API to Create Audit Report

I was trying to implement a solution where I pull in the admin audit logs from ZIA. I ended up spinning my wheels for quite some time, so figured I would add a post here for anyone that falls into the same boat. :slight_smile:

In the API guide, under the POST /auditlogEntryReport, the different request fields are listed. Two things I struggled with:

One is which of these fields are required and which are optional? Both the startTime and endTime are required. The rest are optional.

The second part that held me up, was the API guide says to use epoch time. I was using standard epoch time, when in reality you need to use a timestamp in milliseconds. When I wasn’t using milliseconds, I kept getting an HTTP 400 error with the output of {“code”:“SCOPE_LIMITED”,“message”:“Date requests are out of last 6 months.”}. After modifying the timestamps to be milliseconds (add 000 to the end), the request for the report was successful!

1 Like