      "templateName": "Splunk",
      "templateVersion": 1,
      "connectionName": "splunk-connection",
      "properties": [
        {
          "key": "source",
          "value": "splunk_source"
        }
      ],
      "createdAt": "2021-01-01T00:00:00Z",
      "createdBy": "joe.bloggs",
      "updatedAt": "2021-01-01T00:00:00Z",
      "updatedBy": "joe.bloggs",
      "enabled": true,
      "lrn": "lrn"
    }
  ],
  "pagesAmount": 1,
  "totalCount": 1
}

Create audit channel

post

The JSON object representing the properties to set this channel with

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Body

namestringRequired

templateNamestringRequired

connectionNamestringRequired

propertiesObjectobjectOptional

JSON Schema representation of the configuration properties

Responses

201Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

409

The supplied identifier is already being used by another resource

application/json

500

An internal server error has occurred

application/json

post

/api/v1/environments/{environment}/proxy/api/v1/audit/channels

POST /api/v1/environments/{environment}/proxy/api/v1/audit/channels HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 138

{
  "name": "splunk-prd",
  "templateName": "Splunk",
  "connectionName": "splunk-connection",
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ]
}

{
  "id": "2c1fc20d-59b4-4f67-8982-6e0377e8fdbd"
}

Get audit channel details

get

Get the audit channel details

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

/api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id}

GET /api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "2c1fc20d-59b4-4f67-8982-6e0377e8fdbd",
  "name": "splunk-prd",
  "templateName": "Splunk",
  "templateVersion": 1,
  "connectionName": "splunk-connection",
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ],
  "createdAt": "2021-01-01T00:00:00Z",
  "createdBy": "joe.bloggs",
  "updatedAt": "2021-01-01T00:00:00Z",
  "updatedBy": "joe.bloggs",
  "enabled": true,
  "lrn": "lrn"
}

Update audit channel

put

Update audit channel

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Body

namestringRequired

connectionNamestringRequired

enabledbooleanOptional

propertiesObjectobjectOptional

JSON Schema representation of the configuration properties

Responses

200Success

No content

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

409

The supplied identifier is already being used by another resource

application/json

500

An internal server error has occurred

application/json

put

/api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id}

PUT /api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 114

{
  "name": "splunk-prd",
  "connectionName": "splunk-connection",
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ]
}

No content

Delete a channel

delete

Permanently delete a channel

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Responses

204Success

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

delete

/api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id}

DELETE /api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Patch audit channel

patch

Patch an audit channel

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Body

namestringOptional

connectionNamestringOptional

enabledbooleanOptional

propertiesObjectobjectOptional

JSON Schema representation of the configuration properties

Responses

200Success

No content

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

409

The supplied identifier is already being used by another resource

application/json

500

An internal server error has occurred

application/json

patch

/api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id}

PATCH /api/v1/environments/{environment}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 129

{
  "name": "splunk-prd",
  "connectionName": "splunk-connection",
  "enabled": true,
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ]
}

No content

List audit channel templates

get

List channel templates and their applicable connections

Authorizations

AuthorizationstringRequired

The bearer token can be obtained by creating a ServiceAccount.

Path parameters

environmentstringRequired

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

/api/v1/environments/{environment}/proxy/api/v1/audit/channel-templates

GET /api/v1/environments/{environment}/proxy/api/v1/audit/channel-templates HTTP/1.1
Host: api.example.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

[
  {
    "id": 440,
    "name": "Splunk",
    "templateVersion": 1,
    "version": "1",
    "enabled": true,
    "builtIn": true,
    "metadata": {
      "author": "Lenses",
      "description": "Splunk channel template"
    },
    "configuration": [
      {
        "id": 102,
        "key": "source",
        "displayName": "Source",
        "placeholder": "lenses-audits",
        "description": "Source to associate with generated Splunk events",
        "type": {
          "name": "STRING",
          "displayName": "string"
        },
        "required": true,
        "provided": false
      }
    ],
    "suitableConnections": [
      {
        "templateName": "Splunk",
        "name": "splunk-connection"
      }
    ],
    "jsonSchema": {
      "$schema": "http://json-schema.org/draft-04/schema#",
      "type": "object",
      "required": [
        "source",
        "host",
        "useHttps",
        "insecure",
        "token"
      ],
      "title": "Splunk, version: 1 template JSON schema",
      "properties": {
        "source": {
          "type": "string",
          "title": "Source",
          "description": "Source to associate with generated Splunk events"
        },
        "host": {
          "type": "string",
          "title": "Host",
          "description": "The host name for the HTTP Event Collector API of the Splunk instance."
        },
        "useHttps": {
          "type": "boolean",
          "title": "Use HTTPS",
          "description": "Use SSL."
        },
        "port": {
          "type": "number",
          "title": "Port",
          "description": "The port number for the HTTP Event Collector API of the Splunk instance."
        },
        "token": {
          "type": "string",
          "title": "Event collector token",
          "description": "HTTP event collector authorization token"
        },
        "insecure": {
          "type": "boolean",
          "title": "Disable SSL certificate verification",
          "description": "This is *not encouraged* but is required for a Splunk Cloud Trial instance."
        }
      }
    }
  }
]

PreviousAlerts NextConnections

Last updated 9 days ago

Was this helpful?

Good morning

List audit entries

Delete audit entries up to timestamp

Get audit metadata information

List audit channels

Create audit channel

Get audit channel details

Update audit channel

Delete a channel

Patch audit channel

List audit channel templates