Chilkat Online Tools

Foxpro / Datadog API Collection / Search Audit Logs events

Back to Collection Items

LOCAL loHttp
LOCAL lnSuccess
LOCAL loJson
LOCAL loResp
LOCAL loSbResponseBody
LOCAL loJResp
LOCAL lnRespStatusCode
LOCAL lcMessage
LOCAL lcService
LOCAL lcTimestamp
LOCAL lcId
LOCAL lcV_type
LOCAL j
LOCAL lnCount_j
LOCAL lcStrVal
LOCAL lcCode
LOCAL lcDetail
LOCAL lcTitle
LOCAL lcV_Next
LOCAL lcElapsed
LOCAL lcAfter
LOCAL lcRequest_id
LOCAL lcStatus
LOCAL i
LOCAL lnCount_i

* This example assumes the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http')
loHttp = CreateObject('Chilkat.Http')

* Use this online tool to generate code from sample JSON: Generate Code to Create JSON

* The following JSON is sent in the request body.

* {
*   "filter": {
*     "from": "now-15m",
*     "query": "*",
*     "to": "now"
*   },
*   "options": {
*     "time_offset": "<long>",
*     "timezone": "UTC"
*   },
*   "page": {
*     "cursor": "<string>",
*     "limit": 10
*   },
*   "sort": "-timestamp"
* }

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJson = CreateObject('Chilkat.JsonObject')
loJson.UpdateString("filter.from","now-15m")
loJson.UpdateString("filter.query","*")
loJson.UpdateString("filter.to","now")
loJson.UpdateString("options.time_offset","<long>")
loJson.UpdateString("options.timezone","UTC")
loJson.UpdateString("page.cursor","<string>")
loJson.UpdateInt("page.limit",10)
loJson.UpdateString("sort","-timestamp")

loHttp.SetRequestHeader("Content-Type","application/json")
loHttp.SetRequestHeader("Accept","application/json")

loResp = loHttp.PostJson3("https://api.app.ddog-gov.com/api/v2/audit/events/search","application/json",loJson)
IF (loHttp.LastMethodSuccess = 0) THEN
    ? loHttp.LastErrorText
    RELEASE loHttp
    RELEASE loJson
    CANCEL
ENDIF

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder')
loSbResponseBody = CreateObject('Chilkat.StringBuilder')
loResp.GetBodySb(loSbResponseBody)

* For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.JsonObject')
loJResp = CreateObject('Chilkat.JsonObject')
loJResp.LoadSb(loSbResponseBody)
loJResp.EmitCompact = 0

? "Response Body:"
? loJResp.Emit()

lnRespStatusCode = loResp.StatusCode
? "Response Status Code = " + STR(lnRespStatusCode)
IF (lnRespStatusCode >= 400) THEN
    ? "Response Header:"
    ? loResp.Header
    ? "Failed."
    RELEASE loResp
    RELEASE loHttp
    RELEASE loJson
    RELEASE loSbResponseBody
    RELEASE loJResp
    CANCEL
ENDIF

RELEASE loResp

* Sample JSON response:
* (Sample code for parsing the JSON response is shown below)

* {
*   "data": [
*     {
*       "attributes": {
*         "attributes": {
*           "utaff": {},
*           "dolore_6c": {},
*           "fugiat3b": {}
*         },
*         "message": "<string>",
*         "service": "<string>",
*         "tags": [
*           "<string>",
*           "<string>"
*         ],
*         "timestamp": "<dateTime>"
*       },
*       "id": "<string>",
*       "type": "audit"
*     },
*     {
*       "attributes": {
*         "attributes": {
*           "cillum_a": {}
*         },
*         "message": "<string>",
*         "service": "<string>",
*         "tags": [
*           "<string>",
*           "<string>"
*         ],
*         "timestamp": "<dateTime>"
*       },
*       "id": "<string>",
*       "type": "audit"
*     }
*   ],
*   "links": {
*     "next": "<string>"
*   },
*   "meta": {
*     "elapsed": "<long>",
*     "page": {
*       "after": "<string>"
*     },
*     "request_id": "<string>",
*     "status": "timeout",
*     "warnings": [
*       {
*         "code": "<string>",
*         "detail": "<string>",
*         "title": "<string>"
*       },
*       {
*         "code": "<string>",
*         "detail": "<string>",
*         "title": "<string>"
*       }
*     ]
*   }
* }

