Audit event fields
An audit event is logged from each management node when there are changes to the API lifecycle or to the organization. For example, publishing a product or creating an organization would trigger this event. The audit event record contains information about the changes to the API lifecycle or organization.
Table 1 lists the fields that are included in an audit event record.
Field name | Type | Description |
---|---|---|
@timestamp | Date | A time stamp that records when the record was written on the management node by the Logstash data collection engine that feeds data into Elasticsearch. |
assetType | String | The asset type. |
consumerOrgid | String | The identifier of the consumer organization that generated the audit event.” |
datetime | Date | Date and time of the audit event. |
eventId | String | The identifier of the catalog that generated the audit event. |
eventType | String | The type of event. |
id | String | Identifier of the event. |
message | String | The audit event message. |
nlsMessage | Object | Metadata that is related to the audit notification. |
notificationType | String | The type of notification. |
orgID | String | The identifier of the provider organization that generated the audit event. |
source | String | The node where the event was requested. |
userId | String | The ID of the user who generated the event. |
The following events are listed in the record and contain internal information that does not
convey any useful audit event information:
- @version – Always 1
- assetId
- client_geoip, gateway_geoip – Empty array
- headers.field_name – Contains internal headers
- host - Always 127.0.0.1
- tags – Empty JSON array