The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API.

External Documentation

To learn more, visit the Okta documentation.

Basic Parameters

ParameterDescription
QueryFilters the log events results by one or more exact keywords.
Return All PagesAutomatically fetch all resources, page by page.
SinceFilters the lower time bound of the log events published property for bounded queries or persistence time for polling queries.
UntilFilters the upper time bound of the log events published property for bounded queries or persistence time for polling queries.

Advanced Parameters

ParameterDescription
FilterFilter Expression that filters the results, for more information visit https://developer.okta.com/docs/reference/api/system-log/#expression-filter
LimitSets the number of results that are returned in the response.
Sort OrderThe order of the returned events.

Example Output

[
	{
		"actor": {
			"id": "<string>",
			"type": "<string>",
			"alternateId": "<string>",
			"displayName": "<string>",
			"detailEntry": null
		},
		"client": {
			"userAgent": {
				"rawUserAgent": "<string>",
				"os": "<string>",
				"browser": "<string>"
			},
			"zone": "<string>",
			"device": "<string>",
			"id": null,
			"ipAddress": "<string>",
			"geographicalContext": {
				"city": "<string>",
				"state": "<string>",
				"country": "<string>",
				"postalCode": "<string>",
				"geolocation": {
					"lat": 16,
					"lon": 36
				}
			}
		},
		"device": null,
		"authenticationContext": {
			"authenticationProvider": null,
			"credentialProvider": null,
			"credentialType": null,
			"issuer": null,
			"interface": null,
			"authenticationStep": 1,
			"rootSessionId": "<string>",
			"externalSessionId": "<string>"
		},
		"displayMessage": "<string>",
		"eventType": "<string>",
		"outcome": {
			"result": "<string>",
			"reason": "<string>"
		},
		"published": "2001-11-12T14:30:22.922Z",
		"securityContext": {
			"asNumber": 16883,
			"asOrg": "<string>",
			"isp": "<string>",
			"domain": null,
			"isProxy": false
		},
		"severity": "<string>",
		"debugContext": {
			"debugData": {
				"authnRequestId": "<string>",
				"deviceFingerprint": "<string>",
				"oktaUserAgentExtended": "<string>",
				"requestId": "<string>",
				"dtHash": "<string>",
				"challengeAuthenticatorsList": "<string>",
				"requestUri": "<string>",
				"threatSuspected": "<string>",
				"url": "<string>",
				"logOnlySecurityData": "<string>"
			}
		},
		"legacyEventType": null,
		"transaction": {
			"type": "<string>",
			"id": "<string>",
			"detail": {}
		},
		"uuid": "<string>",
		"version": "<string>",
		"request": {
			"ipChain": [
				{
					"ip": "<string>",
					"geographicalContext": {
						"city": "<string>",
						"state": "<string>",
						"country": "<string>",
						"postalCode": "<string>",
						"geolocation": {
							"lat": 9,
							"lon": 50
						}
					},
					"version": "<string>",
					"source": null
				}
			]
		},
		"target": [
			{
				"id": "<string>",
				"type": "<string>",
				"alternateId": "<string>",
				"displayName": "<string>",
				"detailEntry": {
					"signOnModeType": "<string>",
					"signOnModeEvaluationResult": "<string>"
				}
			},
			{
				"id": "<string>",
				"type": "<string>",
				"alternateId": "<string>",
				"displayName": "<string>",
				"detailEntry": {
					"policyName": "<string>",
					"policyRuleFactorMode": "<string>"
				}
			}
		]
	},
	{
		"actor": {
			"id": "<string>",
			"type": "<string>",
			"alternateId": "<string>",
			"displayName": "<string>",
			"detailEntry": null
		},
		"client": {
			"userAgent": {
				"rawUserAgent": "<string>",
				"os": "<string>",
				"browser": "<string>"
			},
			"zone": "<string>",
			"device": "<string>",
			"id": null,
			"ipAddress": "<string>",
			"geographicalContext": {
				"city": "<string>",
				"state": "<string>",
				"country": "<string>",
				"postalCode": "<string>",
				"geolocation": {
					"lat": 70,
					"lon": 31
				}
			}
		},
		"device": null,
		"authenticationContext": {
			"authenticationProvider": "<string>",
			"credentialProvider": null,
			"credentialType": "<string>",
			"issuer": null,
			"interface": "<string>",
			"authenticationStep": 1,
			"rootSessionId": "<string>",
			"externalSessionId": "<string>"
		},
		"displayMessage": "<string>",
		"eventType": "<string>",
		"outcome": {
			"result": "<string>",
			"reason": null
		},
		"published": "2017-12-14T07:43:21.762Z",
		"securityContext": {
			"asNumber": 2191,
			"asOrg": "<string>",
			"isp": "<string>",
			"domain": null,
			"isProxy": false
		},
		"severity": "<string>",
		"debugContext": {
			"debugData": {
				"agentid": "<string>",
				"delauthtimeout": "<string>",
				"deviceFingerprint": "<string>",
				"behaviors": "<string>",
				"requestUri": "<string>",
				"delauthtimespentatagent": "<string>",
				"url": "<string>",
				"authnRequestId": "<string>",
				"requestId": "<string>",
				"dtHash": "<string>",
				"actionid": "<string>",
				"delauthtimetotal": "<string>",
				"risk": "<string>",
				"threatSuspected": "<string>",
				"delauthtimespentatdomaincontroller": "<string>"
			}
		},
		"legacyEventType": "<string>",
		"transaction": {
			"type": "<string>",
			"id": "<string>",
			"detail": {}
		},
		"uuid": "<string>",
		"version": "<string>",
		"request": {
			"ipChain": [
				{
					"ip": "<string>",
					"geographicalContext": {
						"city": "<string>",
						"state": "<string>",
						"country": "<string>",
						"postalCode": "<string>",
						"geolocation": {
							"lat": 47,
							"lon": 51
						}
					},
					"version": "<string>",
					"source": null
				}
			]
		},
		"target": [
			{
				"id": "<string>",
				"type": "<string>",
				"alternateId": "<string>",
				"displayName": "<string>",
				"detailEntry": null
			},
			{
				"id": "<string>",
				"type": "<string>",
				"alternateId": "<string>",
				"displayName": "<string>",
				"detailEntry": null
			}
		]
	}
]

Workflow Library Example

Get Logs with Okta and Send Results Via Email

Preview this Workflow on desktop