Continuous Audit log exported into Splunk?

Is their a way to export a live continuous (constant refresh) audit log with the paremeters “any user,any project,any environment” into a file which we can then use splunk to accept ? This would be for an enterprise wide logging tool.


Thanks for getting in touch! There’s not a tool exactly for that, but you can get that info from the REST API.

This URL would get all the audit events from May 31st to June 30th


You’d have to build some logic on your app that consumes this data to handle dates and to make sure it doesn’t add duplicate EventIDs to your file.

Hope that helps!


This URL shows how used modifiers in the URL target a specific range of events. I need to know what all of the supported modifiers are so that I can craft the url appropriately ? Can you send this to or list it here ?


If you browse https://[YourOctopusServer]/Api you’ll be able to see the syntax of the API. For events it looks like this

"Events": "/api/events{/id}{?skip,regarding,modifier,user,from,to}"

The best way to learn this though is opening the developer tools on your browser to check the outgoing connections, and start playing with the Audit page and its filters. That way you’ll be able to see how the Web UI itself uses the API.



This is a lot of work on my end. You guys don’t have documentation about the fields and variables that can be called for specific functions ?

Hi - We don’t have a documentation for this exactly, but I can try to help you crafting the right URL so you can call it from your application.

The first URL I sent you shows how to get the audit logs between a certain time frame. You could build a console that runs every 60 seconds, adding a minute to the URL on each run. It wouldn’t be a “real time” thing, but it would be very close.

FYI - we’ll be implementing a web hooks system for certain events that would come handy for scenarios like yours. We still don’t have any specifics to share, but I just wanted you to know that this is something that’s on our plans already.



Hi there

This just was released last week which might shortcut a whole bunch of work for you.



Would you have a “current date” variable already in play that I could use ?

I have the following however my variable for $date is not working: $date = get-date

Invoke-RestMethod -Method get -Uri “http://ho-octdm/api/events?modifier=and&from=$date T00%4A00%4A00-04%4A00&to=T24%A59%4A59-04%4A00” -Headers @{“X-Octopus-ApiKey” = ‘API-MYKEYHERE’}

Also: Is their a modifier or a way to condense everything down to 1 page vs hundreds of pages ( for a year long audit) ? Instead of doing 30 results per page put all results into 1 singular page ?


Were you able to test Damian’s suggestion? Like he mentioned, it might save you a lot of work.

I wrote this function for you in case you still want to go the Powershell way:

The function allows you to filter by date with the from and to parameters. It’ll also take care of the 30 results per page thing, returning all of the events together in one shot.


Get-OctopusEvents -OctopusAPIKey "OctopusAPIKey" -OctopusURL "OctopusURL" -from (get-date).Addminutes(-10) -To (get-date)

The example above will search for events from the last 10 minutes. If you want different time frames, just change the values of the parameters from and to

Hope that helps,