On this page
Log Streaming API
Early AccessThe Okta Log Streaming API provides operations to manage Log Stream configurations for an org. You can configure up to two Log Stream integrations per org.
Note: The Log Streaming Early Access feature must be enabled. See Feature Lifecycle Management (opens new window) and Manage Early Access and Beta features (opens new window) for more information on Feature Manager.
Get started
Explore the Log Streaming API: (opens new window)
Log Streaming operations
The Log Streaming API has the following CRUD operations:
Add a Log Stream
Early AccessPOST /api/v1/logStreams
Adds a new Log Stream to your org
Request parameters
Parameter | Description | Param Type | DataType | Required |
---|---|---|---|---|
logStream | Log Stream configuration | Body | Log Stream | TRUE |
Response parameters
The created Log Stream object
Request example
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"settings": {
"eventSourceName": "your-event-source-name",
"accountId": "123456789012",
"region": "us-east-2"
}
}
' "https://${yourOktaDomain}/api/v1/logStreams"
Response example
{
"id": "0oa1orqUGCIoCGNxf0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:55:30.000Z",
"created": "2021-10-21T16:55:29.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4",
"method": "GET"
},
"deactivate": {
"href": "http://{yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
Get a Log Stream
Early AccessGET /api/v1/logStreams/${logStreamId}
Fetches a Log Stream by id
Request parameters
Parameter | Description | Param Type | DataType | Required |
---|---|---|---|---|
logStreamId | The Log Stream unique id provided by Okta | URL | String | TRUE |
Response parameters
The requested Log Stream object
Request example
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams/0oa1orqUGCIoCGNxf0g4"
Response example
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
List Log Streams
Early AccessGET /api/v1/logStreams
List Log Streams in your org. You can request a paginated list or a subset of Log Streams that match a supported filter expression.
Request parameters
Parameter | Description | Param Type | DataType | Required | Default |
---|---|---|---|---|---|
after | Specifies the pagination cursor for the next page of Log Streams | Query | String | FALSE | |
filter | Filters Log Streams by status or type | Query | String | FALSE | |
limit | Specifies the number of Log Streams to return per page (maximum 200) | Query | Number | FALSE | 20 |
The results are paginated according to the limit
parameter.
If there are multiple pages of results, the Link header contains a next
link that should be treated as an opaque value (follow it, don't parse it).
Filters
The following filters are supported with the filter
query parameter:
Filter | Description |
---|---|
type eq "${typeId}" | Filter Log Streams of type ${typeId} , such as aws_eventbridge or splunk_cloud_logstreaming |
status eq "ACTIVE" | Filter Log Streams with an ACTIVE status |
status eq "INACTIVE" | Filter Log Streams with an INACTIVE status |
Note: The Log Stream list filter only support the
eq
operator and allows one filter expression per request. Use URL encoding for special characters, such as replacing a space with a plus (+) sign. See Filter design principles for details.
Response parameters
Array of Log Stream objects
List Log Streams with defaults
Returns a list of all Log Streams added to your org without filter or pagination options
Request example
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams"
Response example
[
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
},
{
"id": "0oa129gzYyV6oWs1D0g4",
"type": "splunk_cloud_logstreaming",
"name": "Example Splunk Cloud",
"lastUpdated": "2021-11-30T15:16:09.000Z",
"created": "2021-11-30T15:16:09.000Z",
"status": "ACTIVE",
"settings": {
"host": "acme.splunkcloud.com",
"token": "1e652bb8-3ef8-427b-9f00-222e1bbe3832"
},
"_links": {
"self": {
"href": "http://{yourOktaDomain}/api/v1/logStreams/0oa129gzYyV6oWs1D0g4",
"method": "GET"
},
"deactivate": {
"href": "http://{yourOktaDomain}/api/v1/logStreams/0oa129gzYyV6oWs1D0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
]
Find Log Streams by type
Finds all Log Streams with a specific type
Request example
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams?filter=type+eq+%22aws_eventbridge%22"
Response example
[
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
]
Find Log Streams by status
Finds all Log Streams with a specified status
Request example
curl -v -X GET \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
"https://${yourOktaDomain}/api/v1/logStreams?filter=status+eq+%22ACTIVE%22"
Response example
[
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
]
Update a Log Stream
Early AccessPUT /api/v1/logStreams/${logStreamId}
Updates the configuration for a Log Stream
Request parameters
Parameter | Description | Param Type | DataType | Required |
---|---|---|---|---|
logStreamId | id of the Log Stream to update | URL | String | TRUE |
logStream | Updated configuration for the Log Stream | Body | Log Stream | TRUE |
Depending on the type of Log Stream, certain properties can't be updated once the Log Stream is created.
Use the Log Stream Schema API to determine which
Log Stream type can't be updated. Log Stream types with the "writeOnce" : true
property can't be updated after
creation.
Response parameters
Updated Log Stream
Request example
curl -v -X PUT \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Updated example AWS EventBridge"
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4"
Response example
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
Delete a Log Stream
Early AccessDELETE /api/v1/logStreams/${logStreamId}
Removes a Log Stream from your org
Request parameters
Parameter | Description | Param Type | Data Type | Required |
---|---|---|---|---|
logStreamId | id of the Log Stream to delete | URL | String | TRUE |
Response parameters
There are no response parameters.
