Search Audit Logs icon

Search Audit Logs

Search audit logs

Overview

This node performs a search query on audit logs via an external API. It allows users to specify a search string, pagination parameters (limit and offset), and a time range to filter the logs. The node is useful for scenarios where you need to analyze or monitor audit trails, such as security investigations, compliance checks, or operational troubleshooting.

Practical examples:

  • Searching for all audit log entries related to a specific user action within a given date range.
  • Retrieving the most recent 50 audit events that match a particular keyword.
  • Paginating through large sets of audit logs by adjusting the offset parameter.

Properties

Name Meaning
Search Query The search query string used to filter audit logs based on matching text or criteria.
Limit Maximum number of audit log results to return in one execution (minimum 1).
Offset Number of audit log entries to skip, useful for paginating through results (minimum 0).
Time Range Collection specifying the time window for the search:
- From: Start time in ISO format or timestamp (optional).
- To: End time in ISO format or timestamp (optional).

Output

The node outputs JSON data with the following structure:

  • success (boolean): Indicates if the search was successful.
  • logs (array): An array of audit log entries returned by the API.
  • totalLogs (number): The count of logs returned in this response.
  • query (string): The original search query string used.
  • limit (number): The limit parameter value used.
  • offset (number): The offset parameter value used.
  • response (object): The full raw response from the audit log API call.

If the search fails and the node is configured to continue on failure, the output will include:

  • success: false
  • error: Error message string
  • statusCode: HTTP status code of the failure
  • response: Response body or error details from the API
  • query: The search query attempted
  • logs: Empty array

The node does not output binary data.

Dependencies

  • Requires an API key credential for authenticating with the external audit log service.
  • The node makes HTTP POST requests to the endpoint /api/pt/auditlog/search on the base URL provided by the credential.
  • The request includes headers specifying content type as JSON and an "Accept-Language" header set to Vietnamese (vi).

Troubleshooting

  • Common issues:

    • Invalid or missing API credentials will cause authentication failures.
    • Incorrectly formatted time range values may result in no results or errors.
    • Network connectivity problems can prevent reaching the audit log API.
    • Exceeding rate limits or quota restrictions imposed by the external service.

  • Error messages:

    • Errors include detailed messages with HTTP status codes and response bodies.
    • If the node is not set to continue on fail, it throws an error with context including the query, request body, and URL.
    • To resolve errors, verify API credentials, check the correctness of input parameters, and ensure network access to the API endpoint.

Links and References

  • No direct links are provided in the source code. For more information, consult the documentation of the external audit log API service you are connecting to.

Discussion