Chilkat Online Tools

unicodeC / Datadog API Collection / Search Audit Logs events

Back to Collection Items

#include <C_CkHttpW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkHttpResponseW.h>
#include <C_CkStringBuilderW.h>

void ChilkatSample(void)
    {
    HCkHttpW http;
    BOOL success;
    HCkJsonObjectW json;
    HCkHttpResponseW resp;
    HCkStringBuilderW sbResponseBody;
    HCkJsonObjectW jResp;
    int respStatusCode;
    const wchar_t *Message;
    const wchar_t *Service;
    const wchar_t *Timestamp;
    const wchar_t *id;
    const wchar_t *v_type;
    int j;
    int count_j;
    const wchar_t *strVal;
    const wchar_t *code;
    const wchar_t *detail;
    const wchar_t *title;
    const wchar_t *v_Next;
    const wchar_t *Elapsed;
    const wchar_t *After;
    const wchar_t *Request_id;
    const wchar_t *Status;
    int i;
    int count_i;

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    http = CkHttpW_Create();

    // Use this online tool to generate code from sample JSON: Generate Code to Create JSON

    // The following JSON is sent in the request body.

    // {
    //   "filter": {
    //     "from": "now-15m",
    //     "query": "*",
    //     "to": "now"
    //   },
    //   "options": {
    //     "time_offset": "<long>",
    //     "timezone": "UTC"
    //   },
    //   "page": {
    //     "cursor": "<string>",
    //     "limit": 10
    //   },
    //   "sort": "-timestamp"
    // }

    json = CkJsonObjectW_Create();
    CkJsonObjectW_UpdateString(json,L"filter.from",L"now-15m");
    CkJsonObjectW_UpdateString(json,L"filter.query",L"*");
    CkJsonObjectW_UpdateString(json,L"filter.to",L"now");
    CkJsonObjectW_UpdateString(json,L"options.time_offset",L"<long>");
    CkJsonObjectW_UpdateString(json,L"options.timezone",L"UTC");
    CkJsonObjectW_UpdateString(json,L"page.cursor",L"<string>");
    CkJsonObjectW_UpdateInt(json,L"page.limit",10);
    CkJsonObjectW_UpdateString(json,L"sort",L"-timestamp");

    CkHttpW_SetRequestHeader(http,L"Content-Type",L"application/json");
    CkHttpW_SetRequestHeader(http,L"Accept",L"application/json");

    resp = CkHttpW_PostJson3(http,L"https://api.app.ddog-gov.com/api/v2/audit/events/search",L"application/json",json);
    if (CkHttpW_getLastMethodSuccess(http) == FALSE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkHttpW_Dispose(http);
        CkJsonObjectW_Dispose(json);
        return;
    }

    sbResponseBody = CkStringBuilderW_Create();
    CkHttpResponseW_GetBodySb(resp,sbResponseBody);

    jResp = CkJsonObjectW_Create();
    CkJsonObjectW_LoadSb(jResp,sbResponseBody);
    CkJsonObjectW_putEmitCompact(jResp,FALSE);

    wprintf(L"Response Body:\n");
    wprintf(L"%s\n",CkJsonObjectW_emit(jResp));

    respStatusCode = CkHttpResponseW_getStatusCode(resp);
    wprintf(L"Response Status Code = %d\n",respStatusCode);
    if (respStatusCode >= 400) {
        wprintf(L"Response Header:\n");
        wprintf(L"%s\n",CkHttpResponseW_header(resp));
        wprintf(L"Failed.\n");
        CkHttpResponseW_Dispose(resp);
        CkHttpW_Dispose(http);
        CkJsonObjectW_Dispose(json);
        CkStringBuilderW_Dispose(sbResponseBody);
        CkJsonObjectW_Dispose(jResp);
        return;
    }

    CkHttpResponseW_Dispose(resp);

    // Sample JSON response:
    // (Sample code for parsing the JSON response is shown below)

