Connecting the audit log API to Celonis EMS
The Audit Logs page in Admin and Settings lets you look through the last 500 audit log entries in pages. If you want to do more in-depth analysis or investigation, you can use the Audit Log API to export the data from the Celonis EMS audit logs, and create an extractor to feed it back into Celonis EMS. This lets you create your own Views in the Studio to analyze the audit log data.
Follow these procedures to connect the Audit Log API and create an extractor.
Grant API permissions
Go to Admin and Settings > Applications.
Create a new application and save the application token
Important
Do not skip this step. You will need the application token later.
Go to Admin and Settings > Permissions > Team Permissions
Identify the new application name you created in the list under User/Group/Application.
Check the checkbox for Use Audit Log API, Use Login History API, or both. Selecting the checkboxes gives the application permission to use the API.
Done.
Test the API with Swagger
Log in to your Team if you aren’t already.
Go to the Swagger page by populating this URL with your team details:
https://[Your Team]/swagger-ui/index.html?configUrl=/log/v3/api-docs/swagger-config
Manually replace [Your Team] with the corresponding team + cluster
Click the Authorise button in the swagger doc.
In the value field type: AppKey. Copy the application token from earlier, ensuring a space between AppKey and Token.
Close the UI dialogue
Click the right-hand expand icon next to the Lock icon.
Click Try it out
Scroll down and click the long blue bar saying Execute.
You will now see the response from the API, including the header that shows the AppKey Token and the URL. Both these will be used later.
You now know the API is working ok.
Creating an EMS extractor (basic structure without pagination or headers)
Navigate back to your EMS Team
Go to Data Integration
Create a new Data Pool and name it.
Go to the Extractor Build
Click build a new extractor.
Name the extractor > Save and continue.
Click edit on the API URL row.
Add your team URL to the Default Value (Optional) field:
https://[Your Team].celonis.cloud
This is the first part of the URL header in the swagger doc below ‘GET’
Save > Save and continue.
In Authentication, methods click the box for API Key Authorisation (make sure you also click just below the checkbox, so you see the UI on the right change)
In the UI on the right, in the field for Api Key Header, enter: Authorization.
Save and Continue
On the define endpoints page, click Add new endpoint.
Give the endpoint a name > Move to Configure Request
In URL enter {Connection.API_URL}/[Enter what is shown in the swagger doc URL after celonis.com.cloud] Eg:/log/api/external/audit? So the final text could read {Connection.API_URL}/log/api/external/audit?Request parameters and Headers can be completed after as needed)
Move to pagination and set “No Pagination” (Again, this field can be modified later as needed)
Go to configure response.
Click on Configure Response using the sample from your source system.
Click create a data source.
Name the data connection.
In the API Key field, copy and paste the Authorization from the swagger doc (AppKey Token) or the token you saved and used earlier. Copy your application token from earlier, ensuring a space between AppKey and Token.
Test the connection, and it should be successful.
Click Save
Click build response
Ensure the expected tables are shown in the response
Click Finish
Now create a data job as normal using the new extractor you just built. Once this is complete, create a new data model as normal using the data job you just built. Once the Connection > Data Job > Data Model is complete, you are ready to go to Studio and create a view using the data from the API.