PureBasic / Datadog API Collection / Get a list of Audit Logs events
Back to Collection Items
IncludeFile "CkJsonObject.pb"
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkHttp.pb"
IncludeFile "CkHttpResponse.pb"
Procedure ChilkatExample()
; This example assumes the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
http.i = CkHttp::ckCreate()
If http.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success.i
queryParams.i = CkJsonObject::ckCreate()
If queryParams.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckUpdateString(queryParams,"filter[query]","<string>")
CkJsonObject::ckUpdateString(queryParams,"filter[from]","<dateTime>")
CkJsonObject::ckUpdateString(queryParams,"filter[to]","<dateTime>")
CkJsonObject::ckUpdateString(queryParams,"sort","-timestamp")
CkJsonObject::ckUpdateString(queryParams,"page[cursor]","<string>")
CkJsonObject::ckUpdateInt(queryParams,"page[limit]",10)
CkHttp::ckSetRequestHeader(http,"Accept","application/json")
resp.i = CkHttp::ckQuickRequestParams(http,"GET","https://api.app.ddog-gov.com/api/v2/audit/events",queryParams)
If CkHttp::ckLastMethodSuccess(http) = 0
Debug CkHttp::ckLastErrorText(http)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(queryParams)
ProcedureReturn
EndIf
sbResponseBody.i = CkStringBuilder::ckCreate()
If sbResponseBody.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkHttpResponse::ckGetBodySb(resp,sbResponseBody)
jResp.i = CkJsonObject::ckCreate()
If jResp.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckLoadSb(jResp,sbResponseBody)
CkJsonObject::setCkEmitCompact(jResp, 0)
Debug "Response Body:"
Debug CkJsonObject::ckEmit(jResp)
respStatusCode.i = CkHttpResponse::ckStatusCode(resp)
Debug "Response Status Code = " + Str(respStatusCode)
If respStatusCode >= 400
Debug "Response Header:"
Debug CkHttpResponse::ckHeader(resp)
Debug "Failed."
CkHttpResponse::ckDispose(resp)
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(queryParams)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndIf
CkHttpResponse::ckDispose(resp)
; Sample JSON response:
; (Sample code for parsing the JSON response is shown below)
; {
; "data": [
; {
; "attributes": {
; "attributes": {
; "utaff": {},
; "dolore_6c": {},
; "fugiat3b": {}
; },
; "message": "<string>",
; "service": "<string>",
; "tags": [
; "<string>",
; "<string>"
; ],
; "timestamp": "<dateTime>"
; },
; "id": "<string>",
; "type": "audit"
; },
; {
; "attributes": {
; "attributes": {
; "cillum_a": {}
; },
; "message": "<string>",
; "service": "<string>",
; "tags": [
; "<string>",
; "<string>"
; ],
; "timestamp": "<dateTime>"
; },
; "id": "<string>",
; "type": "audit"
; }
; ],
; "links": {
; "next": "<string>"
; },
; "meta": {
; "elapsed": "<long>",
; "page": {
; "after": "<string>"
; },
; "request_id": "<string>",
; "status": "timeout",
; "warnings": [
; {
; "code": "<string>",
; "detail": "<string>",
; "title": "<string>"
; },
; {
; "code": "<string>",
; "detail": "<string>",
; "title": "<string>"
; }
; ]
; }
; }
; Sample code for parsing the JSON response...
; Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
Message.s
Service.s
Timestamp.s
id.s
v_type.s
j.i
count_j.i
strVal.s
code.s
detail.s
title.s
v_Next.s = CkJsonObject::ckStringOf(jResp,"links.next")
Elapsed.s = CkJsonObject::ckStringOf(jResp,"meta.elapsed")
After.s = CkJsonObject::ckStringOf(jResp,"meta.page.after")
Request_id.s = CkJsonObject::ckStringOf(jResp,"meta.request_id")
Status.s = CkJsonObject::ckStringOf(jResp,"meta.status")
i.i = 0
count_i.i = CkJsonObject::ckSizeOfArray(jResp,"data")
While i < count_i
CkJsonObject::setCkI(jResp, i)
Message = CkJsonObject::ckStringOf(jResp,"data[i].attributes.message")
Service = CkJsonObject::ckStringOf(jResp,"data[i].attributes.service")
Timestamp = CkJsonObject::ckStringOf(jResp,"data[i].attributes.timestamp")
id = CkJsonObject::ckStringOf(jResp,"data[i].id")
v_type = CkJsonObject::ckStringOf(jResp,"data[i].type")
j = 0
count_j = CkJsonObject::ckSizeOfArray(jResp,"data[i].attributes.tags")
While j < count_j
CkJsonObject::setCkJ(jResp, j)
strVal = CkJsonObject::ckStringOf(jResp,"data[i].attributes.tags[j]")
j = j + 1
Wend
i = i + 1
Wend
i = 0
count_i = CkJsonObject::ckSizeOfArray(jResp,"meta.warnings")
While i < count_i
CkJsonObject::setCkI(jResp, i)
code = CkJsonObject::ckStringOf(jResp,"meta.warnings[i].code")
detail = CkJsonObject::ckStringOf(jResp,"meta.warnings[i].detail")
title = CkJsonObject::ckStringOf(jResp,"meta.warnings[i].title")
i = i + 1
Wend
CkHttp::ckDispose(http)
CkJsonObject::ckDispose(queryParams)
CkStringBuilder::ckDispose(sbResponseBody)
CkJsonObject::ckDispose(jResp)
ProcedureReturn
EndProcedure
Curl Command
curl -G -d "filter[query]=%3Cstring%3E"
-d "filter[from]=%3CdateTime%3E"
-d "filter[to]=%3CdateTime%3E"
-d "sort=-timestamp"
-d "page[cursor]=%3Cstring%3E"
-d "page[limit]=10"
-H "Accept: application/json"
https://api.app.ddog-gov.com/api/v2/audit/events
Postman Collection Item JSON
{
"name": "Get a list of Audit Logs events",
"request": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events?filter[query]=<string>&filter[from]=<dateTime>&filter[to]=<dateTime>&sort=-timestamp&page[cursor]=<string>&page[limit]=10",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events"
],
"query": [
{
"key": "filter[query]",
"value": "<string>",
"description": "Search query following Audit Logs syntax."
},
{
"key": "filter[from]",
"value": "<dateTime>",
"description": "Minimum timestamp for requested events."
},
{
"key": "filter[to]",
"value": "<dateTime>",
"description": "Maximum timestamp for requested events."
},
{
"key": "sort",
"value": "-timestamp",
"description": "Order of events in results."
},
{
"key": "page[cursor]",
"value": "<string>",
"description": "List following results with a cursor provided in the previous query."
},
{
"key": "page[limit]",
"value": "10",
"description": "Maximum number of events in the response."
}
]
},
"description": "List endpoint returns events that match a Audit Logs search query.\n[Results are paginated][1].\n\nUse this endpoint to see your latest Audit Logs events.\n\n[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination"
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events?filter[query]=<string>&filter[from]=<dateTime>&filter[to]=<dateTime>&sort=-timestamp&page[cursor]=<string>&page[limit]=10",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events"
],
"query": [
{
"key": "filter[query]",
"value": "<string>",
"description": "Search query following Audit Logs syntax."
},
{
"key": "filter[from]",
"value": "<dateTime>",
"description": "Minimum timestamp for requested events."
},
{
"key": "filter[to]",
"value": "<dateTime>",
"description": "Maximum timestamp for requested events."
},
{
"key": "sort",
"value": "-timestamp",
"description": "Order of events in results."
},
{
"key": "page[cursor]",
"value": "<string>",
"description": "List following results with a cursor provided in the previous query."
