System Events

Get Veza platform events, including notifications and integration logs.

Operation

Syntax

GET /api/preview/events

GET /api/preview/events/export

Event objects represent Veza platform activity, including integration parsing, notification activity, and user logins. You can list events that match a filter (such as a category or severity), or export a continuous list for integration with an external monitoring system,

For logging Veza API activity, see Audit Log API.

List events

Returns an array of Veza platform events. If a filter is specified, the endpoint only returns events matching the SCIM filter expression. This can get events with a matching category or severity, for example:

GET /api/preview/events?page_size=10&filter=category+eq+"INTEGRATIONS"+and+timestamp+ge+"2023-04-17T22:29:22.440Z"

Export events

Returns a paginated list of platform events, intended for exporting a continuous log into an external system.

The export endpoint can return the error code ResourceExhaused. When encountered, wait for one minute before retrying the request.

To capture events when they become available without skipping any entries, first make call with a persisted_at GE "TIMESTAMP" filter:

curl -X GET "$VEZA_URL/api/preview/events/export?filter=persisted_at+GE+%222023-09-14T23:59:59.999999999Z%22&page_size=5" \
-H "authorization: Bearer $VEZA_TOKEN"

Use the next_page_token in the response to continuously call the next page:

curl -X GET "$VEZA_URL/api/preview/events/export?page_token=eyJMaXNfQ==" \
-H "authorization: Bearer $VEZA_TOKEN"

Example response:

{
  "events": [
    {
      "id": "e1560da1-bb88-4ef0-8d7f-e220fa2b33ca",
      "timestamp": "2023-09-21T12:41:27.111852371Z",
      "category": "INTEGRATIONS",
      "severity": "WARNING",
      "name": "OAA push",
      "message": "OAA data source pushed \"VEZAFILESERVER\"",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": {
        "reason": "OAA_PUSH_WARNINGS",
        "metadata": {
          "0": "Cannot find identity by names (values: CN=Domain Admins,CN=Users,DC=evergreentrucks,DC=local)",
          "1": "Cannot find identity by names (values: CN=Domain Users,CN=Users,DC=evergreentrucks,DC=local)",
          "2": "Empty permissions field",
          "3": "Empty identity_to_permissions field"
        },
        "message": "OAA push had warnings.",
        "resolution": "Address the warnings and push the datasource again.",
        "request_id": "be920721634911577b8223f36f06ff1e"
      },
      "entity_name": "VEZAFILESERVER",
      "event_type": "OAA push",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    },
    {
      "id": "ee79c82d-4574-42d9-840a-7fa5c32e8c37",
      "timestamp": "2023-09-21T12:42:16.300711343Z",
      "category": "INTEGRATIONS",
      "severity": "INFO",
      "name": "Data Source extracted",
      "message": "\"VEZAFILESERVER\" Data Source extracted (0s)",
      "entity": "DATASOURCE",
      "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2",
      "error": null,
      "entity_name": "VEZAFILESERVER",
      "event_type": "Data Source extracted",
      "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac"
    }
  ],
  "next_page_token": "eyJMaXN0SW5wdXQiOnsiQ2F0ZWdvcnkiOjAsIlNldmVyaXR5IjowLCJTdGFydFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVuZFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVudGl0eUlEIjoiIiwiUHJvdmlkZXJJRCI6IiIsIkV2ZW50VHlwZSI6MCwiUGVyc2lzdGVkQXRHZSI6IjIwMjMtMDktMjFUMTI6NDI6MjAuOTc4MjA0MDA5WiIsIlBhZ2luYXRpb25MYXN0SUQiOiJlZTc5YzgyZC00NTc0LTQyZDktODQwYS03ZmE1YzMyZThjMzciLCJQYWdlU2l6ZSI6NSwiT3JkZXIiOjB9fQ=="
}

Veza event schema

Field

Description

Example Value

id

Unique identifier for the event

d95ccc9c-9051-4ef7-9147-124a16409baa

timestamp

Timestamp when the event occurred

2023-05-18T14:23:35.151842912Z

category

Category of the event

SYSTEM, INTEGRATIONS, RULE, TAG, NOTIFICATION

severity

Severity level of the event

INFO, WARNING, ERROR

name

Title of the event

Tagging request failed

message

Descriptive message for the event

Tagging request failed for node test1

provider_id

Provider data source unique identifier

e88f5d72-6f79-41d1-99e3-8777e1727311

entity

Type of entity related to the event

DATASOURCE, PROVIDER, RULE, TAG, NOTIFICATION

entity_id

Unique identifier for the entity

e88f5d72-6f79-41d1-99e3-8777e1727311

entity_name

Name of entity related to the event

SYSTEM_resource_managers:500008

error

Error details

See "error object structure"

event_type

Type or category of the event

Tagging request failed

Error object structure:

message: Error message
metadata: Additional metadata for the failed request.
reason: Reason for the error
resolution: Details to prevent the error
request_id: Unique identifier for the failed request

