SIEM export: a larger, ordered batch of audit rows (with chain hashes) for external ingestion. Same filters as `list`; pages via `after`/`offset` with a limit up to 1000. Requires `audit:read`.
GET
Secret API key operationId: export/v1/audit-logs/export Authorization
Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.
Query parameters
typestring optionalExact type (`session.revoked`) or a dotted family by prefix (`session` → all `session.*`).
actor_kindstring optionalActor kind: `user | api_key | system | public`.
aggregate_idstring<uuid> optionalRestrict to events touching one aggregate (a user/session/org id).
searchstring optionalFree-text match on the event type.
afterstring<date-time> optionalInclusive lower/upper bounds on when the event occurred (RFC 3339).
beforestring<date-time> optionallimitinteger<int64> optionalPage size (default 50, max 100).
offsetinteger<int64> optionalRow offset (default 0).
Responses
200 Audit export batch
Request
curl -X GET "http://localhost:8080/v1/audit-logs/export" \Try it
live requestGET
http://localhost:8080/v1/audit-logs/export