Get Logs
The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API.
External Documentation
To learn more, visit the Okta documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Query | Filters the log events results by one or more exact keywords. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Since | Filters the lower time bound of the log events published property for bounded queries or persistence time for polling queries. |
| Until | Filters the upper time bound of the log events published property for bounded queries or persistence time for polling queries. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Filter | Filter Expression that filters the results, for more information visit https://developer.okta.com/docs/reference/api/system-log/#expression-filter |
| Limit | Sets the number of results that are returned in the response. |
| Sort Order | The order of the returned events. |
Example Output
[
{
"version": "0",
"severity": "INFO",
"client": {
"zone": "OFF_NETWORK",
"device": "Unknown",
"userAgent": {
"os": "Unknown",
"browser": "UNKNOWN",
"rawUserAgent": "UNKNOWN-DOWNLOAD"
},
"ipAddress": "12.97.85.90"
},
"actor": {
"id": "00u1qw1mqitPHM8AJ0g7",
"type": "User",
"alternateId": "admin@example.com",
"displayName": "John Doe"
},
"outcome": {
"result": "SUCCESS"
},
"uuid": "f790999f-fe87-467a-9880-6982a583986c",
"published": "2017-09-31T22:23:07.777Z",
"eventType": "user.session.start",
"displayMessage": "User login to Okta",
"transaction": {
"type": "WEB",
"id": "V04Oy4ubUOc5UuG6s9DyNQAABtc"
},
"debugContext": {
"debugData": {
"requestUri": "/login/do-login"
}
},
"legacyEventType": "core.user_auth.login_success",
"authenticationContext": {
"authenticationStep": 0,
"externalSessionId": "1013FfF-DKQSvCI4RVXChzX-w"
}
}
]
Workflow Library Example
Get Alerts for Login Attempts of Disabled Users in Okta
Preview this Workflow on desktop