Audit Channels | Lenses Docs

put

Update audit channel

Path parameters

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Body

namestringRequired

connectionNamestringRequired

enabledbooleanOptional

propertiesObjectobjectOptional

JSON Schema representation of the configuration properties

Responses

200Success

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

409

The supplied identifier is already being used by another resource

application/json

500

An internal server error has occurred

application/json

put

PUT /api/v1/environments/{name}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 114

{
  "name": "splunk-prd",
  "connectionName": "splunk-connection",
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ]
}

No content

get

List channel templates and their applicable connections

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

GET /api/v1/environments/{name}/proxy/api/v1/audit/channel-templates HTTP/1.1
Host: 
Accept: */*

[
  {
    "id": 440,
    "name": "Splunk",
    "templateVersion": 1,
    "version": "1",
    "enabled": true,
    "builtIn": true,
    "metadata": {
      "author": "Lenses",
      "description": "Splunk channel template"
    },
    "configuration": [
      {
        "id": 102,
        "key": "source",
        "displayName": "Source",
        "placeholder": "lenses-audits",
        "description": "Source to associate with generated Splunk events",
        "type": {
          "name": "STRING",
          "displayName": "string"
        },
        "required": true,
        "provided": false
      }
    ],
    "suitableConnections": [
      {
        "templateName": "Splunk",
        "name": "splunk-connection"
      }
    ],
    "jsonSchema": {
      "$schema": "http://json-schema.org/draft-04/schema#",
      "type": "object",
      "required": [
        "source",
        "host",
        "useHttps",
        "insecure",
        "token"
      ],
      "title": "Splunk, version: 1 template JSON schema",
      "properties": {
        "source": {
          "type": "string",
          "title": "Source",
          "description": "Source to associate with generated Splunk events"
        },
        "host": {
          "type": "string",
          "title": "Host",
          "description": "The host name for the HTTP Event Collector API of the Splunk instance."
        },
        "useHttps": {
          "type": "boolean",
          "title": "Use HTTPS",
          "description": "Use SSL."
        },
        "port": {
          "type": "number",
          "title": "Port",
          "description": "The port number for the HTTP Event Collector API of the Splunk instance."
        },
        "token": {
          "type": "string",
          "title": "Event collector token",
          "description": "HTTP event collector authorization token"
        },
        "insecure": {
          "type": "boolean",
          "title": "Disable SSL certificate verification",
          "description": "This is *not encouraged* but is required for a Splunk Cloud Trial instance."
        }
      }
    }
  }
]

patch

Patch an audit channel

Path parameters

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Body

namestringOptional

connectionNamestringOptional

enabledbooleanOptional

propertiesObjectobjectOptional

JSON Schema representation of the configuration properties

Responses

200Success

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

409

The supplied identifier is already being used by another resource

application/json

500

An internal server error has occurred

application/json

patch

PATCH /api/v1/environments/{name}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 129

{
  "name": "splunk-prd",
  "connectionName": "splunk-connection",
  "enabled": true,
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ]
}

No content

get

Get the audit channel details

Path parameters

idstring · uuidRequired

The channel id

Example: 2c1fc20d-59b4-4f67-8982-6e0377e8fdbd

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

GET /api/v1/environments/{name}/proxy/api/v1/audit/channels/{id} HTTP/1.1
Host: 
Accept: */*

{
  "id": "2c1fc20d-59b4-4f67-8982-6e0377e8fdbd",
  "name": "splunk-prd",
  "templateName": "Splunk",
  "templateVersion": 1,
  "connectionName": "splunk-connection",
  "properties": [
    {
      "key": "source",
      "value": "splunk_source"
    }
  ],
  "createdAt": "2021-01-01T00:00:00Z",
  "createdBy": "joe.bloggs",
  "updatedAt": "2021-01-01T00:00:00Z",
  "updatedBy": "joe.bloggs",
  "enabled": true
}

get

Returns the audits metadata information

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

GET /api/v1/environments/{name}/proxy/api/audit/values HTTP/1.1
Host: 
Accept: */*

{
  "users": [
    "text"
  ],
  "actions": [
    "ADD"
  ],
  "types": [
    "TOPIC"
  ]
}

get

Lists audit channels ordered by their creation time (most recent first)

Query parameters

pageintegerOptional

The page number to be returned, must be greater than zero. Defaults to 1.

Example: 1

pageSizeintegerRequired

The elements amount on a single page, must be greater than zero.

Example: 25

templateNamestringOptional

Filter by channel template name

channelNamestringOptional

Matches channels by name

sortFieldstring · enumOptional

The field to sort results by

Possible values:

sortOrderstring · enumOptional

Sorting order. Defaults to ascending

Possible values:

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

GET /api/v1/environments/{name}/proxy/api/v1/audit/channels?pageSize=1 HTTP/1.1
Host: 
Accept: */*

{
  "values": [
    {
      "id": "2c1fc20d-59b4-4f67-8982-6e0377e8fdbd",
      "name": "splunk-prd",
      "templateName": "Splunk",
      "templateVersion": 1,
      "connectionName": "splunk-connection",
      "properties": [
        {
          "key": "source",
          "value": "splunk_source"
        }
      ],
      "createdAt": "2021-01-01T00:00:00Z",
      "createdBy": "joe.bloggs",
      "updatedAt": "2021-01-01T00:00:00Z",
      "updatedBy": "joe.bloggs",
      "enabled": true
    }
  ],
  "pagesAmount": 1,
  "totalCount": 1
}

delete

Deletes the audit entries up to the timestamp

Query parameters

timestampinteger · int64Required

Responses

200Success

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

delete

DELETE /api/v1/environments/{name}/proxy/api/audit?timestamp=1 HTTP/1.1
Host: 
Accept: */*

No content

get

Returns a list of audit entries

Query parameters

pageintegerOptional

pageSizeintegerOptional

userstringOptional

actionstring · enumOptionalPossible values:

typestring · enumOptionalPossible values:

filterstringOptional

Responses

200Success

application/json

400

The request input was invalid

application/json

401

Authentication error

application/json

402

The purchased Lenses license does not provide access to this feature

application/json

403

Authorisation error

application/json

404

The requested resource cannot be found

application/json

500

An internal server error has occurred

application/json

get

GET /api/v1/environments/{name}/proxy/api/audit HTTP/1.1
Host: 
Accept: */*

{
  "values": [
    {
      "type": "TOPIC",
      "action": "ADD",
      "user": "text",
      "timestamp": 1,
      "resourceId": "text",
      "resourceName": "text",
      "content": {
        "ANY_ADDITIONAL_PROPERTY": "text"
      }
    }
  ],
  "pagesAmount": 1,
  "totalCount": 1
}