Request example
curl -v -X DELETE \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4"
Response example
HTTP/1.1 204 No Content
Log Streaming lifecycle operations
The Log Streaming API has the following lifecycle operations:
Activate a Log Stream
Early AccessPOST /api/v1/logStreams/${logStreamId}/lifecycle/activate
Reactivates an inactive Log Stream
Request parameters
Parameter | Description | Param Type | DataType | Required |
---|---|---|---|---|
logStreamId | id of the Log Stream to activate | URL | String | TRUE |
Response parameters
Activated Log Stream
Request example
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/activate"
Response example
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
Deactivate a Log Stream
Early AccessPOST /api/v1/logStreams/${logStreamId}/lifecycle/deactivate
Deactivates an active Log Stream
Request parameters
Parameter | Description | Param Type | DataType | Required |
---|---|---|---|---|
logStreamId | id of the Log Stream to deactivate | URL | String | TRUE |
Response parameters
Deactivated Log Stream
Request example
curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: SSWS ${api_token}" \
-d '{
}' "https://${yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate"
Response example
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "INACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"activate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/activate",
"method": "POST"
}
}
}
Log Stream object
Log Stream object example
{
"id": "0oa1orzg0CHSgPcjZ0g4",
"type": "aws_eventbridge",
"name": "Example AWS EventBridge",
"lastUpdated": "2021-10-21T16:59:59.000Z",
"created": "2021-10-21T16:59:59.000Z",
"status": "ACTIVE",
"settings": {
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
},
"_links": {
"self": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4",
"method": "GET"
},
"deactivate": {
"href": "https://{yourOktaDomain}/api/v1/logStreams/0oa1orzg0CHSgPcjZ0g4/lifecycle/deactivate",
"method": "POST"
}
}
}
Log Stream properties
All Log Streams have the following properties:
Property | Description | DataType | Nullable | Unique | Readonly | MinLength | MaxLength |
---|---|---|---|---|---|---|---|
id | Unique key for the Log Stream | String | FALSE | TRUE | TRUE | ||
created | Timestamp when the Log Stream was created | Date | FALSE | FALSE | TRUE | ||
lastUpdated | Timestamp when the Log Stream was last updated | Date | FALSE | FALSE | TRUE | ||
_links | Log Stream relational and lifecycle operation links | JSON HAL (opens new window) for Log Stream Links | TRUE | FALSE | TRUE | ||
name | Unique name for the Log Stream | String | FALSE | TRUE | FALSE | 1 | 100 |
status | Status of the Log Stream | ACTIVE or INACTIVE | FALSE | FALSE | TRUE | ||
type | Type of Log Stream | Log Stream type | FALSE | FALSE | FALSE | ||
settings | Log Stream type settings | AWS EventBridge Settings or Splunk Cloud Settings | FALSE | FALSE | TRUE |
Property details
- The
id
,status
,created
,lastUpdated
, and_links
properties are available after a Log Stream is created.
Log Stream Links object
This object provides read-only link relationships to the Log Stream. The relational links include lifecycle operations. See Web Linking (opens new window) using the JSON Hypertext Application Language (opens new window) specification.
Link Relation Type | Description |
---|---|
self | The primary URL for the Log Stream |
activate | A URL to activate an inactive Log Stream |
deactivate | A URL to deactivate an active Log Stream |
Log Stream type
The Log Stream type specifies the streaming provider used. Okta supports the following providers:
Type | Description |
---|---|
aws_eventbridge | AWS EventBridge (opens new window) Log Stream type |
splunk_cloud_logstreaming | Splunk Cloud (opens new window) Log Stream type |
AWS EventBridge Settings object
The AWS EventBridge Settings object specifies the configuration for the aws_eventbridge
Log Stream type. You can't modify the AWS EventBridge Settings properties after the object is created.
AWS EventBridge Settings example
{
"accountId": "123456789012",
"eventSourceName": "your-event-source-name",
"region": "us-east-2"
}
AWS EventBridge Settings properties
Property | Description | DataType | Nullable | Unique | Readonly | MinLength | MaxLength |
---|---|---|---|---|---|---|---|
accountId | Your AWS account ID | String | FALSE | FALSE | FALSE | 12 | 12 |
eventSourceName | An alphanumeric name (no spaces) to identify this event source in AWS EventBridge | String (permitted characters: letters, digits, . , - , _ ) | FALSE | TRUE | FALSE | 1 | 75 |
region | The destination AWS region where your event source is going to be located | String | FALSE | FALSE | FALSE |
Property details
- The
accountId
,eventSourceName
, andregion
properties are assigned during creation and can't be modified afterwards. - The
region
property can be set to one of the following supported AWS region codes. Theregion
list can also be retrieved with the Log Stream Schema endpoint.
Region | Description |
---|---|
us-east-2 | US East (Ohio) |
us-east-1 | US East (N. Virginia) |
us-west-1 | US West (N. California) |
us-west-2 | US West (Oregon) |
ca-central-1 | Canada (Central) |
eu-central-1 | Europe (Frankfurt) |
eu-west-1 | Europe (Ireland) |
eu-west-2 | Europe (London) |
eu-west-3 | Europe (Paris) |
eu-south-1 | Europe (Milan) |
eu-north-1 | Europe (Stockholm) |
Splunk Cloud Settings object
The Splunk Cloud Settings object specifies the configuration for the splunk_cloud_logstreaming
Log Stream type.
Splunk Cloud Settings example
{
"host": "acme.splunkcloud.com"
"token": "11111111-1111-2222-2222-222222222222"
}
Splunk Cloud Settings properties
Property | Description | DataType | Nullable | Unique | Readonly | MinLength | MaxLength |
---|---|---|---|---|---|---|---|
host | The domain name for your Splunk Cloud instance. Don't include http or https in the string. For example: acme.splunkcloud.com | String | FALSE | FALSE | FALSE | 17 | 116 |
token | The HEC token for your Splunk Cloud HTTP Event Collector | String (GUID format) | FALSE | FALSE | FALSE | 36 | 36 |