Audit query configuration specifying services, filters, and options.
No Additional PropertiesArray of services to include in the audit query.
No Additional ItemsList of filters for query results. See API documentation for "Query Methods" for more guidance.
No Additional Items[
[
"name",
"=",
"bob"
]
]
[
[
"OR",
[
[
[
"name",
"=",
"bob"
]
],
[
[
"name",
"=",
"larry"
]
]
]
]
]
If the query-option force_sql_filters is true, then the query will be converted into a more efficient form for better performance. This will not be possible if filters use keys within svc_data and event_data.
Extra options are defined on a per-endpoint basis and are described in the documentation for the associated query method.
An array of field names describing the manner in which query results should be ordered. The field names may also have one of more of the following special prefixes: - (reverse sort direction), nulls_first: (place any null values at the head of the results list), nulls_last: (place any null values at the tail of the results list).
[
"size",
"-devname",
"nulls_first:-expiretime"
]
An array of field names specifying the exact fields to include in the query return. The dot character . may be used to explicitly select only subkeys of the query result.
[
"username",
"Authentication.status"
]
Return a numeric value representing the number of items that match the specified query-filters.
Return the JSON object of the first result matching the specified query-filters. The query fails if there specified query-filters return no results.
This specifies the beginning offset of the results array. When combined with the limit query-option it may be used to implement pagination of large results arrays. WARNING: some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
This specifies the maximum number of results matching the specified query-filters to return. When combined wtih the offset query-option it may be used to implement pagination of large results arrays.
WARNING: Some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
Force use of SQL for result filtering to reduce response time. May not work for all methods.
HA systems may direct the query to the 'remote' controller by including 'remote_controller=True'. The default is the 'current' controller.
Audit query results.
GUID uniquely identifying this specific audit event.
Unix timestamp for when the audit event was written to the auditing database.
Converted ISO-8601 timestamp from application recording when event occurred.
IP address of client performing action that generated the audit message.
Username used by client performing action.
GUID uniquely identifying the client session.
Name of the service that generated the message. This will be one of the names specified in services.
JSON object containing variable data depending on the particular service. See TrueNAS auditing documentation for the service in question.
Name of the event type that generated the audit record. Each service has its own unique event identifiers.
JSON object containing variable data depending on the particular event type. See TrueNAS auditing documentation for the service in question.
The action generating the event message succeeded.
GUID uniquely identifying this specific audit event.
Unix timestamp for when the audit event was written to the auditing database.
Converted ISO-8601 timestamp from application recording when event occurred.
IP address of client performing action that generated the audit message.
Username used by client performing action.
GUID uniquely identifying the client session.
Name of the service that generated the message. This will be one of the names specified in services.
JSON object containing variable data depending on the particular service. See TrueNAS auditing documentation for the service in question.
Name of the event type that generated the audit record. Each service has its own unique event identifiers.
JSON object containing variable data depending on the particular event type. See TrueNAS auditing documentation for the service in question.
The action generating the event message succeeded.