Skip to main content

GraphQL Endpoint

The recommended way to search events using an API is to POST your query and variables to the appropriate Retraced GraphQL endpoint.

APIEndpoint
Publisherhttp://localhost:3000/auditlog/publisher/v1/project/{project_id}/graphql
Adminhttp://localhost:3000/auditlog/admin/v1/project/{project_id}/environment/{environment_id}/graphql
Enterprisehttp://localhost:3000/auditlog/enterprise/v1/graphql
Viewerhttp://localhost:3000/auditlog/viewer/v1/graphql
Viewer Paginated by page size and offsethttp://localhost:3000/auditlog/viewer/v1/graphql/paginated

This query is used for the GraphQL API with cursor pagination. The query root provides a search method. A fully-formed query for a subset of event fields would look like this:

{
  search(query:"action:user.login location:Germany", last:50, before:"opaquecursor") {
    totalCount
    pageInfo {
      hasNextPage
    }
    edges {
      cursor
      node {
        action
        actor {
          name
        }
        created
        country
      }
    }
  }
}

Variables

Use query, last, and before variables to enable reuse of your query templates. If you define a parameterized query like this...

const searchQuery = `query Search($query: String!, $last: Int, $before: String) {
  search(query:"action:user.login location:Germany", last:50, before:"opaquecursor") {
    totalCount
    pageInfo {
      hasNextPage
    }
    edges {
      cursor
      node {
        action
        actor {
          name
        }
        created
        country
      }
    }
  }
}`;

... then you can execute searches like this:

const vars = {
  query: 'action:user.login location:Germany',
  last: 50,
  before: 'opaquecursor',
};
const res = fetch(
  'http://localhost:3000/auditlog/publisher/v1/project/3hf140713bn302/graphql',
  {
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      Authorization: 'Token token=2ba3059ad7f14071b9befb2a7a2e195e',
    },
    body: JSON.stringify({
      query: searchQuery,
      variables: vars,
    }),
  }
);

Search by page size and offset

For GraphQL API with page size & page limit based pagination, you can use the following query.

{
  searchPaginated(query:"action:user.login location:Germany", pageOffset: 0, pageLimit: 20, startCursor: "", sortOrder: "desc") {
    totalCount
    edges {
      cursor
      node {
        action
        actor {
          name
        }
        created
        country
      }
    }
  }
}

Variables

Use query, pageOffset, pageLimit, sortOrder and startCursor variables to enable reuse of your query templates. If you define a parameterized query like this...

const searchQuery = `query SearchPaginated($query: String!, $pageOffset: Int!, $pageLimit: Int!, $startCursor: String, $sortOrder: sortOrder) {
  searchPaginated(query: $query, pageOffset: $pageOffset, pageLimit: $pageLimit, startCursor: $startCursor, sortOrder: $sortOrder) {
    totalCount
    edges {
      cursor
      node {
        action
        actor {
          name
        }
        created
        country
      }
    }
  }
}`;

... then you can execute searches like this:

const vars = {
  query: 'action:user.login location:Germany',
  pageOffset: 0,
  pageLimit: 20,
  startCursor: 'opaquecursor',
  sortOrder: 'desc',
};
const res = fetch(
  'http://localhost:3000/auditlog/viewer/v1/graphql/paginated',
  {
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
      Authorization:
        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJhZjFmYzY5NzhhNzRmZGZhMWJmMzI3MjlmZjRhZTYyIiwicHJvamVjdElkIjoiZGV2IiwiZW52aXJvbmiu7nRJZCI6ImRldiIsImdyb3VwSWQiOiIyMmQ4NzVhMS01YTI3LTQ2NjMtOTBlYi1iNGU3Yjk3ZGFhODAiLCJ2aWV3T896QWN0aW9uIjoiYXVkaXQubG9nLnZpZXciLCJhY3RvcklkIjoiYWRtaW4iLCJjcmVhdGVkIjoxNzIyOTIyMzc3MDAwLCJzY29wZSI6IiIsImlwIjoiMTkyLjE2OC42NS4xIiwiaWF0IjoxNzIyOTIyMzgwfQ.MIzMboQLvQxI5Xh7g3L-qjTl8qR9sXu5po2psVmz-Y4',
    },
    body: JSON.stringify({
      query: searchQuery,
      variables: vars,
    }),
  }
);

Schema Types

Table of Contents

Query

The root query object of the Retraced GraphQL interface.