Event types

Veza events will have one of the following event types:

OUTDATED_AWS_EXTRACTION_POLICY
DATASOURCE_PARSED
DATASOURCE_EXTRACTED
DATASOURCE_REGISTERED
DATASOURCE_REMOVED
DISCOVERY_FAILED
DISCOVERY_SUCCESS
OAA_PUSH
RULE_NOTIFICATION_FAILED
TAGGING_REQUEST_FAILED
EMAIL_NOTIFICATION
USER_LOGIN
USER_LOGOUT
USER_CREATED
USER_DELETED
USER_EMAIL_UPDATED
USER_ROLES_UPDATED
USER_ENABLED
USER_DISABLED
USER_PASSWORD_FORCED_RESET
API_KEY_CREATED
API_KEY_UPDATED
API_KEY_DELETED
API_KEY_REVOKED
API_KEY_REINSTATED

Event retention

Veza retains system events for one month. When requesting events outside that range, the response will have a field error message indicating the oldest valid timestamp:

{
  "field": "filter.start_time",
  "description": "Must be after or equal to 2023-05-13T21:39:21Z"
}

Pagination

Responses will contain a next_page_token when more events are available. Include this page_token in the request query to get the next batch of results.

If no page size is specified, the default is 1,000. The maximum page size is currently 10,000 records.

PreviousSystem Audit Logs NextNotification Templates

Last updated 1 year ago

Was this helpful?

{ "events": [ { "id": "e1560da1-bb88-4ef0-8d7f-e220fa2b33ca", "timestamp": "2023-09-21T12:41:27.111852371Z", "category": "INTEGRATIONS", "severity": "WARNING", "name": "OAA push", "message": "OAA data source pushed \"VEZAFILESERVER\"", "entity": "DATASOURCE", "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2", "error": { "reason": "OAA_PUSH_WARNINGS", "metadata": { "0": "Cannot find identity by names (values: CN=Domain Admins,CN=Users,DC=evergreentrucks,DC=local)", "1": "Cannot find identity by names (values: CN=Domain Users,CN=Users,DC=evergreentrucks,DC=local)", "2": "Empty permissions field", "3": "Empty identity_to_permissions field" }, "message": "OAA push had warnings.", "resolution": "Address the warnings and push the datasource again.", "request_id": "be920721634911577b8223f36f06ff1e" }, "entity_name": "VEZAFILESERVER", "event_type": "OAA push", "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac" }, { "id": "ee79c82d-4574-42d9-840a-7fa5c32e8c37", "timestamp": "2023-09-21T12:42:16.300711343Z", "category": "INTEGRATIONS", "severity": "INFO", "name": "Data Source extracted", "message": "\"VEZAFILESERVER\" Data Source extracted (0s)", "entity": "DATASOURCE", "entity_id": "b408b41f-a73b-4a73-90dc-013111d3b2d2", "error": null, "entity_name": "VEZAFILESERVER", "event_type": "Data Source extracted", "provider_id": "cbb69418-e9de-422a-945c-7e62ba3ae1ac" } ], "next_page_token": "eyJMaXN0SW5wdXQiOnsiQ2F0ZWdvcnkiOjAsIlNldmVyaXR5IjowLCJTdGFydFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVuZFRpbWUiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsIkVudGl0eUlEIjoiIiwiUHJvdmlkZXJJRCI6IiIsIkV2ZW50VHlwZSI6MCwiUGVyc2lzdGVkQXRHZSI6IjIwMjMtMDktMjFUMTI6NDI6MjAuOTc4MjA0MDA5WiIsIlBhZ2luYXRpb25MYXN0SUQiOiJlZTc5YzgyZC00NTc0LTQyZDktODQwYS03ZmE1YzMyZThjMzciLCJQYWdlU2l6ZSI6NSwiT3JkZXIiOjB9fQ==" }