Skip to content
API Enriched

Platform event Query.

POST
/api/data/namespaces/{namespace}/platform_events
curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/data/namespaces/example/platform_events \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "aggs": {}, "end_time": "example", "include_config_changes": true, "limit": 1, "namespace": "example", "query": "example", "scroll": true, "sort": "DESCENDING", "start_time": "example", "search_after": true, "sort_values": { "last_doc_id": "example", "last_timestamp": 1 } }'

Request to GET platform event that matches the criteria in request for a given namespace. If no match conditions are specified in the request, then the response contains all CRUD operations performed in the namespace. User with access to the system namespace may query for platform events across all namespaces for a given tenant.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
namespace
required
string

Namespace fetch audit logs for a given namespace.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
PlatformEventRequest

Request to fetch platform events.

object
aggs
aggregations

Aggregations provide summary/analytics data over the log response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregations are key’ed by user-defined aggregation name. The response will be key’ed with the same name. Optional.

object
end_time
end time

Fetch audit logs whose timestamp <= end_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the end_time will be evaluated to start_time+10m If start_time is not specified, then the end_time will be evaluated to

string
<= 1024 characters
include_config_changes
include_config_changes

Platform events of type config change captures old and new object blobs. This flag is used to include the blobs in response. It is introduced to reduce any performance impact UI may face while rendering. Optional: default is false.

boolean format: boolean
limit
limit

Limits the number of logs returned in the response Optional: If not specified, first or last 500 log messages that matches the query (depending on the sort order) will be returned in the response. The maximum value for limit is 500.

integer format: int32
namespace
namespace

Fetch audit logs for a given namespace.

string
>= 6 characters <= 1024 characters
query
query

Query is used to specify the list of matchers syntax for query := {[]} := <field_name>"" <field_name> := string One or more of the following fields in platform events may be specified in the query. User - user name resource_type - resource type resource - resource event_type - event type

:= string := [”=”|”!=”|”=”|”!”] = : equal to != : not equal to =~ : regex match !~ : not regex match When more than one matcher is specified in the query, then platform events matching ALL the matchers will be returned in the response. Example: query={resource_type=“CUSTOMER_EDGE”} will return all platform events with resource_type equals CUSTOMER_EDGE

Optional: If not specified, all the platform events matching the given tenant and namespace are returned.

string
<= 1024 characters
scroll
scroll

Scroll is used to retrieve large number of log messages (or all log messages) that matches the query. If scroll is set to true, the scroll_id in the response can be used in the scroll API to fetch the next batch of logs until there are no more logs left to return. The number of messages in each batch is determined by the limit field. Note: Scroll is used for processing large amount of data and therefore is not intended for real time user request. Optional: default is false.

boolean format: boolean
sort
string
default: DESCENDING
Allowed values: DESCENDING ASCENDING
start_time
start time

Fetch audit logs whose timestamp >= start_time format: unix_timestamp|RFC 3339

Optional: If not specified, then the start_time will be evaluated to end_time-10m If end_time is not specified, then the start_time will be evaluated to -10m.

string
<= 1024 characters
search_after
search after

Search After is used to retrieve large number of log messages (or all log messages) that matches the query. If search_after is set to true, the sort_values in the response can be used in the API to fetch the next batch of logs. The number of messages in each batch is determined by the limit field. Note: Search After is used for processing large amount of data and therefore is not intended for real time user request. Optional: default is false.

boolean format: boolean
sort_values
object
last_doc_id
last_doc_id

This is a unique UUID generated by elastic search.

string
<= 1024 characters
last_timestamp
last timestamp

Configuration parameter for last timestamp

number format: double

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
LogResponse

Response message for AuditLogRequest/AccessLogRequest/LogScrollRequest.

object
aggs
aggregations

Aggregations provide summary/analytics data over the log response. If the number of logs that matched the query is large and cannot be returned in a single response message, user can GET helpful insights/summary using aggregations. The aggregation data is key’ed with the aggregation name specified in the request.

object
logs
logs

List of log messages that matched the query. Not all log messages that matched the query are returned in the response.

Array<string>
scroll_id
scroll id

Long Base-64 encoded string which can be used to retrieve next batch of log messages using the scroll request. Empty scroll_id indicates no more messages to scroll (EOF). Note: scroll_id is valid only for 2 minutes. I.e., If one intend to retrieve next batch of the result, then the scroll request should be sent within 2 minutes upon receiving the LogResponse.

string
<= 1024 characters
total_hits
total hits

Total number of log messages that matched the query.

string format: uint64
<= 1024 characters
last_sort_values
object
last_doc_id
last_doc_id

This is a unique UUID generated by elastic search.

string
<= 1024 characters
last_timestamp
last timestamp

Configuration parameter for last timestamp

number format: double
Examplegenerated
{
  "aggs": {},
  "logs": [
    "example"
  ],
  "scroll_id": "example",
  "total_hits": "example",
  "last_sort_values": {
    "last_doc_id": "example",
    "last_timestamp": 1
  }
}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example