Export audit events
Developer reference
Use the GET /audit-sentinel/events/export endpoint to export audit events to a CSV or PDF file programmatically.
Exporting audit events lets you retrieve a filtered history of system actions and changes for offline analysis, reporting, or archiving. You can filter events by event type, subtype, system source, and time range, and export the results in CSV or PDF format.
This endpoint returns the exported audit data as a downloadable file. A successful request does not return a response body.
For more information about audit events and how they are recorded, see About the entity audit.
Request
To export audit events to a CSV or PDF file, make a GET request to the /audit-sentinel/events/export endpoint.
To authenticate your request, include the apikey: API_KEY header. See Manage API keys for more information.
Parameters
The following optional query parameters are available for this endpoint:
Field | Type | Description |
|---|---|---|
| array of strings | Filters the audit events exported by the ID of the user who caused the event. |
| array of strings | Filters the audit events exported by event type, for example, |
| string | Specifies the file type for the audit export, either PDF exports support a maximum of 5,000 audit events per request. Requests that exceed this limit fail. To export more data, use the CSV format or divide the export into multiple filtered requests. Default: |
| string | Indicates the language to use for the exported data. Accepts a two-letter ISO code for one of the platform's supported languages. Learn more about translation. Default: |
| object | Filters audit events by event metadata, such as entity ID or assessment ID. You can filter by multiple metadata keys in the same request. The available metadata filters are For example:
|
| string or null | Includes audit events up to and including the specified end date. The value must be an ISO 8601 UTC datetime string, for example, |
| string or null | Includes audit events from the specified start date. The value must be an ISO 8601 UTC datetime string, for example, |
| array of strings | Filters audit events exported by the event subtype, such as |
| array of strings | Filters the export by the source of the request, for example, |
| string or null | Indicates the time zone to use when formatting dates included in the export. Provide an IANA time zone identifier. For example:
|
Sample requests
The following examples show how to export audit events using a GET request to the export endpoint.
This example exports assessment-related audit events as a CSV file:
curl --request GET "https://{api_region}/v5/audit-sentinel/events/export?file_type=csv&event_type=assessment&locale=en" \
--header "apikey: API_KEY"This example filters events to a specific entity using metadata and exports them as a PDF file:
curl --request GET "https://{api_region}/v5/audit-sentinel/events/export?file_type=pdf&metadata[entity_id=497f6eca-6276-4993-bfeb-53cbbbba6f08]&locale=en" \
--header "apikey: API_KEY"Replace {api_region} with the domain from your region's base URL.
Response
A successful request returns a 200 OK status and downloads a file containing the exported audit events in the requested format.
This endpoint doesn't return a response body.
Troubleshooting
A status code
400 Bad Requestmeans the request was invalid. For example, therange_startvalue is later than therange_endvalue. This error can also occur if a PDF export request returns more than 5,000 events. Narrow your filters and try again.A status code 401 Unauthorized indicates that the API key is missing or invalid.
A status code 500 Internal Server Error means an unexpected server error has occurred. Try again or email our Client Service team for support.
For a full list of the possible error codes, view the API reference.