},
{
"key": "page[limit]",
"value": "10",
"description": "Maximum number of events in the response."
}
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"data\": [\n {\n \"attributes\": {\n \"attributes\": {\n \"utaff\": {},\n \"dolore_6c\": {},\n \"fugiat3b\": {}\n },\n \"message\": \"<string>\",\n \"service\": \"<string>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"timestamp\": \"<dateTime>\"\n },\n \"id\": \"<string>\",\n \"type\": \"audit\"\n },\n {\n \"attributes\": {\n \"attributes\": {\n \"cillum_a\": {}\n },\n \"message\": \"<string>\",\n \"service\": \"<string>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"timestamp\": \"<dateTime>\"\n },\n \"id\": \"<string>\",\n \"type\": \"audit\"\n }\n ],\n \"links\": {\n \"next\": \"<string>\"\n },\n \"meta\": {\n \"elapsed\": \"<long>\",\n \"page\": {\n \"after\": \"<string>\"\n },\n \"request_id\": \"<string>\",\n \"status\": \"timeout\",\n \"warnings\": [\n {\n \"code\": \"<string>\",\n \"detail\": \"<string>\",\n \"title\": \"<string>\"\n },\n {\n \"code\": \"<string>\",\n \"detail\": \"<string>\",\n \"title\": \"<string>\"\n }\n ]\n }\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events?filter[query]=<string>&filter[from]=<dateTime>&filter[to]=<dateTime>&sort=-timestamp&page[cursor]=<string>&page[limit]=10",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events"
],
"query": [
{
"key": "filter[query]",
"value": "<string>",
"description": "Search query following Audit Logs syntax."
},
{
"key": "filter[from]",
"value": "<dateTime>",
"description": "Minimum timestamp for requested events."
},
{
"key": "filter[to]",
"value": "<dateTime>",
"description": "Maximum timestamp for requested events."
},
{
"key": "sort",
"value": "-timestamp",
"description": "Order of events in results."
},
{
"key": "page[cursor]",
"value": "<string>",
"description": "List following results with a cursor provided in the previous query."
},
{
"key": "page[limit]",
"value": "10",
"description": "Maximum number of events in the response."
}
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events?filter[query]=<string>&filter[from]=<dateTime>&filter[to]=<dateTime>&sort=-timestamp&page[cursor]=<string>&page[limit]=10",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events"
],
"query": [
{
"key": "filter[query]",
"value": "<string>",
"description": "Search query following Audit Logs syntax."
},
{
"key": "filter[from]",
"value": "<dateTime>",
"description": "Minimum timestamp for requested events."
},
{
"key": "filter[to]",
"value": "<dateTime>",
"description": "Maximum timestamp for requested events."
},
{
"key": "sort",
"value": "-timestamp",
"description": "Order of events in results."
},
{
"key": "page[cursor]",
"value": "<string>",
"description": "List following results with a cursor provided in the previous query."
},
{
"key": "page[limit]",
"value": "10",
"description": "Maximum number of events in the response."
}
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "GET",
"header": [
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events?filter[query]=<string>&filter[from]=<dateTime>&filter[to]=<dateTime>&sort=-timestamp&page[cursor]=<string>&page[limit]=10",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events"
],
"query": [
{
"key": "filter[query]",
"value": "<string>",
"description": "Search query following Audit Logs syntax."
},
{
"key": "filter[from]",
"value": "<dateTime>",
"description": "Minimum timestamp for requested events."
},
{
"key": "filter[to]",
"value": "<dateTime>",
"description": "Maximum timestamp for requested events."
},
{
"key": "sort",
"value": "-timestamp",
"description": "Order of events in results."
},
{
"key": "page[cursor]",
"value": "<string>",
"description": "List following results with a cursor provided in the previous query."
},
{
"key": "page[limit]",
"value": "10",
"description": "Maximum number of events in the response."
}
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}