    // {
    //   "data": [
    //     {
    //       "attributes": {
    //         "attributes": {
    //           "utaff": {},
    //           "dolore_6c": {},
    //           "fugiat3b": {}
    //         },
    //         "message": "<string>",
    //         "service": "<string>",
    //         "tags": [
    //           "<string>",
    //           "<string>"
    //         ],
    //         "timestamp": "<dateTime>"
    //       },
    //       "id": "<string>",
    //       "type": "audit"
    //     },
    //     {
    //       "attributes": {
    //         "attributes": {
    //           "cillum_a": {}
    //         },
    //         "message": "<string>",
    //         "service": "<string>",
    //         "tags": [
    //           "<string>",
    //           "<string>"
    //         ],
    //         "timestamp": "<dateTime>"
    //       },
    //       "id": "<string>",
    //       "type": "audit"
    //     }
    //   ],
    //   "links": {
    //     "next": "<string>"
    //   },
    //   "meta": {
    //     "elapsed": "<long>",
    //     "page": {
    //       "after": "<string>"
    //     },
    //     "request_id": "<string>",
    //     "status": "timeout",
    //     "warnings": [
    //       {
    //         "code": "<string>",
    //         "detail": "<string>",
    //         "title": "<string>"
    //       },
    //       {
    //         "code": "<string>",
    //         "detail": "<string>",
    //         "title": "<string>"
    //       }
    //     ]
    //   }
    // }

    // Sample code for parsing the JSON response...
    // Use this online tool to generate parsing code from sample JSON: Generate JSON Parsing Code

    // Chilkat functions returning "const char *" return a pointer to temporary internal memory owned and managed by Chilkat.

    v_Next = CkJsonObjectW_stringOf(jResp,L"links.next");
    Elapsed = CkJsonObjectW_stringOf(jResp,L"meta.elapsed");
    After = CkJsonObjectW_stringOf(jResp,L"meta.page.after");
    Request_id = CkJsonObjectW_stringOf(jResp,L"meta.request_id");
    Status = CkJsonObjectW_stringOf(jResp,L"meta.status");
    i = 0;
    count_i = CkJsonObjectW_SizeOfArray(jResp,L"data");
    while (i < count_i) {
        CkJsonObjectW_putI(jResp,i);
        Message = CkJsonObjectW_stringOf(jResp,L"data[i].attributes.message");
        Service = CkJsonObjectW_stringOf(jResp,L"data[i].attributes.service");
        Timestamp = CkJsonObjectW_stringOf(jResp,L"data[i].attributes.timestamp");
        id = CkJsonObjectW_stringOf(jResp,L"data[i].id");
        v_type = CkJsonObjectW_stringOf(jResp,L"data[i].type");
        j = 0;
        count_j = CkJsonObjectW_SizeOfArray(jResp,L"data[i].attributes.tags");
        while (j < count_j) {
            CkJsonObjectW_putJ(jResp,j);
            strVal = CkJsonObjectW_stringOf(jResp,L"data[i].attributes.tags[j]");
            j = j + 1;
        }

        i = i + 1;
    }

    i = 0;
    count_i = CkJsonObjectW_SizeOfArray(jResp,L"meta.warnings");
    while (i < count_i) {
        CkJsonObjectW_putI(jResp,i);
        code = CkJsonObjectW_stringOf(jResp,L"meta.warnings[i].code");
        detail = CkJsonObjectW_stringOf(jResp,L"meta.warnings[i].detail");
        title = CkJsonObjectW_stringOf(jResp,L"meta.warnings[i].title");
        i = i + 1;
    }



    CkHttpW_Dispose(http);
    CkJsonObjectW_Dispose(json);
    CkStringBuilderW_Dispose(sbResponseBody);
    CkJsonObjectW_Dispose(jResp);

