How does the audit log api map to the UI audit log?

Hello Boris and welcome to the Community!

Building a monitoring system to review and record the audit logs sounds like an awesome idea. With this said, the relationship between the API JSON response and the UI and not a perfect match but they're very close, I will present an example which compares the UI to the JSON results:

For this example, I made a change within the Global settings changing the Connection Timeout from 1000 to 10001. The UI will report results as follows:

The JSON response will be seen as:

{
 "results":[
 {
 "author":{
 "type":"user",
 "displayName":"USER",
 "username":"USERNAME",
 "userKey":"00000"
 },
 "remoteAddress":"0:0:0:0:0:0:0:1",
 "creationDate":1547651550771,
 "summary":"Global settings changed",
 "description":"",
 "category":"Global Administration",
 "sysAdmin":true,
 "affectedObject":{
 "name":"",
 "objectType":""
 },
 "changedValues":[
 {
 "name":"Custom contact admin message",
 "oldValue":"",
 "newValue":"Please enter information about your request for the site administrators. If you are reporting an error please be sure you include information on what you were doing and the time the problem occurred."
 },
 {
 "name":"Connection timeout",
 "oldValue":"10000",
 "newValue":"10001"
 }
 ],
 "associatedObjects":[

 ]
 }
}

This should help to paint a picture of how the UI is matched to the JSON results from the API. The API will report much more detail than the UI has which will make a monitoring solution which uses the API much for viable.

You may find more about the audit records within the API at: GET /rest/api/audit. Along with the Confluence documentation for Audit Log.

If you need further information on API results for the audit records, please let us know.

Regards,
Stephen Sifers