Back to Collection Items
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http")
set http = Server.CreateObject("Chilkat.Http")
' Use this online tool to generate code from sample JSON: Generate Code to Create JSON
' The following JSON is sent in the request body.
' {
' "filter": {
' "from": "now-15m",
' "query": "*",
' "to": "now"
' },
' "options": {
' "time_offset": "<long>",
' "timezone": "UTC"
' },
' "page": {
' "cursor": "<string>",
' "limit": 10
' },
' "sort": "-timestamp"
' }
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set json = Server.CreateObject("Chilkat.JsonObject")
success = json.UpdateString("filter.from","now-15m")
success = json.UpdateString("filter.query","*")
success = json.UpdateString("filter.to","now")
success = json.UpdateString("options.time_offset","<long>")
success = json.UpdateString("options.timezone","UTC")
success = json.UpdateString("page.cursor","<string>")
success = json.UpdateInt("page.limit",10)
success = json.UpdateString("sort","-timestamp")
http.SetRequestHeader "Content-Type","application/json"
http.SetRequestHeader "Accept","application/json"
' resp is a Chilkat.HttpResponse
Set resp = http.PostJson3("https://api.app.ddog-gov.com/api/v2/audit/events/search","application/json",json)
If (http.LastMethodSuccess = 0) Then
Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
Response.End
End If
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder")
set sbResponseBody = Server.CreateObject("Chilkat.StringBuilder")
success = resp.GetBodySb(sbResponseBody)
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set jResp = Server.CreateObject("Chilkat.JsonObject")
success = jResp.LoadSb(sbResponseBody)
jResp.EmitCompact = 0
Response.Write "<pre>" & Server.HTMLEncode( "Response Body:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( jResp.Emit()) & "</pre>"
respStatusCode = resp.StatusCode
Response.Write "<pre>" & Server.HTMLEncode( "Response Status Code = " & respStatusCode) & "</pre>"
If (respStatusCode >= 400) Then
Response.Write "<pre>" & Server.HTMLEncode( "Response Header:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( resp.Header) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "Failed.") & "</pre>"
Response.End
End If
' Sample JSON response:
' (Sample code for parsing the JSON response is shown below)
' {
' "data": [
' {
' "attributes": {
' "attributes": {
' "utaff": {},
' "dolore_6c": {},
' "fugiat3b": {}
' },
' "message": "<string>",
' "service": "<string>",
' "tags": [
' "<string>",
' "<string>"
' ],
' "timestamp": "<dateTime>"
' },
' "id": "<string>",
' "type": "audit"
' },
' {
' "attributes": {
' "attributes": {
' "cillum_a": {}
' },
' "message": "<string>",
' "service": "<string>",
' "tags": [
' "<string>",
' "<string>"
' ],
' "timestamp": "<dateTime>"
' },
' "id": "<string>",
' "type": "audit"
' }
' ],
' "links": {
' "next": "<string>"
' },
' "meta": {
' "elapsed": "<long>",
' "page": {
' "after": "<string>"
' },
' "request_id": "<string>",
' "status": "timeout",
' "warnings": [
' {
' "code": "<string>",
' "detail": "<string>",
' "title": "<string>"
' },
' {
' "code": "<string>",
' "detail": "<string>",
' "title": "<string>"
' }
' ]
' }
' }
' Sample code for parsing the JSON response...
' Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code
v_Next = jResp.StringOf("links.next")
Elapsed = jResp.StringOf("meta.elapsed")
After = jResp.StringOf("meta.page.after")
Request_id = jResp.StringOf("meta.request_id")
Status = jResp.StringOf("meta.status")
i = 0
count_i = jResp.SizeOfArray("data")
Do While i < count_i
jResp.I = i
Message = jResp.StringOf("data[i].attributes.message")
Service = jResp.StringOf("data[i].attributes.service")
Timestamp = jResp.StringOf("data[i].attributes.timestamp")
id = jResp.StringOf("data[i].id")
v_type = jResp.StringOf("data[i].type")
j = 0
count_j = jResp.SizeOfArray("data[i].attributes.tags")
Do While j < count_j
jResp.J = j
strVal = jResp.StringOf("data[i].attributes.tags[j]")
j = j + 1
Loop
i = i + 1
Loop
i = 0
count_i = jResp.SizeOfArray("meta.warnings")
Do While i < count_i
jResp.I = i
code = jResp.StringOf("meta.warnings[i].code")
detail = jResp.StringOf("meta.warnings[i].detail")
title = jResp.StringOf("meta.warnings[i].title")
i = i + 1
Loop
%>
</body>
</html>
Curl Command
curl -X POST
-H "Content-Type: application/json"
-H "Accept: application/json"
-d '{
"filter": {
"from": "now-15m",
"query": "*",
"to": "now"
},
"options": {
"time_offset": "<long>",
"timezone": "UTC"
},
"page": {
"cursor": "<string>",
"limit": 10
},
"sort": "-timestamp"
}'
https://api.app.ddog-gov.com/api/v2/audit/events/search
Postman Collection Item JSON
{
"name": "Search Audit Logs events",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"filter\": {\n \"from\": \"now-15m\",\n \"query\": \"*\",\n \"to\": \"now\"\n },\n \"options\": {\n \"time_offset\": \"<long>\",\n \"timezone\": \"UTC\"\n },\n \"page\": {\n \"cursor\": \"<string>\",\n \"limit\": 10\n },\n \"sort\": \"-timestamp\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events/search",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events",
"search"
]
},
"description": "List endpoint returns Audit Logs events that match an Audit search query.\n[Results are paginated][1].\n\nUse this endpoint to build complex Audit Logs events filtering and search.\n\n[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination"
},
"response": [
{
"name": "OK",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"filter\": {\n \"from\": \"now-15m\",\n \"query\": \"*\",\n \"to\": \"now\"\n },\n \"options\": {\n \"time_offset\": \"<long>\",\n \"timezone\": \"UTC\"\n },\n \"page\": {\n \"cursor\": \"<string>\",\n \"limit\": 10\n },\n \"sort\": \"-timestamp\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events/search",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events",
"search"
]
}
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"data\": [\n {\n \"attributes\": {\n \"attributes\": {\n \"utaff\": {},\n \"dolore_6c\": {},\n \"fugiat3b\": {}\n },\n \"message\": \"<string>\",\n \"service\": \"<string>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"timestamp\": \"<dateTime>\"\n },\n \"id\": \"<string>\",\n \"type\": \"audit\"\n },\n {\n \"attributes\": {\n \"attributes\": {\n \"cillum_a\": {}\n },\n \"message\": \"<string>\",\n \"service\": \"<string>\",\n \"tags\": [\n \"<string>\",\n \"<string>\"\n ],\n \"timestamp\": \"<dateTime>\"\n },\n \"id\": \"<string>\",\n \"type\": \"audit\"\n }\n ],\n \"links\": {\n \"next\": \"<string>\"\n },\n \"meta\": {\n \"elapsed\": \"<long>\",\n \"page\": {\n \"after\": \"<string>\"\n },\n \"request_id\": \"<string>\",\n \"status\": \"timeout\",\n \"warnings\": [\n {\n \"code\": \"<string>\",\n \"detail\": \"<string>\",\n \"title\": \"<string>\"\n },\n {\n \"code\": \"<string>\",\n \"detail\": \"<string>\",\n \"title\": \"<string>\"\n }\n ]\n }\n}"
},
{
"name": "Bad Request",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"filter\": {\n \"from\": \"now-15m\",\n \"query\": \"*\",\n \"to\": \"now\"\n },\n \"options\": {\n \"time_offset\": \"<long>\",\n \"timezone\": \"UTC\"\n },\n \"page\": {\n \"cursor\": \"<string>\",\n \"limit\": 10\n },\n \"sort\": \"-timestamp\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events/search",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events",
"search"
]
}
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Not Authorized",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"filter\": {\n \"from\": \"now-15m\",\n \"query\": \"*\",\n \"to\": \"now\"\n },\n \"options\": {\n \"time_offset\": \"<long>\",\n \"timezone\": \"UTC\"\n },\n \"page\": {\n \"cursor\": \"<string>\",\n \"limit\": 10\n },\n \"sort\": \"-timestamp\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events/search",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events",
"search"
]
}
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
},
{
"name": "Too many requests",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
},
{
"description": "Added as a part of security scheme: apikey",
"key": "DD-API-KEY",
"value": "<API Key>"
}
],
"body": {
"mode": "raw",
"raw": "{\n \"filter\": {\n \"from\": \"now-15m\",\n \"query\": \"*\",\n \"to\": \"now\"\n },\n \"options\": {\n \"time_offset\": \"<long>\",\n \"timezone\": \"UTC\"\n },\n \"page\": {\n \"cursor\": \"<string>\",\n \"limit\": 10\n },\n \"sort\": \"-timestamp\"\n}",
"options": {
"raw": {
"headerFamily": "json",
"language": "json"
}
}
},
"url": {
"raw": "{{baseUrl}}/api/v2/audit/events/search",
"host": [
"{{baseUrl}}"
],
"path": [
"api",
"v2",
"audit",
"events",
"search"
]
}
},
"status": "Too Many Requests",
"code": 429,
"_postman_previewlanguage": "json",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [
],
"body": "{\n \"errors\": [\n \"<string>\",\n \"<string>\"\n ]\n}"
}
]
}