How to create a new Audit Log Query via the Python SDK?

Matt 5 Reputation points
2024-09-18T03:18:14.0166667+00:00

Hi all.

I have been attempting to use the Graph Python SDK to pull audit logs and as part of the process I have attempted to follow the official documentation concerning the creation of an AuditLog Query. The example Python code does not compile due to the broken import statements.

I have amended this based on the SDK without success. The post operation returns a 500 without any other details on the error.

Are there any known issues with using the SDK or beta API to create an audit log query that would prevent the operation from succeeding?

Code encountering this issue

from msgraph_beta import GraphServiceClient as GSC_beta
from msgraph_beta.generated.models.security.audit_log_query_status import (
    AuditLogQueryStatus,
)

graph_client_beta = GSC_beta(credentials=credential, scopes=scopes)

request_body = AuditLogQuery(
    odata_type="#microsoft.graph.security.auditLogQuery",
    display_name="Exchange Audit Log Query",
    filter_start_date_time="2024-09-15T00:00:00+00:00",
    filter_end_date_time="2024-09-16T00:00:00+00:00",
    status=AuditLogQueryStatus.NotStarted,
    record_type_filters=[
        AuditLogRecordType.ExchangeAdmin,
        AuditLogRecordType.ExchangeItem,
        AuditLogRecordType.ExchangeItemGroup,
    ],
)

result = await graph_client_beta.security.audit_log.queries.post(
    body=request_body
)
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,002 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Matt 5 Reputation points
    2024-09-18T03:53:01.1266667+00:00

    I have solved this by change the AuditLogQuery parameters to match

    
    request_body = AuditLogQuery(
        odata_type="#microsoft.graph.security.auditLogQuery",
        display_name="Exchange Audit Log Query",
        filter_start_date_time=datetime.datetime(2024, 9, 17),
        filter_end_date_time=datetime.datetime.now(),
        status=AuditLogQueryStatus.NotStarted,
        record_type_filters=[
            AuditLogRecordType.ExchangeAdmin,
            AuditLogRecordType.ExchangeItem,
            AuditLogRecordType.ExchangeItemGroup,
        ],
    )
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.