ThoughtSpot Community

Hi everyone

How do we "fetch logs" (SECURITY_AUDIT) older than 24 hours?

Using GraphQL's "FetchLogs" or REST API v2.0's "fetch", it seems we always get the same data, which only covers the last 24 hours.

We want to see the logs from one week ago. The docs state the following:

By default, the API retrieves logs for the last 24 hours. You can set a custom duration in EPOCH time. Make sure the log duration specified in your API request doesn’t exceed 24 hours. If you must fetch logs for a longer time range, modify the duration and make multiple sequential API requests.

By default, the API retrieves logs for the last 24 hours. You can set a custom duration in EPOCH time. Make sure the log duration specified in your API request doesn’t exceed 24 hours. If you must fetch logs for a longer time range, modify the duration and make multiple sequential API requests.

If we "set a custom duration in EPOCH time" and add the parameters for startEpochTimeInMillis and endEpochTimeInMillis and ensure those parameters covered a time range of less than 24 hours to get a single day from a week ago, we still get the same results (i.e. the last 24 hours), as if we did not supply parameters.

Do we need some configuration switched flipped on in order to retrieve logs older than 24 hours?

https://community.thoughtspot.com/s/question/0D5Uk00000E8bRlKAJ/how-do-we-fetch-logs-securityaudit-older-than-24-hours

ThoughtSpot Community

Find useful content, exchange ideas and best practices, and collaborate with other customers, partners, and ThoughtSpot employees.

Sandeep Yadav•5/4/24, 9:57 AM

Hello @bmofkn : There was a bug which was fixed a month ago for V2 API. Could you please help with confirming the cluster version where you are experiencing this issues, we can back port the fix to specific release. As an immediate solution, you can try V1 version of API https://developers.thoughtspot.com/docs/logs-api mentioned here.

Audit logs API

Log streaming service APIs

SSandeep Yadav Hello @bmofkn : There was a bug which was fixed a month ago for V2 API. Could yo...

bmofknOP•5/6/24, 1:00 PM

Hi @Sandeep. Our cluster is using version 9.10.5.cl-2. Will the fix be included with v9.12 (which I believe is scheduled for sometime in May)? Thanks for the tip on using V1... that worked

Sandeep Yadav•5/7/24, 12:47 PM

Thanks for confirming @bmofkn . The fix is scheduled to be part of 9.12.5.cl. If needed, could you please help with filing a support case so that we can backport the fix to 9.12.0.cl.