Get Runtime Log Inspection Audit Events
Retrieves all audit events for log inspection checks that are configured under host runtime rules.
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s",
Offsets the result to a specific report count. Offset starts from 0.
Number of reports to retrieve in a page. For PCCE, the maximum limit is 250. For PCEE, the maximum limit is 50. The default value is 50.
Retrieves the result for a search term.
Sorts the result using a key. Refer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.
Sorts the result in reverse order.
Filters the result based on collection names that you have defined in Prisma Cloud Compute.
Scopes the query by cloud provider.
Filters the result based on cloud account IDs.
Scopes the query by resource ID.
Scopes the query by cloud region.
Retrieves the fields that you need in a report. Use the list of fields you want to retrieve. By default, the result shows all fields of data.
IDs is the list of IDs to use for filtering.
From is an optional minimum time constraints for the event.
To is an optional maximum time constraints for the event.
Hosts is the list of hosts to use for filtering.
Logfiles is the list of log files to use for filtering.
Clusters is the cluster filter.
- Example (from schema)
- Array [
ID is event's unique identifier.
AccountID is the cloud account ID.
Cluster is the cluster on which the event was found.
Collections are collections to which this event applies.
Hostname is the hostname on which the event was found.
Line is the matching log line.
Logfile is the log file which triggered the event.
RuleName is the name of the applied rule for auditing log inspection events.
Time is the time of the event.