Audit Log Event scheduled-search.create
A scheduled search has been created
This audit log type records operations for the following features:
| Field Type | Type | Availability | Description |
|---|---|---|---|
| actionIds | List[String] | List of action IDs | |
| actor | ActorType | Actor, as defined in humio-audit Actor Structure | |
| backfillLimit | Int | Configured backfill limit | |
| description | Option[String] | Description of the entity of object | |
| enabled | Boolean | Whether the entity has been enabled or not | |
| query | String | Query string | |
| queryEnd | String | End of the query span for running the search | |
| queryOwnership | QueryOwnershipInfo | Owner information for query | |
| queryStart | String | Duration of when the query should start | |
| repoId | String | ID of the repository | |
| repoName | String | Name of the repository | |
| schedule | String | Schedule | |
| scheduledSearchId | String | Scheduled search ID | |
| scheduledSearchName | String | Name of the scheduled search | |
| sensitive | Boolean | Whether the audited event is marked sensitive | |
| timestamp | ZonedDateTime | Timestamp of the audited event | |
| timezone | String | Time zone |
For example (as JSON):
json
{
"actionIds" : [],
"actor" : {
"ip" : "172.17.0.1",
"orgRoot" : true,
"organizationId" : "SINGLE_ORGANIZATION_ID",
"proxyRequest" : false,
"sessionId" : "9U1FuFGIiB0F87CvhD8j1dGlV2RleEDi",
"type" : "orgUser",
"user" : {
"id" : "0O7WGPBX9YbvZbKOrBMd5fgH",
"isRoot" : true,
"username" : "mc"
}
},
"backfillLimit" : 0,
"description" : "",
"enabled" : true,
"query" : "type=\"ERROR\"",
"queryEnd" : "now",
"queryOwnership" : {
"type" : "Organization"
},
"queryStart" : "24h",
"repoId" : "dm5BIUWUq1NsbMxCyb1iT5EH",
"repoName" : "humio-audit",
"schedule" : "0 * * * *",
"scheduledSearchId" : "U9ZW9zOdsVsbqx4hfGTMQ2V5yIrxtaWM",
"scheduledSearchName" : "SecCheck",
"sensitive" : true,
"timestamp" : "2023-12-18T12:34:53.91Z",
"timezone" : "UTC+00:00",
"type" : "scheduled-search.create"
}