1. Activity Log
Analytics
  • Docs
  • Auth
    • /v2/auth/token
      GET
  • Activity Log
    • /v2/activity-log
      GET
    • /v2/activity-log
      DELETE
    • /v2/activity-log/csv
      GET
    • /v2/activity-log/realtime
      GET
  • Data Availability
    • /v2/data-availability
      GET
  • Statistics
    • /v2/statistic/timeseries
      GET
    • /v2/statistic/timeseries/{group}
      GET
    • /v2/statistic/count
      GET
    • /v2/statistic/count/{group}
      GET
    • /v2/statistic/trend/{group}
      GET
  • Admin Actions
    • /v2/admin-action
      GET
  • Clients
    • /v2/client
      GET
    • /v2/client
      DELETE
    • /v2/client/alias/{endpointId}/{clientId}
      DELETE
    • /v2/client/alias/{endpointId}/{clientId}
      PUT
  • Schemas
    • Column
    • DeleteClientResponse
    • GetAdminActionLogResponse
    • CountGroupResponse
    • GetClientResponse
    • AdminActionLogItem
    • GeoIPData
    • QueryData
    • PaginationData
    • ClientActivity
    • TrendResponse
    • CountResponse
    • TimeSeriesGroupResponse
    • TimeSeriesResponse
    • ErrorResponse
    • Trigger
    • Datetime
    • DataAvailability
    • HistoricalQueriesResponse
    • IP
    • Domain
  1. Activity Log

/v2/activity-log/realtime

https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
https://us-east1-org01.analytics.controld.com
GET
/v2/activity-log/realtime
Realtime Query SSE stream. A single-use token must first be obtained from /auth/token.
This endpoint does not replay any history. Organizations should consider using SIEM
Streaming as an alternative to the activity log if and data durability is a concern.

Request

Authorization
API Key
Add parameter in header
Authorization
Example:
Authorization: ********************
or
Query Params

Responses

🟢200
text/event-stream
OK
Body

🟠400BadRequest
🟠401Unauthorized
🔴500InternalServerError
Request Request Example
Shell
JavaScript
Java
Swift
curl --location -g --request GET 'https://us-east1-org01.analytics.controld.com/v2/activity-log/realtime?authToken&endpointId[]&clientId[]&action[]&trigger[]&triggerValue[]&spoofTarget[]&question[]&profileId[]&searchQuestion&searchQuestionMode&protocol[]&statusCode[]&rrType[]&srcCountry[]&dstCountry[]&dstAsn[]&srcAsn[]&dstIsp[]&srcIsp[]' \
--header 'Authorization: <api-key>'
Response Response Example
200 - Example 1
null
Modified at 2026-03-31 19:19:32
Previous
/v2/activity-log/csv
Next
/v2/data-availability
Built with