/audits
Mount Point: /api/v7/audits
GET
Fetch audit events from Cloudera Manager (CM) and CM managed services like HDFS, HBase, Impala and Hive.
By default, this call will fetch all audit events corresponding to a 1 day window based on provided end time (which defaults to the current CM server time). The startTime and endTime parameters can be used to control the window being queried.
Audit events for CM managed services are only retrieved if Cloudera Navigator server is running.
Parameters
name | description | type | default | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
maxResults | Maximum number of audits to return | query | 100 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
resultOffset | Offset of audits to return | query | 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
startTime | Start of the period to query (defaults to 1 day ago relative to endTime) | query | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
endTime | End of the period to query (defaults to current time) | query | now | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
query |
The query to filter out audits in the system. It accepts
querying the intersection of a list of constraints,
joined together with semicolons (without spaces). For example:
The only supported operator is ";" (Boolean AND). Boolean OR is not supported. The supported comparators are == and != Note that "LIKE" comparison is supported using the wild card syntax, for example foo==*value*. Asterisk is interpreted as a wild card character and must not be part of the value. (LIKE comparison queries are converted to standard SQL LIKE syntax, so any % (%25) character in a value that also contains a wild card will be interpreted as a wild card.) Values for time related query parameters (startTime and endTime) should be ISO8601 timestamps. Available since API v4. |
query |
Response Body
element: | auditList |
List of audits in descending order of timestamp