Audit - Query

Reference

Service:: Purview

API Version:: 2023-10-01-preview

Query audit logs for an asset, glossaryTerm, classificationDef, etc.

POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview

URI Parameters

Name	In	Required	Type	Description
endpoint	path	True	string (url)	The datamap endpoint of your Purview account. Example: https://{accountName}.purview.azure.com
api-version	query	True	string	The version of the API.

Request Body

Name	Type	Description
category	AuditCategory	AuditCategory Audit category in audit log query request.
continuationToken	string	The continuation token to retrieve the next page.
endTime	string	End time of audit log; ISO-8601 representation. Default value is UTC now.
guid	string	GUID of the targe asset, glossary term or classification definition.
keywords	string	Any keywords contained in audit log old value or new value part.
operationType	AuditOperationType	AuditOperationType Audit operation type.
pageSize	integer (int32)	The number of items we hope to return in one page. The maximum value is 1000.
qualifiedName	string	Only applied to asset; specifies the asset qualified name.
sortBy	string	Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested.
sortOrder	AuditSortOrder	AuditSortOrder Audit query result sort order.
startTime	string	Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z.
typeName	string	Only applied to asset; specifies the asset type name.
userId	string	User principal name or service principle object ID.

Responses

Name	Type	Description
200 OK	AuditLogQueryResponse	OK. On successful lookup of audit logs within the search criteria.
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Audit_Query

Sample request

HTTP

POST {endpoint}/datamap/api/audit/query?api-version=2023-10-01-preview

{
  "category": "Asset",
  "guid": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
  "userId": "contoso@microsoft.com",
  "operationType": "EntityUpdated",
  "keywords": "Tag1",
  "startTime": "2023-05-01T00:00:00.000Z",
  "endTime": "2023-05-30T00:00:00.000Z",
  "sortBy": "CreationTime",
  "sortOrder": "Descending",
  "pageSize": 10
}

Sample response

Status code:: 200

{
  "continuationToken": "<token>",
  "lastPage": true,
  "totalResultCount": 2,
  "recordCount": 2,
  "resultData": [
    {
      "workload": "PurviewDataMap",
      "recordType": 227,
      "id": "12ea3a18-3712-4417-a12d-7df936e327c9",
      "creationTime": "2023-05-06T08:27:05",
      "operation": "EntityUpdated",
      "organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
      "userType": 0,
      "userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
      "userId": "contoso@microsoft.com",
      "accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
      "catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
      "changeRequestId": "34d2aa4a-d5bf-4bdf-a954-77df88d9c3df",
      "cloudType": "Azure",
      "serviceType": "[\"Azure Blob Storage\"]",
      "objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
      "objectName": "Audit Log Test",
      "objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
      "objectType": "azure_blob_path",
      "oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}",
      "newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[]}}"
    },
    {
      "workload": "PurviewDataMap",
      "recordType": 227,
      "id": "6abb069e-aefc-4dff-97f4-f36b3d5ac2be",
      "creationTime": "2023-05-06T08:27:01",
      "operation": "EntityUpdated",
      "organizationId": "4f1dc10a-df9b-4f93-be0c-504b04f6309d",
      "userType": 0,
      "userKey": "1715f5c5-c81d-489e-9ca1-8d40281ef0d8",
      "userId": "contoso@microsoft.com",
      "accountId": "644ab9c7-893a-4a4d-8e0a-591a6556d1a0",
      "catalogId": "d8757510-c866-61ba-486f-1afca09f43b8",
      "changeRequestId": "122a460f-9d87-47cd-9683-e27351a3dadd",
      "cloudType": "Azure",
      "serviceType": "[\"Azure Blob Storage\"]",
      "objectId": "330bd2f1-cf28-4737-8d86-e6f6f6f60000",
      "objectName": "Audit Log Test",
      "objectFullyQualifiedName": "https://contoso.blob.core.windows.net/testfolder1/auditlogtest.json",
      "objectType": "azure_blob_path",
      "oldValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\",\"Tag2\"]}}",
      "newValue": "{\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\":{\"attributes\":{\"name\":\"Audit Log Test\"},\"guid\":\"330bd2f1-cf28-4737-8d86-e6f6f6f60000\",\"labels\":[\"Tag1\"]}}"
    }
  ]
}

