< Back
Get-OktaLogEvent
Post
NAME Get-OktaLogEvent
SYNOPSIS
Gets one or more Okta system log events entries.
SYNTAX
Get-OktaLogEvent -All [-EndDate <DateTime>] [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] -Filter <String> [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] -Keywords <String> [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] [-StartDate <DateTime>] -TargetId <String> [<CommonParameters>]
DESCRIPTION
Gets one or more Okta system log events entries. These events can be filtered by type, by target objects and by
using date/time ranges.
PARAMETERS
-All [<SwitchParameter>]
If specified, will return all events in the given time range.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-EndDate <DateTime>
The end of the time range you'd like to retrieve events for. If not specified, the default value is now.
-EndDate can always be used to limit the time range of events returned, regardless of the parameter set.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Filter <String>
Specifies a filter string to perform an event log search. Most properties of events are supported for
filtering, including nested properties. See the Okta API System Log document link to learn more about how to
compose these filter strings.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Keywords <String>
Specifies keywords to perform an exact match search for log events. These keywords should be specified as a
single string and separated by spaces. A total of 10 keywords is supported, each with a maximum length of 40
characters. Keywords are not case-sensitive. See the System Log API reference page to learn more about keyword
searches for log events.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-StartDate <DateTime>
The beginning date of the time range you'd like retrieve events for. If -StartDate isn't specified, the
default value is 7 days prior to the current date and time. -StartDate can always be used to limit the time
range of events returned, regardless of the parameter set.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-TargetId <String>
The Id of the Okta object to retrieve events for. This can be nearly any Okta object type such as a user,
group or app. -TargetId accepts input via the pipeline, so go ahead and pipe in a user or group object and see
what happens!
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
Okta.Sdk.LogEvent
NOTES
-------------------------- Example 1 --------------------------
PS C:\\> Get-OktaLogEvent -Filter 'eventType eq "user.session.start"'
Get events by event type.
-------------------------- Example 2 --------------------------
PS C:\\> Get-OktaUser -Identity "matt" | Get-OktaLogEvent
Get events for a specified user. This command is equivalent to clicking on the system log link from a user's page
in the Okta admin console.
-------------------------- Example 3 --------------------------
PS C:\\> Get-OktaApp -Identity "0oa1gjh63g214q0Hq0g4" | Get-OktaLogEvent
Get events for a specified app. This will return any events where the app was the target of the operation.
-------------------------- Example 3 --------------------------
PS C:\\> Get-OktaGroup -Identity "0oa1gjh63g214q0Hq0g4" | Get-OktaLogEvent
Get events for a specified group. This will return any events where the group was the target of the operation.
-------------------------- Example 4 --------------------------
PS C:\\> Get-OktaLogEvent -All -StartDate 1/1/2019 -EndDate 2/1/2019
Get all events in a specified time range.
RELATED LINKS
System Log https://developer.okta.com/docs/referen ... system-log
SYNOPSIS
Gets one or more Okta system log events entries.
SYNTAX
Get-OktaLogEvent -All [-EndDate <DateTime>] [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] -Filter <String> [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] -Keywords <String> [-StartDate <DateTime>] [<CommonParameters>]
Get-OktaLogEvent [-EndDate <DateTime>] [-StartDate <DateTime>] -TargetId <String> [<CommonParameters>]
DESCRIPTION
Gets one or more Okta system log events entries. These events can be filtered by type, by target objects and by
using date/time ranges.
PARAMETERS
-All [<SwitchParameter>]
If specified, will return all events in the given time range.
Required? true
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-EndDate <DateTime>
The end of the time range you'd like to retrieve events for. If not specified, the default value is now.
-EndDate can always be used to limit the time range of events returned, regardless of the parameter set.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Filter <String>
Specifies a filter string to perform an event log search. Most properties of events are supported for
filtering, including nested properties. See the Okta API System Log document link to learn more about how to
compose these filter strings.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Keywords <String>
Specifies keywords to perform an exact match search for log events. These keywords should be specified as a
single string and separated by spaces. A total of 10 keywords is supported, each with a maximum length of 40
characters. Keywords are not case-sensitive. See the System Log API reference page to learn more about keyword
searches for log events.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-StartDate <DateTime>
The beginning date of the time range you'd like retrieve events for. If -StartDate isn't specified, the
default value is 7 days prior to the current date and time. -StartDate can always be used to limit the time
range of events returned, regardless of the parameter set.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-TargetId <String>
The Id of the Okta object to retrieve events for. This can be nearly any Okta object type such as a user,
group or app. -TargetId accepts input via the pipeline, so go ahead and pipe in a user or group object and see
what happens!
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
Okta.Sdk.LogEvent
NOTES
-------------------------- Example 1 --------------------------
PS C:\\> Get-OktaLogEvent -Filter 'eventType eq "user.session.start"'
Get events by event type.
-------------------------- Example 2 --------------------------
PS C:\\> Get-OktaUser -Identity "matt" | Get-OktaLogEvent
Get events for a specified user. This command is equivalent to clicking on the system log link from a user's page
in the Okta admin console.
-------------------------- Example 3 --------------------------
PS C:\\> Get-OktaApp -Identity "0oa1gjh63g214q0Hq0g4" | Get-OktaLogEvent
Get events for a specified app. This will return any events where the app was the target of the operation.
-------------------------- Example 3 --------------------------
PS C:\\> Get-OktaGroup -Identity "0oa1gjh63g214q0Hq0g4" | Get-OktaLogEvent
Get events for a specified group. This will return any events where the group was the target of the operation.
-------------------------- Example 4 --------------------------
PS C:\\> Get-OktaLogEvent -All -StartDate 1/1/2019 -EndDate 2/1/2019
Get all events in a specified time range.
RELATED LINKS
System Log https://developer.okta.com/docs/referen ... system-log