Audit Lookup Context Variables

This section describes context variables that the  uses to reconstruct the audits coming in from an audit lookup policy. The policy must populate these context variables when queried. The query is accessible through the ${audit.recordQuery.*} context variables, described in Retrieving an Audit Record and Searching an Audit Record. 
gateway83
This section describes context variables that the
Layer7 API Gateway
 uses to reconstruct the audits coming in from an audit lookup policy. The policy must populate these context variables when queried. The query is accessible through the
${audit.recordQuery.*}
context variables, described in Retrieving an Audit Record and Searching an Audit Record. 
These context variables contain values only when used in an audit lookup policy, or within a policy fragment that is included in an audit lookup policy. If called from any other policy, these variables will not exist and will be interpolated as blank (unless the template.strictMode cluster property is enforced, in which case the calling assertion will fail).
In the following table, an "X" in the variable name refers to the number for each count. The referenced mapped context variables are described in Working with the Audit Sink Policy. 
Variable
Description
${recordQuery.queryresult.count}
The number of records
${recordQuery.id.X}
The entity ID of the audit record, referenced by the audit detail results
${recordQuery.nodeid.X}
Maps to
audit.nodeId
${recordQuery.time.X}
Maps to
audit.time
${recordQuery.type.X}
Maps to
audit.type
${recordQuery.audit_level.X}
Maps to
audit.audit_level
${recordQuery.name.X}
Maps to
audit.name
${recordQuery.message.X}
Maps to
audit.message
${recordQuery.ip_address.X}
Maps to
audit.ipAddress
${recordQuery.user_name.X}
Maps to
audit.user.name
${recordQuery.user_id.X}
Maps to
audit.user.id
${recordQuery.provider_oid.X}
Maps to
audit.user.idProv
${recordQuery.signature.X}
Maps to
audit.signature
${recordQuery.entity_class.X}
Maps to
audit.entity.class
${recordQuery.entity_id.X}
Maps to
audit.entity.oid
${recordQuery.status.X}
Maps to
audit.responseStatus
${recordQuery.request_id.X}
Maps to
audit.requestId
${recordQuery.service_oid.X}
Maps to
audit.serviceOid
${recordQuery.operation_name.X}
Maps to
audit.operationName
${recordQuery.authenticated.X}
Maps to
audit.authenticated
${recordQuery.authenticationType.X String}
Maps to
audit.authType
${recordQuery.request_saved.X}
Maps to
audit.savedRequestContentLength
${recordQuery.response_saved.X}
Maps to
audit.savedResponseContentLength
${recordQuery.request_length.X}
Maps to
audit.requestContentLength
${recordQuery.response_length.X}
Maps to
audit.responseContentLength
${recordQuery.request_xml.X}
Maps to
audit.reqZip
${recordQuery.response_xml.X}
Maps to
audit.reqZip
${recordQuery.response_status.X}
Maps to
audit.responseStatus
${recordQuery.routing_latency.X}
Maps to
audit.routingLatency
${recordQuery.properties.X}
Maps to audit.properties
${recordQuery.component_id.X}
Maps to
audit.componentId
${recordQuery.action.X}
Maps to
audit.action
${detailQuery.queryresult.count}
The number of details (associated logs)
${detailQuery.audit_oid.X}
The entity ID of the audit record that this detail belongs to
${detailQuery.time.X}
Maps to
audit.details.X.time
${detailQuery.component_id.X}
Maps to
audit.details.X.componentId
${detailQuery.ordinal.X}
Maps to
audit.details.X.ordinal
${detailQuery.message_id.X}
Maps to
audit.details.X.messageId
${detailQuery.exception_message.X}
Maps to
audit.details.X.exception
${detailQuery.properties.X}
Maps to
audit.details.X.properties
Retrieving an Audit Record
The following context variables retrieve an entire audit record (all values are null if searching for an audit):
Variable
Description
${audit.recordQuery.guid}
The list of GUID of the audits to retrieve; returns null if searching for audits
${audit.recordQuery.maxMessageSize}
The maximum size of an audit response/request XML to retrieve; returns null if not applicable
Searching for an Audit Record
The following context variables search audits (all values are null when retrieving an audit):
Variable
Description
${audit.recordQuery.minTime}
The start time, in milliseconds
${audit.recordQuery.maxTime}
The end time, in milliseconds
${audit.recordQuery.levels}
The list of log level numbers
${audit.recordQuery.auditType}
The audit type ('%' for all)
${audit.recordQuery.nodeId}
The node id ('%' for all)
${audit.recordQuery.serviceName}
The service name ('%' for all)
${audit.recordQuery.userName}
The user name ('%' for all)
${audit.recordQuery.userIdOrDn}
The user provider ('%' for all)
${audit.recordQuery.entityClassName}
The entity class name for admin audit record ('%' for all)
${audit.recordQuery.entityId}
The entity ID for admin audit record ('%' for all)
${audit.recordQuery.requestId}
The request ID for a message audit record ('%' for all)
${audit.recordQuery.operation}
The operation name for a message audit record ('%' for all)
${audit.recordQuery.messageId}
The audit detail message ID (null = any)
${audit.recordQuery.operation}
The operation name for message audit record ('%' for all)