Hi Team,
We are using the REST API: [link] to collect the Audit Logs of Jira Cloud.
During data collection, we noticed that some events (e.g., "User added to group," "User removed from group," etc.) include IDs in the name field of the associatedItems
field instead of the actual names of the users on whom the actions were performed.
Is there any possible solution to retrieve the actual name in the raw event itself, instead of the ID in the name
field, while collecting the audit log through the mentioned API?
Hello @Nihar Markana _C_,
The REST API for these events will indeed return only the IDs, with the action's author being the only one returned by name.
As a workaround, consider adding the IDs to variables, if possible.
If the goal of these events, such as adding a user to a group, is to identify the user, this variable will help you perform another REST API call:
https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-users/#api-rest-api-3-user-get
Using the result from the first REST API call, you can retrieve additional user details, such as names or other relevant information.
Let me know if this approach helps or if you have any questions—feel free to reach out!
Best regards,
Hi @Luiz Ricardo Pereira da Silva , Thanks for taking this up.
We can use the mentioned API as a 2nd REST call, but the problem with that is we are not receiving the accountID in audit logs every time. for example it might contains the authorKey (i.e, ug:123ec4f5-a678-912b-34d5-6788123e4ada) which is deprecated from the Jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello, I apologize for the delay.
Unfortunately, some records in the audit log do not include the AccountId, and the author key has indeed been discontinued.
I'm not sure if this will help, but I created a Python script that, in addition to scanning all users, also identifies the AccountId related to the author key in other audit logs.
If the AccountId is not found in that session, the script will look for it in other sessions where the same user appears, performing a comparison by the author key.
If it still can't find it, the result will be returned as "unknown."
This isn't the solution, but it's the closest approach I could find to assist you.
I hope it works for most of the sessions.
import json
import requests
import base64
# Authentication configuration
JIRA_USER = "your_email" # Replace with the correct user
JIRA_TOKEN = "your_token" # Replace with the correct token
AUTH_HEADER = base64.b64encode(f"{JIRA_USER}:{JIRA_TOKEN}".encode()).decode()
# Function to get user by authorKey
def get_user_by_authorKey(authorKey):
JIRA_USER_URL = f"you_domainrest/api/3/user?key={authorKey}"
HEADERS = {
"Authorization": f"Basic {AUTH_HEADER}",
"Accept": "application/json"
}
response = requests.get(JIRA_USER_URL, headers=HEADERS)
if response.status_code == 200:
return response.json().get("accountId", "Unknown")
return "Unknown"
# Function to extract users from the audit JSON
def get_user_from_audit(audit_json):
users = []
for record in audit_json.get("records", []):
user_info = {
"event_id": record.get("id"),
"summary": record.get("summary"),
"accountId": None,
"authorKey": None,
"user": "Unknown"
}
# First, try to get the accountId directly
if "authorAccountId" in record:
user_info["accountId"] = record["authorAccountId"]
user_info["user"] = record["authorAccountId"]
# If not found, try to get the authorKey
elif "authorKey" in record:
user_info["authorKey"] = record["authorKey"]
user_info["user"] = record["authorKey"]
# If still not found, check in associatedItems
if not user_info["accountId"]:
for item in record.get("associatedItems", []):
if item.get("typeName") == "USER":
user_info["authorKey"] = item.get("id")
user_info["user"] = item.get("name")
break
# If the user is still "Unknown", try to fetch it from the API
if user_info["user"] == "Unknown" and user_info["authorKey"]:
user_info["user"] = get_user_by_authorKey(user_info["authorKey"])
users.append(user_info)
return users
# API request configuration
JIRA_URL = "you_domainrest/api/3/auditing/record"
HEADERS = {
"Authorization": f"Basic {AUTH_HEADER}",
"Accept": "application/json"
}
# Making the request
response = requests.get(JIRA_URL, headers=HEADERS)
if response.status_code == 200:
auditing_json = response.json()
users_extracted = get_user_from_audit(auditing_json)
print(json.dumps(users_extracted, indent=4))
else:
print(f"Request failed: {response.status_code} - {response.text}")
Best regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.