API endpoint | Available from |
---|---|
| ThoughtSpot Cloud ts7.april.cl |
Audit logs API
ThoughtSpot cloud deployments allow you to collect security audit events and send them to your Security information and event management (SIEM) application in real-time. These events can help your security operations personnel in detecting potential security threats or compromised user accounts in your organization.
The log API endpoint allows you to programmatically fetch security audit logs from the ThoughtSpot system.
Supported operationsπ
Required permissionsπ
Requires administrator privilege.
Resource URLπ
GET /tspublic/v1/logs/topics/{topic}
Request parametersπ
By default, the API retrieves logs for the last 24 hours. You can set a custom duration in EPOCH time. Make sure the log duration specified in your API request doesnβt exceed 24 hours. If you must fetch logs for a longer time range, modify the duration and make multiple sequential API requests.
Parameter | Type | Description |
---|---|---|
| Path | String. Type of the log. The valid value is |
| Query | Epoch time string. The EPOCH time in milliseconds to set the start time for streaming logs. For example, to set the timestamp as June 1, 2021 8 am, specify |
| Query | Epoch time string. The EPOCH time in milliseconds to set the end time for streaming logs. To set the timestamp as June 2, 2021, 8 am, specify |
Example requestπ
curl -X GET \
--header 'Accept: application/json' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/logs/topics/security_logs'
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/logs/topics/security_logs
Example responseπ
Upon successful execution, the API returns logs with the following information:
-
timestamp of the event
-
event ID
-
event type
-
Name and GUID of the user
-
IP address of the ThoughtSpot instance
[
{
"date": "2023-06-08T11:15:26.421996Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-0f31addf-fb94-445c-9af6-318975cea9cb\",\"ts\":\"2023-06-08T11:15:26Z\",\"orgId\":0,\"userGUID\":null,\"userName\":null,\"cIP\":null,\"type\":\"LOGIN_FAILED\",\"desc\":\"User login failed\",\"data\":{\"userName\":\"system\"}}"
},
{
"date": "2023-06-08T11:15:59.385943Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-2026d1e7-df48-442f-b4ab-f512d4b0a86f\",\"ts\":\"2023-06-08T11:15:59Z\",\"orgId\":0,\"userGUID\":\"67e15c06-d153-4924-a4cd-ff615393b60f\",\"userName\":\"system\",\"cIP\":null,\"type\":\"LOGOUT_SUCCESSFUL\",\"desc\":\"User logout successful\",\"data\":{}}"
},
{
"date": "2023-06-08T11:37:55.662295Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-6ed05559-7c4e-44b1-8f37-712269f4750c\",\"ts\":\"2023-06-08T11:37:55Z\",\"orgId\":0,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"tsadmin\",\"cIP\":\"10.254.3.248\",\"type\":\"LOGIN_SUCCESSFUL\",\"desc\":\"User login successful\",\"data\":{\"userName\":\"tsadmin\"}}"
},
{
"date": "2023-06-09T04:32:50.383520Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-cc66980a-db77-452b-9516-c9006e23a659\",\"ts\":\"2023-06-09T04:32:50Z\",\"orgId\":0,\"userGUID\":\"67e15c06-d153-4924-a4cd-ff615393b60f\",\"userName\":\"system\",\"cIP\":null,\"type\":\"LOGOUT_SUCCESSFUL\",\"desc\":\"User logout successful\",\"data\":{}}"
}
]
Response codesπ
HTTP status code | Description |
---|---|
200 | Successful retrieval of the log |
400 | Invalid parameter values |