    }

Curl Command

curl -X POST
	-H "Content-Type: application/json"
	-H "Accept: application/json"
	-d '{
  "filter": {
    "from": "now-15m",
    "query": "*",
    "to": "now"
  },
  "options": {
    "time_offset": "<long>",
    "timezone": "UTC"
  },
  "page": {
    "cursor": "<string>",
    "limit": 10
  },
  "sort": "-timestamp"
}'
https://api.app.ddog-gov.com/api/v2/audit/events/search

Postman Collection Item JSON

{
  "name": "Search Audit Logs events",
  "request": {
    "method": "POST",
    "header": [
      {
        "key": "Content-Type",
        "value": "application/json"
      },
      {
        "key": "Accept",
        "value": "application/json"
      }
    ],
    "body": {
      "mode": "raw",
      "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
      "options": {
        "raw": {
          "headerFamily": "json",
          "language": "json"
        }
      }
    },
    "url": {
      "raw": "{{baseUrl}}/api/v2/audit/events/search",
      "host": [
        "{{baseUrl}}"
      ],
      "path": [
        "api",
        "v2",
        "audit",
        "events",
        "search"
      ]
    },
    "description": "List endpoint returns Audit Logs events that match an Audit search query.\n[Results are paginated][1].\n\nUse this endpoint to build complex Audit Logs events filtering and search.\n\n[1]: https://docs.datadoghq.com/logs/guide/collect-multiple-logs-with-pagination"
  },
  "response": [
    {
      "name": "OK",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "OK",
      "code": 200,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"data\": [\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"utaff\": {},\n          \"dolore_6c\": {},\n          \"fugiat3b\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    },\n    {\n      \"attributes\": {\n        \"attributes\": {\n          \"cillum_a\": {}\n        },\n        \"message\": \"<string>\",\n        \"service\": \"<string>\",\n        \"tags\": [\n          \"<string>\",\n          \"<string>\"\n        ],\n        \"timestamp\": \"<dateTime>\"\n      },\n      \"id\": \"<string>\",\n      \"type\": \"audit\"\n    }\n  ],\n  \"links\": {\n    \"next\": \"<string>\"\n  },\n  \"meta\": {\n    \"elapsed\": \"<long>\",\n    \"page\": {\n      \"after\": \"<string>\"\n    },\n    \"request_id\": \"<string>\",\n    \"status\": \"timeout\",\n    \"warnings\": [\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      },\n      {\n        \"code\": \"<string>\",\n        \"detail\": \"<string>\",\n        \"title\": \"<string>\"\n      }\n    ]\n  }\n}"
    },
    {
      "name": "Bad Request",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Bad Request",
      "code": 400,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Not Authorized",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Forbidden",
      "code": 403,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    },
    {
      "name": "Too many requests",
      "originalRequest": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "description": "Added as a part of security scheme: apikey",
            "key": "DD-API-KEY",
            "value": "<API Key>"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"filter\": {\n    \"from\": \"now-15m\",\n    \"query\": \"*\",\n    \"to\": \"now\"\n  },\n  \"options\": {\n    \"time_offset\": \"<long>\",\n    \"timezone\": \"UTC\"\n  },\n  \"page\": {\n    \"cursor\": \"<string>\",\n    \"limit\": 10\n  },\n  \"sort\": \"-timestamp\"\n}",
          "options": {
            "raw": {
              "headerFamily": "json",
              "language": "json"
            }
          }
        },
        "url": {
          "raw": "{{baseUrl}}/api/v2/audit/events/search",
          "host": [
            "{{baseUrl}}"
          ],
          "path": [
            "api",
            "v2",
            "audit",
            "events",
            "search"
          ]
        }
      },
      "status": "Too Many Requests",
      "code": 429,
      "_postman_previewlanguage": "json",
      "header": [
        {
          "key": "Content-Type",
          "value": "application/json"
        }
      ],
      "cookie": [
      ],
      "body": "{\n  \"errors\": [\n    \"<string>\",\n    \"<string>\"\n  ]\n}"
    }
  ]
}