SystemLogs
System log events.
View Specific Information
Required Scopes
To query this view, Scope must include okta.logs.read.
Select
The add-in uses the Okta API to process WHERE clause conditions built with the following columns and operators.Note that the LIKE operator is case-sensitive.
- Uuid supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- Version supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- Severity supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- EventType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- LegacyEventType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- DisplayMessage supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ActorAlternateId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientDevice supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientIpAddress supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- ClientZone supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- OutcomeResult supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- TransactionId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- TransactionType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthenticationProvider supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthenticationStep supports the '>', '>=', '=', '<=', '<', and '!=' operators
- AuthCredentialProvider supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthCredentialType supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthExternalSessionId supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- AuthInterface supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- DebugRequestUri supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityAsNumber supports the '>', '>=', '=', '<=', '<', and '!=' operators
- SecurityAsOrg supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityISP supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityDomain supports the '>', '>=', '=', '<=', '<', '!=', and 'LIKE' operators
- SecurityIsProxy supports the '>', '>=', '=', '<=', '<', and '!=' operators
- Since supports the '=' operator
- Until supports the '=' operator
All other filters are processed client-side within the add-in.
For example, the following query is processed server-side:
SELECT * FROM SystemLogs WHERE Since='08-05-2024' AND Until = '08-06-2024' AND ClientId='0oaip3enwg675lSno5d7'
Columns
Name | Type | Description |
Uuid [KEY] | String | Identifier for an individual event |
Version | String | Versioning indicator |
Severity | String | How severe the event is |
Published | Datetime | When the event was published. |
EventType | String | Type of event |
LegacyEventType | String | Associated Events action object type |
DisplayMessage | String | Display message of an event |
ActorId | String | Id of the entity that performs an action |
ActorType | String | Type of actor |
ActorName | String | Display name of the actor |
ActorAlternateId | String | Alternate Id of the actor |
ClientId | String | Id of the request that initiates an action |
ClientDevice | String | Type of device from which the client operates. For example, Computer. |
ClientIpAddress | String | IP address from which the client makes a request. |
ClientZone | String | The name of the zone to which the client's location is mapped. |
OutcomeResult | String | Outcome of an action |
TransactionId | String | Id of the transaction of an action |
TransactionType | String | Type of transaction |
AuthenticationProvider | String | System that proves the identity of an actor using the credentials provided to it |
AuthenticationStep | Integer | Zero-based step number in the authentication pipeline. Currently unused and always 0. |
AuthCredentialProvider | String | Software service that manages identities and their associated credentials. |
AuthCredentialType | String | The underlying technology or scheme used in the credential. |
AuthExternalSessionId | String | Proxy for the actor's session id. |
AuthInterface | String | The third-party user interface through which the actor authenticates. |
DebugRequestUri | String | Request Uri of the debug context. |
SecurityAsNumber | Integer | Autonomous system number associated with the system the event request was sourced to. |
SecurityAsOrg | String | Organization associated with the system the event request was sourced to. |
SecurityISP | String | Internet service provider used to send the event's request. |
SecurityDomain | String | The domain name associated with the IP address of the inbound event request. |
SecurityIsProxy | Boolean | Whether the event's request is from a known proxy. |
Pseudo-Columns
Pseudo column fields are used in the WHERE clause of SELECT statements, and offer a more granular control over the tuples that are returned from the data source.
Name | Type | Description |
Since | Datetime | Lower limit for the published date. Defaults to 7 days before the until parameter. |
Until | Datetime | Upper limit for the published date. Defaults to the current time. |