1. Activity Log
Analytics
  • Docs
  • Auth
    • /v2/auth/token
      GET
  • Activity Log
    • /v2/activity-log
      GET
    • /v2/activity-log
      DELETE
    • /v2/activity-log/csv
      GET
    • /v2/activity-log/realtime
      GET
  • Data Availability
    • /v2/data-availability
      GET
  • Statistics
    • /v2/statistic/timeseries
      GET
    • /v2/statistic/timeseries/{group}
      GET
    • /v2/statistic/count
      GET
    • /v2/statistic/count/{group}
      GET
    • /v2/statistic/trend/{group}
      GET
  • Admin Actions
    • /v2/admin-action
      GET
  • Clients
    • /v2/client
      GET
    • /v2/client
      DELETE
    • /v2/client/alias/{endpointId}/{clientId}
      DELETE
    • /v2/client/alias/{endpointId}/{clientId}
      PUT
  • Schemas
    • Column
    • DeleteClientResponse
    • GetAdminActionLogResponse
    • CountGroupResponse
    • GetClientResponse
    • AdminActionLogItem
    • GeoIPData
    • QueryData
    • PaginationData
    • ClientActivity
    • TrendResponse
    • CountResponse
    • TimeSeriesGroupResponse
    • TimeSeriesResponse
    • ErrorResponse
    • Trigger
    • Datetime
    • DataAvailability
    • HistoricalQueriesResponse
    • IP
    • Domain
  1. Activity Log

/v2/activity-log

https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
GET
/v2/activity-log
Returns up to 33 days of historical query data, descending by default.
Organizations should consider using SIEM Streaming as an alternative to the activity log
if data durability is a concern.

Request

Authorization
API Key
Add parameter in header
Authorization
Example:
Authorization: ********************
or
Query Params

Responses

🟢200
application/json
Note page indexing starts at 0.
Body

🟠400BadRequest
🟠401Unauthorized
🔴500InternalServerError
Request Request Example
Shell
JavaScript
Java
Swift
curl --location -g --request GET 'https://us-east1-org01.analytics.controld.com/v2/activity-log?startTime={{$date.now|addHours(-1)}}&endTime&endpointId[]&clientId[]&action[]&trigger[]&triggerValue[]&spoofTarget[]&question[]&profileId[]&searchQuestion&searchQuestionMode&protocol[]&statusCode[]&rrType[]&srcCountry[]&dstCountry[]&dstAsn[]&srcAsn[]&dstIsp[]&srcIsp[]&page&pageSize&sortOrder' \
--header 'Authorization: <api-key>'
Response Response Example
200 - Example 1
{
    "success": true,
    "body": {
        "meta": {
            "page": 3,
            "pageSize": 100
        },
        "queries": [
            {
                "timestamp": "2025-02-07T13:20:47.214Z",
                "organizationId": "abc123",
                "userId": "abc123",
                "endpointId": "def",
                "endpointName": "hjk",
                "clientId": "ghi",
                "profileId": "jkl",
                "question": "movies.netflix.com",
                "domainCategory": "Business",
                "rrType": "CNAME",
                "sourceIp": "10.10.10.11",
                "statusCode": 0,
                "protocol": "doh",
                "answers": [
                    {
                        "ips": [
                            "12.34.56.78"
                        ],
                        "geoip": {
                            "countryCode": "CA",
                            "city": "Toronto",
                            "isp": "AT&T Internet",
                            "asn": 7018
                        }
                    }
                ],
                "action": 3,
                "trigger": "default",
                "triggerValue": "netflix",
                "spoofTarget": "YYZ",
                "sourceGeoip": {
                    "countryCode": "CA",
                    "city": "Toronto",
                    "isp": "AT&T Internet",
                    "asn": 7018
                }
            }
        ]
    }
}
Modified at 2026-03-31 19:19:32
Previous
/v2/auth/token
Next
/v2/activity-log
Built with