Audit - Query

Query audit logs for an asset, glossaryTerm, classificationDef, etc.

POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview

URI Parameters

Name In Required Type Description
endpoint
path True

string

url

The datamap endpoint of your Purview account. Example: https://{accountName}.purview.azure.com

api-version
query True

string

The version of the API.

Request Body

Name Type Description
category

AuditCategory

AuditCategory
Audit category in audit log query request.

continuationToken

string

The continuation token to retrieve the next page.

endTime

string

End time of audit log; ISO-8601 representation. Default value is UTC now.

guid

string

GUID of the targe asset, glossary term or classification definition.

keywords

string

Any keywords contained in audit log old value or new value part.

operationType

AuditOperationType

AuditOperationType
Audit operation type.

pageSize

integer

The number of items we hope to return in one page. The maximum value is 1000.

qualifiedName

string

Only applied to asset; specifies the asset qualified name.

sortBy

string

Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested.

sortOrder

AuditSortOrder

AuditSortOrder
Audit query result sort order.

startTime

string

Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z.

typeName

string

Only applied to asset; specifies the asset type name.

userId

string

User principal name or service principle object ID.

Responses

Name Type Description
200 OK

AuditLogQueryResponse

OK. On successful lookup of audit logs within the search criteria.

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Audit_Query

Sample request

POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview

{
  "category": "Asset",
  "guid": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
  "userId": "[email protected]",
  "operationType": "EntityUpdated",
  "keywords": "Tag1",
  "startTime": "2023-05-01T00:00:00.000Z",
  "endTime": "2023-05-30T00:00:00.000Z",
  "sortBy": "CreationTime",
  "sortOrder": "Descending",
  "pageSize": 10
}

Sample response

{
  "continuationToken": "<token>",
  "lastPage": true,
  "totalResultCount": 2,
  "recordCount": 2,
  "resultData": [
    {
      "workload": "PurviewDataMap",
      "recordType": 227,
      "id": "12ea3a18-3712-4417-a12d-7df936e327c9",
      "creationTime": "2023-05-06T08:27:05",
      "operation": "EntityUpdated",
      "organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
      "userType": 0,
      "userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
      "userId": "[email protected]",
      "accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
      "catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
      "changeRequestId": "34d2aa4a-d5bf-4bdf-a954-77df88d9c3df",
      "cloudType": "Azure",
      "serviceType": "[\"Azure Blob Storage\"]",
      "objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
      "objectName": "Audit Log Test",
      "objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
      "objectType": "azure_blob_path",
      "oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}",
      "newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[]}}"
    },
    {
      "workload": "PurviewDataMap",
      "recordType": 227,
      "id": "6abb069e-aefc-4dff-97f4-f36b3d5ac2be",
      "creationTime": "2023-05-06T08:27:01",
      "operation": "EntityUpdated",
      "organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
      "userType": 0,
      "userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
      "userId": "[email protected]",
      "accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
      "catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
      "changeRequestId": "122a460f-9d87-47cd-9683-e27351a3dadd",
      "cloudType": "Azure",
      "serviceType": "[\"Azure Blob Storage\"]",
      "objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
      "objectName": "Audit Log Test",
      "objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
      "objectType": "azure_blob_path",
      "oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\",\"Tag2\"]}}",
      "newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}"
    }
  ]
}

Definitions

Name Description
AuditCategory

AuditCategory

AuditLog

AuditLog

AuditLogQueryRequest

AuditLogQueryRequest

AuditLogQueryResponse

AuditLogQueryResponse

AuditOperationType

AuditOperationType

AuditSortOrder

AuditSortOrder

ErrorResponse

An error response from the service

AuditCategory

AuditCategory

Name Type Description
Asset

string

ClassificationDef

string

GlossaryTerm

string

AuditLog

AuditLog

Name Type Description
accountId

string

Purview account ID.

catalogId

string

Purview catalog ID.

changeRequestId

string

Correlation ID.

clientIP

string

Client IP address.

cloudType

string

Cloud type that the object belongs to

creationTime

string

Timestamp when the audit log was created.

id

string

Log ID.

newValue

string

New data value.

objectCollectionId

string

Object collection ID.

objectFullyQualifiedName

string

Object fully qualified name.

objectId

string

GUID of the targe asset, glossary term or classification definition.

objectName

string

Object name.

objectType

string

Object type name.

oldValue

string

Old data value.

operation

AuditOperationType

AuditOperationType
Audit operation type.

organizationId

string

Customer tenant ID.

recordType

integer

Log metadata. Indicates record type of audit log.

serviceType

string

Service type that the object belongs to

userId

string

User principal name.

userKey

string

User identity.

userType

integer

Type of user that performed the operation.

workload

string

Log metadata. Indicates workload type of audit log.

AuditLogQueryRequest

AuditLogQueryRequest

Name Type Description
category

AuditCategory

AuditCategory
Audit category in audit log query request.

continuationToken

string

The continuation token to retrieve the next page.

endTime

string

End time of audit log; ISO-8601 representation. Default value is UTC now.

guid

string

GUID of the targe asset, glossary term or classification definition.

keywords

string

Any keywords contained in audit log old value or new value part.

operationType

AuditOperationType

AuditOperationType
Audit operation type.

pageSize

integer

The number of items we hope to return in one page. The maximum value is 1000.

qualifiedName

string

Only applied to asset; specifies the asset qualified name.

sortBy

string

Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested.

sortOrder

AuditSortOrder

AuditSortOrder
Audit query result sort order.

startTime

string

Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z.

typeName

string

Only applied to asset; specifies the asset type name.

userId

string

User principal name or service principle object ID.

AuditLogQueryResponse

AuditLogQueryResponse

Name Type Description
continuationToken

string

The continuation token to retrieve the next page. When "lastPage" is false. Client uses this token in the query payload to retrieve the next page.

lastPage

boolean

Indicates whether it's the last page.

recordCount

integer

The number of items in current page.

resultData

AuditLog[]

An array of audit logs.

totalResultCount

integer

The number of total items that qualified for the search criteria.

AuditOperationType

AuditOperationType

Name Type Description
ClassificationAdded

string

ClassificationDefinitionCreated

string

ClassificationDefinitionDeleted

string

ClassificationDefinitionUpdated

string

ClassificationDeleted

string

ClassificationUpdated

string

EntityCreated

string

EntityDeleted

string

EntityUpdated

string

GlossaryTermAssigned

string

GlossaryTermCreated

string

GlossaryTermDeleted

string

GlossaryTermDisassociated

string

GlossaryTermUpdated

string

SensitivityLabelChanged

string

AuditSortOrder

AuditSortOrder

Name Type Description
Ascending

string

Descending

string

ErrorResponse

An error response from the service

Name Type Description
errorCode

string

The error code.

errorMessage

string

The error message.

requestId

string

The request ID.