* Sample code for parsing the JSON response...
* Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

lcV_Next = loJResp.StringOf("links.next")
lcElapsed = loJResp.StringOf("meta.elapsed")
lcAfter = loJResp.StringOf("meta.page.after")
lcRequest_id = loJResp.StringOf("meta.request_id")
lcStatus = loJResp.StringOf("meta.status")
i = 0
lnCount_i = loJResp.SizeOfArray("data")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcMessage = loJResp.StringOf("data[i].attributes.message")
    lcService = loJResp.StringOf("data[i].attributes.service")
    lcTimestamp = loJResp.StringOf("data[i].attributes.timestamp")
    lcId = loJResp.StringOf("data[i].id")
    lcV_type = loJResp.StringOf("data[i].type")
    j = 0
    lnCount_j = loJResp.SizeOfArray("data[i].attributes.tags")
    DO WHILE j < lnCount_j
        loJResp.J = j
        lcStrVal = loJResp.StringOf("data[i].attributes.tags[j]")
        j = j + 1
    ENDDO
    i = i + 1
ENDDO
i = 0
lnCount_i = loJResp.SizeOfArray("meta.warnings")
DO WHILE i < lnCount_i
    loJResp.I = i
    lcCode = loJResp.StringOf("meta.warnings[i].code")
    lcDetail = loJResp.StringOf("meta.warnings[i].detail")
    lcTitle = loJResp.StringOf("meta.warnings[i].title")
    i = i + 1
ENDDO

RELEASE loHttp
RELEASE loJson
RELEASE loSbResponseBody
RELEASE loJResp

Curl Command

curl -X POST
	-H "Content-Type: application/json"
	-H "Accept: application/json"
	-d '{
  "filter": {
    "from": "now-15m",
    "query": "*",
    "to": "now"
  },
  "options": {
    "time_offset": "<long>",
    "timezone": "UTC"
  },
  "page": {
    "cursor": "<string>",
    "limit": 10
  },
  "sort": "-timestamp"
}'
https://api.app.ddog-gov.com/api/v2/audit/events/search

Postman Collection Item JSON

{
  "name": "Search Audit Logs events",
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "key": "Accept",
        "value": "application/json"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
      "options": {
        "raw": {
          "headerFamily": "json",
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{baseUrl}}/api/v2/audit/events/search",
      "host": [
        "{{baseUrl}}"
      ],
      "path": [
        "api",
        "v2",
        "audit",
        "events",
        "search"
      ]
    },
    "description": "List endpoint returns Audit Logs events that match an Audit search query.\n[Results are paginated][1].\n\nUse this endpoint to build complex Audit Logs events filtering and search.\n\n[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination"
  },
  "response": [
    {
      "name": "OK",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"data\": [\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"utaff\": {},\n          \"dolore_6c\": {},\n          \"fugiat3b\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    },\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"cillum_a\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    }\n  ],\n  \"links\": {\n    \"next\": \"<string>\"\n  },\n  \"meta\": {\n    \"elapsed\": \"<long>\",\n    \"page\": {\n      \"after\": \"<string>\"\n    },\n    \"request_id\": \"<string>\",\n    \"status\": \"timeout\",\n    \"warnings\": [\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      },\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      }\n    ]\n  }\n}"
    },
    {
      "name": "Bad Request",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Bad Request",
      "code": 400,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Not Authorized",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Forbidden",
      "code": 403,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Too many requests",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Too Many Requests",
      "code": 429,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    }
  ]
}