Audit logs API

Audit logs API

The log API endpoint allows you to fetch security audit logs programmatically from the ThoughtSpot system.

Supported operationsπŸ”—

API endpointAvailable from

GET /tspublic/v1/logs/topics/{topic}
Gets security audit logs from the ThoughtSpot system.

ThoughtSpot Cloud ts7.april.cl
ThoughtSpot Software Not applicable

Required permissionsπŸ”—

Requires administrator privilege.

Resource URLπŸ”—

GET /tspublic/v1/logs/topics/{topic}

Request parametersπŸ”—

By default, the API retrieves logs for the last 24 hours. You can set a custom duration in EPOCH time. Make sure the log duration specified in your API request doesn’t exceed 24 hours. If you must fetch logs for a longer time range, modify the duration and make multiple sequential API requests.

Note

When fetching logs via API, there can be a 30-minute delay between the actual event time and when that event is available via the logs API endpoint.

ParameterTypeDescription

topic

Path

String. Type of the log. The valid value is security_logs.

fromEpoch
Optional

Query

Epoch time string. The EPOCH time in milliseconds to set the start time for streaming logs. For example, to set the timestamp as June 1, 2021 8 am, specify 1622534400000.

toEpoch
Optional

Query

Epoch time string. The EPOCH time in milliseconds to set the end time for streaming logs. To set the timestamp as June 2, 2021, 8 am, specify 1622620800000.

get_all_logs
Optional

Query

Boolean. Fetches logs for all Orgs when set to true. If set to false, the API returns logs only for primary Org (Org 0).

Example requestπŸ”—

cURL
curl -X GET \
--header 'Accept: application/json' \
'https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/logs/topics/security_logs'
Request URL
https://{ThoughtSpot-Host}/callosum/v1/tspublic/v1/logs/topics/security_logs

Example responseπŸ”—

The following example shows some of the security audit events returned in the API response. For more information about the audited events, contents of the log, and examples, see Audit logs.

[
  {
    "date": "2023-06-08T11:15:26.421996Z",
    "log": "{\"version\":\"1.1\",\"id\":\"TS-0f31addf-fb94-445c-9af6-318975cea9cb\",\"ts\":\"2023-06-08T11:15:26Z\",\"orgId\":0,\"userGUID\":null,\"userName\":null,\"cIP\":null,\"type\":\"LOGIN_FAILED\",\"desc\":\"User login failed\",\"data\":{\"userName\":\"system\"}}"
  },
  {
    "date": "2023-06-08T11:15:59.385943Z",
    "log": "{\"version\":\"1.1\",\"id\":\"TS-2026d1e7-df48-442f-b4ab-f512d4b0a86f\",\"ts\":\"2023-06-08T11:15:59Z\",\"orgId\":0,\"userGUID\":\"67e15c06-d153-4924-a4cd-ff615393b60f\",\"userName\":\"system\",\"cIP\":null,\"type\":\"LOGOUT_SUCCESSFUL\",\"desc\":\"User logout successful\",\"data\":{}}"
  },
  {
    "date": "2023-06-08T11:37:55.662295Z",
    "log": "{\"version\":\"1.1\",\"id\":\"TS-6ed05559-7c4e-44b1-8f37-712269f4750c\",\"ts\":\"2023-06-08T11:37:55Z\",\"orgId\":0,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"tsadmin\",\"cIP\":\"10.254.3.248\",\"type\":\"LOGIN_SUCCESSFUL\",\"desc\":\"User login successful\",\"data\":{\"userName\":\"tsadmin\"}}"
  },
  {
    "date": "2023-06-09T04:32:50.383520Z",
    "log": "{\"version\":\"1.1\",\"id\":\"TS-cc66980a-db77-452b-9516-c9006e23a659\",\"ts\":\"2023-06-09T04:32:50Z\",\"orgId\":0,\"userGUID\":\"67e15c06-d153-4924-a4cd-ff615393b60f\",\"userName\":\"system\",\"cIP\":null,\"type\":\"LOGOUT_SUCCESSFUL\",\"desc\":\"User logout successful\",\"data\":{}}"
  }
]

Response codesπŸ”—

HTTP status codeDescription

200

Successful retrieval of the log

400

Invalid parameter values