list-events¶

subtitle: List all audit events recorded in a specified time span, and optionally with a specified request ID and/or event source.
version: 0.9.111

Description¶

Returns all audit log events that have a timestamp within the provided range (start is inclusive, end is exclusive) and, optionally, with the specified request ID and/or event source.

list-events is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate argument.

Synopsis¶

  list-events
--from-timestamp <value>
--to-timestamp <value>
[--request-id <value>]
[--event-source <value>]
[--event-name <value>]
[--actor-crn <value>]
[--result-code <value>]
[--result-message <value>]
[--api-request-event-criteria <value>]
[--cdp-service-event-criteria <value>]
[--interactive-login-event-criteria <value>]
[--max-items <value>]
[--starting-token <value>]
[--page-size <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options¶

--from-timestamp (datetime)

The beginning timestamp for the search range (inclusive).

--to-timestamp (datetime)

The ending timestamp for the search range (exclusive).

--request-id (string)

The optional request ID. If specified, only events associated with this request ID are returned.

--event-source (string)

The optional source service. If specified, only events associated with this event source are returned. The source must be the name of a service as enumerated in the CRN definition.

--event-name (string)

The optional event name. If specified, only events with this name are returned.

--actor-crn (string)

The optional actor CRN. If specified, only events with this CRN recorded for the actor identity are returned.

--result-code (string)

The optional result code. If specified, only events with this result code are returned. Events without a result code are not returned.

--result-message (string)

The optional result message. If specified, only events with this result message are returned. Events without a result message are not returned.

--api-request-event-criteria (object)

Filter criteria for listing API request audit events.

sourceIPAddress -> (string)

The source IP address of the requester.

userAgent -> (string)

The user agent that made the API request.

Shorthand Syntax:

sourceIPAddress=string,userAgent=string

JSON Syntax:

{
  "sourceIPAddress": "string",
  "userAgent": "string"
}

--cdp-service-event-criteria (object)

Filter criteria for listing CDP service audit events.

resourceCrn -> (string)

The CRN of the resource operated on.

Shorthand Syntax:

resourceCrn=string

JSON Syntax:

{
  "resourceCrn": "string"
}

--interactive-login-event-criteria (object)

Filter criteria for listing interactive login audit events.

identityProviderUserId -> (string)

The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login.

email -> (string)

The email of the user as provided to CDP.

sourceIPAddress -> (string)

The source IP address from which the login request came.

firstName -> (string)

The first name of the user.

lastName -> (string)

The last name of the user.

Shorthand Syntax:

identityProviderUserId=string,email=string,sourceIPAddress=string,firstName=string,lastName=string

JSON Syntax:

{
  "identityProviderUserId": "string",
  "email": "string",
  "sourceIPAddress": "string",
  "firstName": "string",
  "lastName": "string"
}

--max-items (integer)

The total number of items to return. If the total number of items available is more than the value specified in max-items then a nextToken will be provided in the output that you can use to resume pagination. This nextToken response element should not be used directly outside of the CDP CLI. This option cannnot be combined with the no-paginate CLI option. If no max-items value is specified, then a default value of 20 is used.

--starting-token (string)

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

--page-size (integer)

The size of each page. Generally this does not need to be set and the default page size used is appropriate.

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output¶

auditEvents -> (array)

The audit events that satisfy the query.

item -> (object)

The model for an audit event.

version -> (string)

The version of the event structure.

id -> (string)

UUID for this event.

eventSource -> (string)

The source service of the event. It must be the name of a service as enumerated in the CRN definition.

eventName -> (string)

The name of the event. Each source defines all its event names, and a name must be unique for its source.

timestamp -> (integer)

The Unix timestamp, in milliseconds (UTC), when the event occurred.

actorIdentity -> (object)

Identity information about the actor that initiated an event. Only one of the fields in this message may be set.

actorCrn -> (string)

The CRN of the actor who initiated this event.

actorServiceName -> (string)

The name of the service that initiated this event. It must be the name of a service as enumerated in the CRN definition.

accountId -> (string)

Account id in which this event occurred.

requestId -> (string)

Id of the request that initiated this event. Optional.

resultCode -> (string)

Optional result code.

resultMessage -> (string)

Optional result message, a short message (about one sentence) describing the result.

apiRequestEvent -> (object)

The model for an API request event, as a part of CdpAuditEvent. These events are triggered by requests to public CDP API services.

requestParameters -> (string)

The API request parameters.

responseParameters -> (string)

The API response parameters. Only recorded for mutating calls.

mutating -> (boolean)

Whether the request mutates the state of resources.

apiVersion -> (string)

The API version associated with the request.

sourceIPAddress -> (string)

The source IP address of the requester.

userAgent -> (string)

The user agent that made the API request.

cdpServiceEvent -> (object)

The model for a service event, as a part of CdpAuditEvent. These events are created by Cloudera CDP services, but are not directly triggered by a request to a public CDP API service.

additionalServiceEventDetails -> (string)

Optional JSON that contains additional details for an event and/or a result associated with the event. Each service defines the structure of details for each event.

resourceCrns -> (array)

The CRNs of the resources operated on.

item -> (string)

detailsVersion -> (string)

The schema version of the additional service event details for this service event. Maintained by the service.

interactiveLoginEvent -> (object)

The model for a login event, as a part of CdpAuditEvent. CDP logs attempts to interactively login to the CDP console. This includes logins using Cloudera SSO and through any federated interactive login events.

identityProviderCrn -> (string)

The identity provider CRN used to interactively login. For Cloudera SSO the ID is ‘crn:altus:iam:us-west-1:altus:samlProvider:cloudera-sso’. For identity provider connectors the connector’s CRN is used.

identityProviderUserId -> (string)

The user ID as indicated by the identity provider. The specific format and type of this identifier is determined by the IdP. For Cloudera SSO this is the email used to login.

email -> (string)

The email of the user as provided to CDP.

sourceIPAddress -> (string)

The source IP address from which the login request came from.

firstName -> (string)

The first name of the user, if provided.

lastName -> (string)

The last name of the user, if provided.

accountAdmin -> (boolean)

Whether the user was marked as account admin. Can only be ‘true’ for users using Cloudera SSO.

groups -> (array)

A list of group names the user belongs to as received in CDP. Only available for non Cloudera SSO login events.

item -> (string)

userCrn -> (string)

The CDP user CRN for the user. This may be empty if the login failed.

filteredInvalidGroups -> (array)

The groups that are invalid and filtered (ignored) during the interactive login through non Cloudera SSO IdP. It is a subset of the groups the user belongs to as received in CDP. It can be empty for any of the following reasons: 1) If the account is not entitled for this feature. 2) If the membership sync is off for the IdP used during the interactive login. 3) If all the groups were valid during login through non Cloudera SSO IdP. 4) If the login is performed through Cloudera SSO. 5) If the login fails before filtering invalid groups.

item -> (string)

nextPageToken -> (string)

The page token for requesting the next page of results.

Form Factors¶

public

list-events¶

Description¶

Synopsis¶

Options¶

Output¶

Form Factors¶

Table of Contents

Previous topic

Next topic