Audit - Query
Query audit logs for an asset, glossaryTerm, classificationDef, etc.
POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
endpoint
|
path | True |
string url |
The datamap endpoint of your Purview account. Example: https://{accountName}.purview.azure.com |
api-version
|
query | True |
string |
The version of the API. |
Request Body
Name | Type | Description |
---|---|---|
category |
AuditCategory |
|
continuationToken |
string |
The continuation token to retrieve the next page. |
endTime |
string |
End time of audit log; ISO-8601 representation. Default value is UTC now. |
guid |
string |
GUID of the targe asset, glossary term or classification definition. |
keywords |
string |
Any keywords contained in audit log old value or new value part. |
operationType |
AuditOperationType |
|
pageSize |
integer |
The number of items we hope to return in one page. The maximum value is 1000. |
qualifiedName |
string |
Only applied to asset; specifies the asset qualified name. |
sortBy |
string |
Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested. |
sortOrder |
AuditSortOrder |
|
startTime |
string |
Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z. |
typeName |
string |
Only applied to asset; specifies the asset type name. |
userId |
string |
User principal name or service principle object ID. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK. On successful lookup of audit logs within the search criteria. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Audit_Query
Sample request
POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview
{
"category": "Asset",
"guid": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
"userId": "[email protected]",
"operationType": "EntityUpdated",
"keywords": "Tag1",
"startTime": "2023-05-01T00:00:00.000Z",
"endTime": "2023-05-30T00:00:00.000Z",
"sortBy": "CreationTime",
"sortOrder": "Descending",
"pageSize": 10
}
Sample response
{
"continuationToken": "<token>",
"lastPage": true,
"totalResultCount": 2,
"recordCount": 2,
"resultData": [
{
"workload": "PurviewDataMap",
"recordType": 227,
"id": "12ea3a18-3712-4417-a12d-7df936e327c9",
"creationTime": "2023-05-06T08:27:05",
"operation": "EntityUpdated",
"organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
"userType": 0,
"userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
"userId": "[email protected]",
"accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
"catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
"changeRequestId": "34d2aa4a-d5bf-4bdf-a954-77df88d9c3df",
"cloudType": "Azure",
"serviceType": "[\"Azure Blob Storage\"]",
"objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
"objectName": "Audit Log Test",
"objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
"objectType": "azure_blob_path",
"oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}",
"newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[]}}"
},
{
"workload": "PurviewDataMap",
"recordType": 227,
"id": "6abb069e-aefc-4dff-97f4-f36b3d5ac2be",
"creationTime": "2023-05-06T08:27:01",
"operation": "EntityUpdated",
"organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
"userType": 0,
"userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
"userId": "[email protected]",
"accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
"catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
"changeRequestId": "122a460f-9d87-47cd-9683-e27351a3dadd",
"cloudType": "Azure",
"serviceType": "[\"Azure Blob Storage\"]",
"objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
"objectName": "Audit Log Test",
"objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
"objectType": "azure_blob_path",
"oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\",\"Tag2\"]}}",
"newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}"
}
]
}
Definitions
Name | Description |
---|---|
Audit |
AuditCategory |
Audit |
AuditLog |
Audit |
AuditLogQueryRequest |
Audit |
AuditLogQueryResponse |
Audit |
AuditOperationType |
Audit |
AuditSortOrder |
Error |
An error response from the service |
AuditCategory
AuditCategory
Name | Type | Description |
---|---|---|
Asset |
string |
|
ClassificationDef |
string |
|
GlossaryTerm |
string |
AuditLog
AuditLog
Name | Type | Description |
---|---|---|
accountId |
string |
Purview account ID. |
catalogId |
string |
Purview catalog ID. |
changeRequestId |
string |
Correlation ID. |
clientIP |
string |
Client IP address. |
cloudType |
string |
Cloud type that the object belongs to |
creationTime |
string |
Timestamp when the audit log was created. |
id |
string |
Log ID. |
newValue |
string |
New data value. |
objectCollectionId |
string |
Object collection ID. |
objectFullyQualifiedName |
string |
Object fully qualified name. |
objectId |
string |
GUID of the targe asset, glossary term or classification definition. |
objectName |
string |
Object name. |
objectType |
string |
Object type name. |
oldValue |
string |
Old data value. |
operation |
AuditOperationType |
|
organizationId |
string |
Customer tenant ID. |
recordType |
integer |
Log metadata. Indicates record type of audit log. |
serviceType |
string |
Service type that the object belongs to |
userId |
string |
User principal name. |
userKey |
string |
User identity. |
userType |
integer |
Type of user that performed the operation. |
workload |
string |
Log metadata. Indicates workload type of audit log. |
AuditLogQueryRequest
AuditLogQueryRequest
Name | Type | Description |
---|---|---|
category |
AuditCategory |
|
continuationToken |
string |
The continuation token to retrieve the next page. |
endTime |
string |
End time of audit log; ISO-8601 representation. Default value is UTC now. |
guid |
string |
GUID of the targe asset, glossary term or classification definition. |
keywords |
string |
Any keywords contained in audit log old value or new value part. |
operationType |
AuditOperationType |
|
pageSize |
integer |
The number of items we hope to return in one page. The maximum value is 1000. |
qualifiedName |
string |
Only applied to asset; specifies the asset qualified name. |
sortBy |
string |
Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested. |
sortOrder |
AuditSortOrder |
|
startTime |
string |
Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z. |
typeName |
string |
Only applied to asset; specifies the asset type name. |
userId |
string |
User principal name or service principle object ID. |
AuditLogQueryResponse
AuditLogQueryResponse
Name | Type | Description |
---|---|---|
continuationToken |
string |
The continuation token to retrieve the next page. When "lastPage" is false. Client uses this token in the query payload to retrieve the next page. |
lastPage |
boolean |
Indicates whether it's the last page. |
recordCount |
integer |
The number of items in current page. |
resultData |
Audit |
An array of audit logs. |
totalResultCount |
integer |
The number of total items that qualified for the search criteria. |
AuditOperationType
AuditOperationType
Name | Type | Description |
---|---|---|
ClassificationAdded |
string |
|
ClassificationDefinitionCreated |
string |
|
ClassificationDefinitionDeleted |
string |
|
ClassificationDefinitionUpdated |
string |
|
ClassificationDeleted |
string |
|
ClassificationUpdated |
string |
|
EntityCreated |
string |
|
EntityDeleted |
string |
|
EntityUpdated |
string |
|
GlossaryTermAssigned |
string |
|
GlossaryTermCreated |
string |
|
GlossaryTermDeleted |
string |
|
GlossaryTermDisassociated |
string |
|
GlossaryTermUpdated |
string |
|
SensitivityLabelChanged |
string |
AuditSortOrder
AuditSortOrder
Name | Type | Description |
---|---|---|
Ascending |
string |
|
Descending |
string |
ErrorResponse
An error response from the service
Name | Type | Description |
---|---|---|
errorCode |
string |
The error code. |
errorMessage |
string |
The error message. |
requestId |
string |
The request ID. |