Rootly Audit Logs
Ingests Rootly audit logs for tracking changes and activities within the Rootly platform. This connector captures user actions, system events, and configuration changes for security monitoring and compliance.
Sync Type: Incremental
Requirements
- A Rootly account with API access
- API Key with read permissions for audit logs
- Organization Settings access to generate API keys
Generating an API Key
- Log in to your Rootly dashboard
- Navigate to Configuration → API Keys
- Click Generate New API Key
- Copy the generated key and store it securely
Details
| Property | Value |
|---|---|
| State Management | Ascending cursor based on created_at timestamp |
| API Endpoint | GET /v1/audits |
| Pagination | Cursor-based using JSON:API links.next |
| Base URL | https://api.rootly.com |
| API Format | JSON:API specification |
Configuration
Settings
| Setting | Type | Required | Default | Description |
|---|---|---|---|---|
| Use Synthetic Data` | boolean | No | false | Generate synthetic demo data instead of connecting to the real data source |
| Backfill Start Time | string | No | The date to start fetching data from. If not specified, no past records will be fetched. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| API Key | string | Yes | Bearer token for authenticating with the Rootly API |
Rate Limits
| Scope | Limit | Window | Notes |
|---|---|---|---|
| GET, HEAD, OPTIONS | 3,000 requests | per minute | Per API key, sliding window |
| POST, PUT, PATCH, DELETE | 3,000 requests | per minute | Per API key, sliding window |
| Alert Creation | 50 requests | per minute | Per API key |
Source: Rootly API Overview
Troubleshooting
Common Issues
Issue: Authentication failed (401 Unauthorized)
Cause: Invalid or expired API key
Solution:
- Verify your API key is correct
- Generate a new API key from Organization Settings
- Ensure the key has not been revoked
Issue: No audit logs returned
Cause: No activity in the specified time range or insufficient permissions
Solution:
- Check if there is recent activity in your Rootly account
- Verify your API key has audit log read permissions
- Try expanding the time range
Issue: Rate limit exceeded (429 Too Many Requests)
Cause: Exceeded 3,000 requests per minute
Solution:
- Wait for the rate limit window to reset (1 minute)
- The connector automatically handles rate limiting with retries
Related Articles
Sample Record
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"type": "audit_logs",
"attributes": {
"action": "incident.created",
"actor_id": "user-123",
"actor_type": "User",
"actor_name": "John Doe",
"resource_id": "incident-456",
"resource_type": "Incident",
"changes": {
"status": ["investigating", "resolved"],
"severity": ["minor", "major"]
},
"metadata": {
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36"
},
"created_at": "2024-01-15T10:30:00Z",
"environment_id": "env-789"
},
"relationships": {
"actor": {
"data": {
"id": "user-123",
"type": "users"
}
},
"resource": {
"data": {
"id": "incident-456",
"type": "incidents"
}
}
}
}