FieldArgumentTypeDescription
searchSearchQueryResult

Run an advanced search for events.

queryString

The structured search operators used to filter events.

firstInt

The limit of events to return, sorted from oldest to newest. It can optionally be used with the after argument.

afterString

A cursor returned from a previous query.

lastInt

The limit of events to return, sorted from newest to oldest. It can optionally be used with the before argument.

beforeString

A cursor returned from a previous query.

searchPaginatedPaginatedSearchQueryResult

Run a paginated advanced search for events.

queryString

The structured search operators used to filter events.

pageOffsetInt

The number of events to offset from the start of the results.

pageLimitInt

The maximum number of results per page.

startCursorString

A cursor returned from the first event of the first page to make sure the window of events in maintained.

sortOrderSortOrder

The order to sort the results in.

Objects

Action

An action.

FieldArgumentTypeDescription
actionString

The action field of an event such as "user.login".

Actor

The agent who performed an event.

FieldArgumentTypeDescription
idID

A unique id representing this actor.

nameString

The name of this actor.

hrefString

The URL associated with this actor.

fields[Field]

The set of fields associated with this actor.

Display

FieldArgumentTypeDescription
markdownString

Event

A single record in an audit log.

FieldArgumentTypeDescription
idID

A unique id representing this event.

actionString

The type of action that was taken to generate this event.

descriptionString

The description of the event that was taken.

groupGroup

The group associated with this event.

actorActor

The actor associated with this event.

targetTarget

The target associated with this event.

crudCRUD

The classification of this event as create, read, update, or delete.

displayDisplay

The display text for this event.

receivedString

The time that the Retraced API received this event.

createdString

The time that this event was reported as performed.

canonical_timeString

The created time if specified; else the received time.

is_failureBoolean

Set to true if the event represents a failed use of permissions.

is_anonymousBoolean

Set to true if the user was not logged in when performing this action.

source_ipString

The IP address of the actor when the action was performed.

countryString

The country that the actor was in when the action was performed.

loc_subdiv1String

The large area of the country the actor was in when the action was performed (State).

loc_subdiv2String

The granular area of the country the actor was in when the action was performed (City).

componentString

An identifier for the vendor app component that sent the event.

versionString

An identifier for the version of the vendor app that sent the event, usually a git SHA

fields[Field]

The set of fields associated with this event.

rawString

The raw event sent to the Retraced API.

SearchEventEdge

The event and cursor for a single result.

FieldArgumentTypeDescription
nodeEvent

The event object.

cursorString

An opaque cursor for paginating from this point in the search results. Use it as the after argument to paginate forward or the before argument to paginate backward.

SearchQueryResult

The results of a search query.

FieldArgumentTypeDescription
edges[SearchEventEdge]

The events and cursors matching the query.

pageInfoPageInfo

Indications that more search results are available.

totalCountInt

The total number of search results matched by the query.

PaginatedSearchQueryResult

The results of hte paginated search query.

FieldArgumentTypeDescription
edges[SearchEventEdge]

The events and cursors matching the query.

totalCountInt

The total number of search results matched by the query.

Field

FieldArgumentTypeDescription
keyString

The key for this field.

valueString

The value for this field.

Group

The group this event is associated with.

FieldArgumentTypeDescription
idID

A unique id representing this group.

nameString

The name of this group.

PageInfo

FieldArgumentTypeDescription
hasNextPageBoolean

When paging forward with first, indicates more results are available.

hasPreviousPageBoolean

When paging backward with last, indicates more results are available.

Target

The object an event is performed on.

FieldArgumentTypeDescription
idID

A unique id representing this target.

nameString

The name of this target.

hrefString

The URL associated with this target.

typeString

The type of this target entity.

fields[Field]

The set of fields associated with this target.

Enums

CRUD

Create | Read | Update | Delete

ValueDescription
c

create

r

read

u

update

d

delete

SortOrder

Ascending | Descending

ValueDescription
asc

Ascending

desc

Descending

Scalars

Boolean

The Boolean scalar type represents true or false.

ID

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Int

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

String

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.