Chilkat Online Tools

Classic ASP / Datadog API Collection / Search Audit Logs events

Back to Collection Items

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Http")
set http = Server.CreateObject("Chilkat.Http")

' Use this online tool to generate code from sample JSON: Generate Code to Create JSON

' The following JSON is sent in the request body.

' {
'   "filter": {
'     "from": "now-15m",
'     "query": "*",
'     "to": "now"
'   },
'   "options": {
'     "time_offset": "<long>",
'     "timezone": "UTC"
'   },
'   "page": {
'     "cursor": "<string>",
'     "limit": 10
'   },
'   "sort": "-timestamp"
' }

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set json = Server.CreateObject("Chilkat.JsonObject")
success = json.UpdateString("filter.from","now-15m")
success = json.UpdateString("filter.query","*")
success = json.UpdateString("filter.to","now")
success = json.UpdateString("options.time_offset","<long>")
success = json.UpdateString("options.timezone","UTC")
success = json.UpdateString("page.cursor","<string>")
success = json.UpdateInt("page.limit",10)
success = json.UpdateString("sort","-timestamp")

http.SetRequestHeader "Content-Type","application/json"
http.SetRequestHeader "Accept","application/json"

' resp is a Chilkat.HttpResponse
Set resp = http.PostJson3("https://api.app.ddog-gov.com/api/v2/audit/events/search","application/json",json)
If (http.LastMethodSuccess = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
    Response.End
End If

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder")
set sbResponseBody = Server.CreateObject("Chilkat.StringBuilder")
success = resp.GetBodySb(sbResponseBody)

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set jResp = Server.CreateObject("Chilkat.JsonObject")
success = jResp.LoadSb(sbResponseBody)
jResp.EmitCompact = 0

Response.Write "<pre>" & Server.HTMLEncode( "Response Body:") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( jResp.Emit()) & "</pre>"

respStatusCode = resp.StatusCode
Response.Write "<pre>" & Server.HTMLEncode( "Response Status Code = " & respStatusCode) & "</pre>"
If (respStatusCode >= 400) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Response Header:") & "</pre>"
    Response.Write "<pre>" & Server.HTMLEncode( resp.Header) & "</pre>"
    Response.Write "<pre>" & Server.HTMLEncode( "Failed.") & "</pre>"

    Response.End
End If

' Sample JSON response:
' (Sample code for parsing the JSON response is shown below)

' {
'   "data": [
'     {
'       "attributes": {
'         "attributes": {
'           "utaff": {},
'           "dolore_6c": {},
'           "fugiat3b": {}
'         },
'         "message": "<string>",
'         "service": "<string>",
'         "tags": [
'           "<string>",
'           "<string>"
'         ],
'         "timestamp": "<dateTime>"
'       },
'       "id": "<string>",
'       "type": "audit"
'     },
'     {
'       "attributes": {
'         "attributes": {
'           "cillum_a": {}
'         },
'         "message": "<string>",
'         "service": "<string>",
'         "tags": [
'           "<string>",
'           "<string>"
'         ],
'         "timestamp": "<dateTime>"
'       },
'       "id": "<string>",
'       "type": "audit"
'     }
'   ],
'   "links": {
'     "next": "<string>"
'   },
'   "meta": {
'     "elapsed": "<long>",
'     "page": {
'       "after": "<string>"
'     },
'     "request_id": "<string>",
'     "status": "timeout",
'     "warnings": [
'       {
'         "code": "<string>",
'         "detail": "<string>",
'         "title": "<string>"
'       },
'       {
'         "code": "<string>",
'         "detail": "<string>",
'         "title": "<string>"
'       }
'     ]
'   }
' }

' Sample code for parsing the JSON response...
' Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

v_Next = jResp.StringOf("links.next")
Elapsed = jResp.StringOf("meta.elapsed")
After = jResp.StringOf("meta.page.after")
Request_id = jResp.StringOf("meta.request_id")
Status = jResp.StringOf("meta.status")
i = 0
count_i = jResp.SizeOfArray("data")
Do While i < count_i
    jResp.I = i
    Message = jResp.StringOf("data[i].attributes.message")
    Service = jResp.StringOf("data[i].attributes.service")
    Timestamp = jResp.StringOf("data[i].attributes.timestamp")
    id = jResp.StringOf("data[i].id")
    v_type = jResp.StringOf("data[i].type")
    j = 0
    count_j = jResp.SizeOfArray("data[i].attributes.tags")
    Do While j < count_j
        jResp.J = j
        strVal = jResp.StringOf("data[i].attributes.tags[j]")
        j = j + 1
    Loop
    i = i + 1
Loop
i = 0
count_i = jResp.SizeOfArray("meta.warnings")
Do While i < count_i
    jResp.I = i
    code = jResp.StringOf("meta.warnings[i].code")
    detail = jResp.StringOf("meta.warnings[i].detail")
    title = jResp.StringOf("meta.warnings[i].title")
    i = i + 1
Loop

%>
</body>
</html>

Curl Command

curl -X POST
	-H "Content-Type: application/json"
	-H "Accept: application/json"
	-d '{
  "filter": {
    "from": "now-15m",
    "query": "*",
    "to": "now"
  },
  "options": {
    "time_offset": "<long>",
    "timezone": "UTC"
  },
  "page": {
    "cursor": "<string>",
    "limit": 10
  },
  "sort": "-timestamp"
}'
https://api.app.ddog-gov.com/api/v2/audit/events/search

Postman Collection Item JSON

{
  "name": "Search Audit Logs events",
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "key": "Accept",
        "value": "application/json"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
      "options": {
        "raw": {
          "headerFamily": "json",
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{baseUrl}}/api/v2/audit/events/search",
      "host": [
        "{{baseUrl}}"
      ],
      "path": [
        "api",
        "v2",
        "audit",
        "events",
        "search"
      ]
    },
    "description": "List endpoint returns Audit Logs events that match an Audit search query.\n[Results are paginated][1].\n\nUse this endpoint to build complex Audit Logs events filtering and search.\n\n[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination"
  },
  "response": [
    {
      "name": "OK",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"data\": [\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"utaff\": {},\n          \"dolore_6c\": {},\n          \"fugiat3b\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    },\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"cillum_a\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    }\n  ],\n  \"links\": {\n    \"next\": \"<string>\"\n  },\n  \"meta\": {\n    \"elapsed\": \"<long>\",\n    \"page\": {\n      \"after\": \"<string>\"\n    },\n    \"request_id\": \"<string>\",\n    \"status\": \"timeout\",\n    \"warnings\": [\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      },\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      }\n    ]\n  }\n}"
    },
    {
      "name": "Bad Request",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Bad Request",
      "code": 400,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Not Authorized",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Forbidden",
      "code": 403,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Too many requests",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Too Many Requests",
      "code": 429,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    }
  ]
}