How to fetch audit logs via REST API beyond 1000 record limitation
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
Confluence’s audit log system restricts access to a maximum of 1000 records per request through its API endpoint /rest/api/audit. To retrieve more than 1000 records, we can employ pagination, making multiple API calls to sequentially gather additional sets of logs.
Environment
Confluence 7.19.x
Solution
The below command can fetch audit logs from 1 to 1000 records. However, this endpoint is limited to 1000 records and can't be used for accessing all the available audit logs. This is due to the API endpoint /rest/api/audit limitation.
curl -u <id>:<pass> -X GET "<Base_URL>/rest/api/audit?limit=1&start=1000" -H "Accept: application/json"We can use the script below to fetch records iteratively beyond the 1000 limit. Please note the username, password, and base_url values must be changed.
#!/bin/bash
USERNAME="username"
PASSWORD="password"
API_ENDPOINT="<base_url>/rest/api/audit"
LIMIT=1000
TOTAL_RECORDS=10000
start=0
iteration=1
while [ $start -lt $TOTAL_RECORDS ]
do
echo "Iteration: $iteration"
current_limit=$((start + LIMIT))
response=$(curl -u $USERNAME:$PASSWORD -X GET "$API_ENDPOINT?start=$start&limit=$current_limit" -H "Accept: application/json")
records=$(echo "$response" | jq '.results[].creationDate')
echo "$records"
start=$((current_limit + 1))
iteration=$((iteration + 1))
done