SystemLogs
System log events.
View Specific Information
Required Scopes
To query this view, Scope must include okta.logs.read.
Select
The provider uses the Okta API to process WHERE clause conditions built with the following columns and operators.Note that the LIKE operator is case-sensitive.
- Uuid supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- Version supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- Severity supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- EventType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- LegacyEventType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- DisplayMessage supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorAlternateId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientDevice supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientIpAddress supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientZone supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- OutcomeResult supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- TransactionId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- TransactionType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthenticationProvider supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthenticationStep supports the '>', '>=', '=', '<=', '<', and '!=' operators
- AuthCredentialProvider supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthCredentialType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthExternalSessionId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthInterface supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- DebugRequestUri supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityAsNumber supports the '>', '>=', '=', '<=', '<', and '!=' operators
- SecurityAsOrg supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityISP supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityDomain supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityIsProxy supports the '>', '>=', '=', '<=', '<', and '!=' operators
- Since supports the '=' operator
- Until supports the '=' operator
All other filters are processed client-side within the provider.
For example, the following query is processed server-side:
SELECT * FROM SystemLogs WHERE Since='08-05-2024' AND Until = '08-06-2024' AND ClientId='0oaip3enwg675lSno5d7'
Columns
| Name | Type | Description |
| Uuid [KEY] | String | Identifier for an individual event |
| Version | String | Versioning indicator |
| Severity | String | How severe the event is |
| Published | Datetime | When the event was published. |
| EventType | String | Type of event |
| LegacyEventType | String | Associated Events action object type |
| DisplayMessage | String | Display message of an event |
| ActorId | String | Id of the entity that performs an action |
| ActorType | String | Type of actor |
| ActorName | String | Display name of the actor |
| ActorAlternateId | String | Alternate Id of the actor |
| ClientId | String | Id of the request that initiates an action |
| ClientDevice | String | Type of device from which the client operates. For example, Computer. |
| ClientIpAddress | String | IP address from which the client makes a request. |
| ClientZone | String | The name of the zone to which the client's location is mapped. |
| OutcomeResult | String | Outcome of an action |
| TransactionId | String | Id of the transaction of an action |
| TransactionType | String | Type of transaction |
| AuthenticationProvider | String | System that proves the identity of an actor using the credentials provided to it |
| AuthenticationStep | Integer | Zero-based step number in the authentication pipeline. Currently unused and always 0. |
| AuthCredentialProvider | String | Software service that manages identities and their associated credentials. |
| AuthCredentialType | String | The underlying technology or scheme used in the credential. |
| AuthExternalSessionId | String | Proxy for the actor's session id. |
| AuthInterface | String | The third-party user interface through which the actor authenticates. |
| DebugRequestUri | String | Request Uri of the debug context. |
| SecurityAsNumber | Integer | Autonomous system number associated with the system the event request was sourced to. |
| SecurityAsOrg | String | Organization associated with the system the event request was sourced to. |
| SecurityISP | String | Internet service provider used to send the event's request. |
| SecurityDomain | String | The domain name associated with the IP address of the inbound event request. |
| SecurityIsProxy | Boolean | Whether the event's request is from a known proxy. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements, and offer a more granular control over the tuples that are returned from the data source.
| Name | Type | Description |
| Since | Datetime | Lower limit for the published date. Defaults to 7 days before the until parameter. |
| Until | Datetime | Upper limit for the published date. Defaults to the current time. |