Audit Events (auditevents)

The auditevents endpoint provides information about the application’s audit events.

Retrieving Audit Events

To retrieve the audit events, make a GET request to /actuator/auditevents, as shown in the following curl-based example:

$ curl 'http://localhost:8080/actuator/auditevents?principal=alice&after=2024-12-19T11%3A43%3A06.951450273Z&type=logout' -i -X GET

The preceding example retrieves logout events for the principal, alice, that occurred after 09:37 on 7 November 2017 in the UTC timezone. The resulting response is similar to the following:

HTTP/1.1 200 OK
Content-Type: application/vnd.spring-boot.actuator.v3+json
Content-Length: 127

{
  "events" : [ {
    "timestamp" : "2024-12-19T11:43:06.951995965Z",
    "principal" : "alice",
    "type" : "logout"
  } ]
}

Query Parameters

The endpoint uses query parameters to limit the events that it returns. The following table shows the supported query parameters:

Parameter Description

after

Restricts the events to those that occurred after the given time. Optional.

principal

Restricts the events to those with the given principal. Optional.

type

Restricts the events to those with the given type. Optional.

Response Structure

The response contains details of all of the audit events that matched the query. The following table describes the structure of the response:

Path Type Description

events

Array

An array of audit events.

events.[].timestamp

String

The timestamp of when the event occurred.

events.[].principal

String

The principal that triggered the event.

events.[].type

String

The type of the event.