Retrieve Audit Details
Retrieve all audit details for a specific audit type. This request supports optional parameters to narrow the results to a specified date and time within the past 30 days.
You can run a full audit export with the same formatting as exports you initiate in the UI once per day per audit type. To execute a full audit export, set all_dates to true, leave start_date and end_date blank, and set format_result to csv. When the job is complete, you will receive an email containing links to a zipped file for each year.
/api/{version}/audittrail/{audit_trail_type}Headers
Section link for Headers| Name | Description |
|---|---|
Accept | application/json (default) |
URI Path Parameters
Section link for URI Path Parameters| Name | Description |
|---|---|
{audit_trail_type} | The name of the specified audit type (document_audit_trail, object_audit_trail, etc.). Use the Retrieve Audit Types API to retrieve types available in your Vault. Requests for login_audit_trail only accept one request per user at a time. |
Query Parameters
Section link for Query ParametersYou can modify the request by using one or more of the following parameters:
| Name | Description |
|---|---|
start_date | Specify a start date to retrieve audit information. This date cannot be more than 30 days ago. Dates must be YYYY-MM-DDTHH:MM:SSZ format, for example, 7AM on January 15, 2016 would use 2016-01-15T07:00:00Z. If omitted, defaults to the start of the previous day. |
end_date | Specify an end date to retrieve audit information. This date cannot be more than 30 days ago. Dates must be YYYY-MM-DDTHH:MM:SSZ format, for example, 7AM on January 15, 2016 would use 2016-01-15T07:00:00Z. If omitted, defaults to the current date and time. |
all_dates | Set to true to request audit information for all dates. You must leave start_date and end_date blank when requesting an export of a full audit trail. You can only run a full audit export (all_dates = true) on each audit type once every 24 hours. |
format_result | To request a downloadable CSV file of your audit details, use csv. The response contains a jobId to retrieve the job status, which contains a link to download the CSV file. If omitted, the API returns a JSON response and does not start a job. If all_dates is true, this parameter is required. |
objects | This is an optional parameter when specifying object_audit_trail as the {audit_trail_type}. Provide a comma-separated list of one or more object names to retrieve their audit details. For example, objects=product__v,country__v. If omitted, defaults to all objects. |
events | This is an optional parameter when specifying object_audit_trail or document_audit_trail as the {audit_trail_type}. Provide a comma-separated list of one or more audit events to retrieve their audit details. For example, events=Edit,Delete,TaskAssignment. If omitted, defaults to all audit events. See Vault Help for full lists of object audit events |
Dates and times are in UTC. If the time is not specified, it will default to midnight (T00:00:00Z) on the specified date.
Request
Section link for Requestcurl -X GET -H "Authorization: {SESSION_ID}" \
https://myvault.veevavault.com/api/v26.1/audittrail/login_audit_trailResponse
Section link for Response{
"responseDetails": {
"offset": 0,
"limit": 200,
"size": 7,
"total": 7,
"object": {
"name": "login_audit_trail",
"label": "Login Audit Trail",
"url": "/api/v26.1/metadata/audittrail/login_audit_trail"
}
},
"data": [
{
"id": "152515375538",
"timestamp": "2017-09-15T16:07:25Z",
"user_name": "lgills@veepharm.com",
"full_name": "Lateef Gills",
"source_ip": "209.136.227.195",
"type": "User Login",
"status": "Success",
"browser": "Unknown",
"platform": "Unknown"
},
{
"id": "152515371157",
"timestamp": "2017-09-14T14:19:05Z",
"user_name": "c.brandon@veepharm.com",
"full_name": "Cody Brandon",
"source_ip": "162.218.77.23",
"type": "Enterprise Home Authentication",
"status": "Success",
"browser": "Chrome 60.0.3112.113",
"platform": "Intel Mac OS X 10.12.6"
}
],
"responseStatus": "SUCCESS"
}Response Details
Section link for Response DetailsOn SUCCESS, the response lists all rows and fields for the specified audit trail type. For example:
| Name | Description |
|---|---|
id | The unique audit trail ID. |
timestamp | Date and time that the action was performed. |
user_name | Login name for the user who performed the action. This may show "System" to indicate the action was completed by Vault. |
full_name | The full name of the user who performed the action. |
on_behalf_of | If the action completed by user_name was representing a different user (such as through delegated accesstibanez@veepharm.com on behalf of mmurray@veepharm.com,” the user_name is tibanez@veepharm.com who completed the action on_behalf_of mmurray@veepharm.com. |
The response returns additional fields based on the specified audit type. For example, if the audit type is object_audit_trail, Vault returns the action field denoting the audit event.
When the number of query results is greater than the page size, the response provides next_page and previous_page URLs for pagination. Learn more about paginating results in the VQL documentation.
Requesting a CSV file generates a job to prepare the file for download. On SUCCESS, the response includes the jobId with a link to the CSV file.
When you export a full audit trail (all_dates = true and format_result = csv,) the response does not include a link to the CSV file. You will instead receive an email when the job is complete. The email contains a download link for each year to Excel files (one file per month for the current year, one file per year for each previous year) of the audit trail.
| Name | Description |
|---|---|
url | The URL to retrieve the current status of the CSV job. |
jobId | The job ID value is used to retrieve the status and results of the audit trail CSV request. |