Definitions

Name	Description
AuditCategory	AuditCategory
AuditLog	AuditLog
AuditLogQueryRequest	AuditLogQueryRequest
AuditLogQueryResponse	AuditLogQueryResponse
AuditOperationType	AuditOperationType
AuditSortOrder	AuditSortOrder
ErrorResponse	An error response from the service

AuditCategory

Enumeration

AuditCategory

Value	Description
Asset
ClassificationDef
GlossaryTerm

AuditLog

Object

AuditLog

Name	Type	Description
accountId	string	Purview account ID.
catalogId	string	Purview catalog ID.
changeRequestId	string	Correlation ID.
clientIP	string	Client IP address.
cloudType	string	Cloud type that the object belongs to
creationTime	string	Timestamp when the audit log was created.
id	string	Log ID.
newValue	string	New data value.
objectCollectionId	string	Object collection ID.
objectFullyQualifiedName	string	Object fully qualified name.
objectId	string	GUID of the targe asset, glossary term or classification definition.
objectName	string	Object name.
objectType	string	Object type name.
oldValue	string	Old data value.
operation	AuditOperationType	AuditOperationType Audit operation type.
organizationId	string	Customer tenant ID.
recordType	integer (int32)	Log metadata. Indicates record type of audit log.
serviceType	string	Service type that the object belongs to
userId	string	User principal name.
userKey	string	User identity.
userType	integer (int32)	Type of user that performed the operation.
workload	string	Log metadata. Indicates workload type of audit log.

AuditLogQueryRequest

Object

AuditLogQueryRequest

Name	Type	Description
category	AuditCategory	AuditCategory Audit category in audit log query request.
continuationToken	string	The continuation token to retrieve the next page.
endTime	string	End time of audit log; ISO-8601 representation. Default value is UTC now.
guid	string	GUID of the targe asset, glossary term or classification definition.
keywords	string	Any keywords contained in audit log old value or new value part.
operationType	AuditOperationType	AuditOperationType Audit operation type.
pageSize	integer (int32)	The number of items we hope to return in one page. The maximum value is 1000.
qualifiedName	string	Only applied to asset; specifies the asset qualified name.
sortBy	string	Property to sort by. The value should be one of the audit log schema field. Must be used with "SortOrder". CreationTime is suggested.
sortOrder	AuditSortOrder	AuditSortOrder Audit query result sort order.
startTime	string	Start time of audit log; ISO-8601 representation. Default value is 1970-01-01T00:00:00Z.
typeName	string	Only applied to asset; specifies the asset type name.
userId	string	User principal name or service principle object ID.

AuditLogQueryResponse

Object

AuditLogQueryResponse

Name	Type	Description
continuationToken	string	The continuation token to retrieve the next page. When "lastPage" is false. Client uses this token in the query payload to retrieve the next page.
lastPage	boolean	Indicates whether it's the last page.
recordCount	integer (int32)	The number of items in current page.
resultData	AuditLog[]	An array of audit logs.
totalResultCount	integer (int32)	The number of total items that qualified for the search criteria.

AuditOperationType

Enumeration

AuditOperationType

Value	Description
ClassificationAdded
ClassificationDefinitionCreated
ClassificationDefinitionDeleted
ClassificationDefinitionUpdated
ClassificationDeleted
ClassificationUpdated
EntityCreated
EntityDeleted
EntityUpdated
GlossaryTermAssigned
GlossaryTermCreated
GlossaryTermDeleted
GlossaryTermDisassociated
GlossaryTermUpdated
SensitivityLabelChanged

AuditSortOrder

Enumeration

AuditSortOrder

Value	Description
Ascending
Descending

ErrorResponse

Object

An error response from the service

Name	Type	Description
errorCode	string	The error code.
errorMessage	string	The error message.
requestId	string	The request ID.

Share via

Audit - Query

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Audit_Query

Sample request

Sample response

Definitions

AuditCategory

AuditLog

AuditLogQueryRequest

AuditLogQueryResponse

AuditOperationType

AuditSortOrder

ErrorResponse

Additional resources