Get all events for a tenant.

Gets the management, sso and authentication events by default for a tenant. The events API will max out at 10000 events in the response. To get the next batch of events, use the time and id from the search_after object in the response from the current call for the subsequent calls.

Entitlements required: manageReports or readReports.

Query Params
string
Defaults to no

get all types of events.

string

The type or types of events to return. The default setting includes management, sso and authentication event types.

Event types must be in a comma separated list that is surrounded by quotes and the quotes must be escaped.

Other events that can be included are: service, fulfillment, adaptive_risk, cert_campaign, access_request, account_sync, token, privacy_consent, risk, threat or notice events.
Here is an example to include some events: event_type="authentication","management","sso","token","fulfillment","adaptive_risk","cert_campaign","access_request","account_sync","privacy_consent","threat", "notice"

string

The resource type or types of management events to return. The default setting is all resource types.
The event_type filter must include management events to filter by resource type.
Resource types include user, token, app_consent, campaign, instance and so on.

Resource types must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.
Example: resource="user","token","app_consent", "campaign", "instance"

string

The name of the field to filter. The default value of filter_key for management events and cert_campaign events is data.performedby_type.

Here is an example for filter_key
Example: filter_key=data.performedby_type

string

The value of the field to be filtered. The default value for filter value of performedby_type for management events and cert_campaign events is *.

Filter values must be in a comma separated list that is surrounded by quotation marks and the quotation marks must be escaped.

Here is an example for filter_value
Example: filter_value="user","api","system"

string

The lower bound Unix Epoch timestamp of events to return. The default setting is the last 24 hours.
Input must be an Unix Epoch timestamp (milliseconds).

string

The upper bound Unix Epoch timestamp of events to return. The default setting is the current time.
Input must be an Unix Epoch timestamp (milliseconds).

string

The event ID of a previously returned event, after which to start searching. If the sort_order is ascending, then events that are generated or processed after this event are returned in increasing time. Note, the default sort order is descending. With this default the events are returned in decreasing time in the subsequent calls from the last event.
If from and to values are included in the original request, keep them the same in the following requests to maintain the correct timeframe. To identify the event after which to start searching,

after_id is the ID of the event after which to search and must be used in conjunction with after_time.

Example: id

string

The event generation time (time) or event processing time by transform service (indexed_at) of a previously returned event, after which to start searching. If the sort_order is ascending, then the events generated or processed after this event are returned in increasing time for the subsequent calls. Note, the default sort order is descending.
If from and to values are included in the original request, keep them the same in the following requests to maintain the correct timeframe To identify the event after which to start searching,

after_time is the generation timestamp of the event after which to search and must be used in conjunction with after_id

Example: time

string
Defaults to time

Range type of the event either time (when the event was generated) or indexed_at (when event was processed by the transform service). The default setting is time.

int32

The number of events to return. The default setting is 50. The maximum is 10,000.

string

The sort order of the events: desc, asc. The default order is desc.

Responses

400

Bad Request.

403

Forbidden.

Language
URL
Choose an example:
application/json