get_audit_log
Retrieve complete details of a specific audit log entry by ID, including user, IP, timestamp, action description, and before/after values for updates. Ideal for investigating changes or incidents with full context.
Instructions
Get detailed information about a specific audit log entry in LogicMonitor (LM) monitoring by its ID.
Returns: Complete audit log details: username, IP address, exact timestamp, full description of action, session ID, affected resources, before/after values (for updates).
When to use:
Get complete details after finding log ID via "list_audit_logs"
Review exact changes made (old vs new values)
Investigate specific incident with full context
Workflow: First use "list_audit_logs" with filters to find relevant entries, then use this tool with the log ID for complete details.
Related tools: "list_audit_logs" (search logs), "search_audit_logs" (text search).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| auditLogId | Yes | The ID of the audit log entry to retrieve | |
| fields | No | Comma-separated list of fields to include in response. Examples: "id,displayName,hostStatus" or use "*" for all fields. Omit this parameter to receive a curated set of commonly used fields. |