Help Center/ Database Security Service/ API Reference/ API/ Data Analytics/ Querying Audit SQL Statements
Updated on 2025-06-19 GMT+08:00
View PDF

Querying Audit SQL Statements

Function

This API is used to query audit SQL statements.

Calling Method

For details, see Calling APIs.

URI

POST /v1/{project_id}/{instance_id}/audit/sqls

Table 1 URI parameter

Parameter

Mandatory

Parameter Type

Description

project_id

Yes

String

Project ID.

instance_id

Yes

String

Instance ID. You can obtain the value from the ID field in the API for querying the instance list.

Request Parameter

Table 2 Request header parameter

Parameter

Mandatory

Parameter Type

Description

X-Auth-Token

Yes

String

User token. The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.)
Table 3 Request body parameter

Parameter

Mandatory

Parameter Type

Description

time

Yes

time object

Query time range

risk_levels

No

String

Risk severity.

  • HIGH
  • MEDIUM
  • LOW
  • NO_RISK

client_ip

No

String

Client IP address

client_name

No

String

Client name

db_ip

No

String

Database IP address

db_user

No

String

Database user

query_type

No

String

Query type: LOGIN, CREATE_TABLE, CREATE_TABLESPACE, DROP_TABLE, DROP_TABLESPACE, DELETE, INSERT, INSERT_SELECT, SELECT, SELECT_FOR_UPDATE, UPDATE, CREATE_USER, DROP_USER, GRANT, and OPERATE ALL

rule_name

No

String

Rule name

sql_statement

No

String

SQL statement

sql_response

No

String

Response Result

  • SUCCESS
  • FAILED

page

No

Integer

Page number

size

No

Integer

Number of records.

time_order

No

String

Time sequence. The value can be:

  • DESC
  • ASC
Table 4 time

Parameter

Mandatory

Parameter Type

Description

time_range

No

String

Time range. This parameter cannot be used together with start_time and end_time. If they are used together, this parameter has a higher priority. The value can be:

  • HALF_HOUR
  • HOUR
  • THREE_HOUR
  • TWELVE_HOUR
  • DAY
  • WEEK
  • MONTH

start_time

No

String

Start time. This parameter must be used together with end_time. The format must be yyyy-MM-dd HH:mm:ss. Time when an action occurred, in UTC time.

end_time

No

String

End time. This parameter must be used together with start_time. The format must be yyyy-MM-dd HH:mm:ss. Time when an action occurred, in UTC time.

Response Parameters

Status code: 200

Table 5 Response body parameter

Parameter

Parameter Type

Description

total

Integer

Total number of records.

count

Integer

Number of records on each page. The default value is 10.

sqls

Array of sqls objects

SQL statement list
Table 6 sqls

Parameter

Parameter Type

Description

sql

sql object

SQL information
Table 7 sql

Parameter

Parameter Type

Description

id

String

SQL statement ID

sql_statement

String

SQL statement

client_ip

String

Client IP address

client_name

String

Client name

db_ip

String

Database IP address

db_user

String

Database username

query_type

String

Query type: LOGIN, CREATE_TABLE, CREATE_TABLESPACE, DROP_TABLE, DROP_TABLESPACE, DELETE, INSERT, INSERT_SELECT, SELECT, SELECT_FOR_UPDATE, UPDATE, CREATE_USER, DROP_USER, GRANT, and OPERATE ALL

operated_obj_info

Array of operated_obj_info objects

Action objects

rule_name

String

Rule name

risk_level

String

Risk severity.

  • HIGH
  • MEDIUM
  • LOW
  • NO_RISK

start_time

String

Audit start time

sql_response

String

Response Result

  • SUCCESS
  • FAILED

db_instance

String

DB instance
Table 8 operated_obj_info

Parameter

Parameter Type

Description

column_name

String

Column

object_type

String

Operation object type

schema_name

String

Schema name

sql_type

String

SQL type

sys_name

String

System

table_name

String

Table

Status code: 400

Table 9 Response body parameter

Parameter

Parameter Type

Description

error

Object

Error message.
Table 10 ErrorDetail

Parameter

Parameter Type

Description

error_code

String

Error code

error_msg

String

Error message

Status code: 403

Table 11 Response body parameter

Parameter

Parameter Type

Description

error

Object

Error message.
Table 12 ErrorDetail

Parameter

Parameter Type

Description

error_code

String

Error code

error_msg

String

Error message

Status code: 500

Table 13 Response body parameter

Parameter

Parameter Type

Description

error

Object

Error message.
Table 14 ErrorDetail

Parameter

Parameter Type

Description

error_code

String

Error code

error_msg

String

Error message

Example Request

/v1/{project_id}/{instance_id}/audit/sqls

{
  "time" : {
    "time_range" : "DAY",
    "start_time" : null,
    "end_time" : null
  },
  "risk_levels" : null,
  "client_ip" : null,
  "client_name" : null,
  "db_ip" : null,
  "db_user" : null,
  "query_type" : null,
  "rule_name" : null,
  "sql_statement" : null,
  "sql_response" : null,
  "page" : 1,
  "size" : 50,
  "time_order" : "DESC"
}

Response Examples

Status code: 200

Success

{
  "total" : 2,
  "count" : 2,
  "sqls" : [ {
    "sql" : {
      "id" : "o1n8BI8BDdIO3rwS4Rea",
      "sql_statement" : "create table test(name varchar(1000), age int)",
      "client_ip" : "fe80::f816:3eff:feca:22f5",
      "client_name" : "",
      "db_ip" : "fe80::f816:3eff:feca:22f5",
      "db_user" : "root",
      "query_type" : "CREATE TABLE",
      "operated_obj_info" : [ {
        "column_name" : "",
        "object_type" : "TABLE",
        "schema_name" : "test",
        "sql_type" : "CREATE TABLE",
        "sys_name" : "",
        "table_name" : "test"
      }, {
        "column_name" : "",
        "object_type" : "TABLE",
        "schema_name" : "test",
        "sql_type" : "CREATE",
        "sys_name" : "",
        "table_name" : "test"
      } ],
      "rule_name":"Full audit rule",
      "risk_level" : "",
      "start_time" : "2024-04-22 08:46:02",
      "sql_response" : "SUCCESS",
      "db_instance" : ""
    }
  }, {
    "sql" : {
      "id" : "pFn8BI8BDdIO3rwS4Rea",
      "sql_statement" : "create table test",
      "client_ip" : "fe80::f816:3eff:feca:22f5",
      "client_name" : "",
      "db_ip" : "fe80::f816:3eff:feca:22f5",
      "db_user" : "root",
      "query_type" : "CREATE",
      "operated_obj_info" : [ {
        "column_name" : "",
        "object_type" : "",
        "schema_name" : "test",
        "sql_type" : "CREATE",
        "sys_name" : "",
        "table_name" : ""
      } ],
      "rule_name":"Full audit rule",
      "risk_level" : "",
      "start_time" : "2024-04-22 08:46:02",
      "sql_response" : "FAILED",
      "db_instance" : ""
    }
  } ]
}

Status code: 400

Incorrect request parameter.

{
  "error" : {
    "error_code" : "DBSS.XXXX",
    "error_msg" : "XXX"
  }
}

Status code: 500

Internal server error.

{
  "error" : {
    "error_code" : "DBSS.XXXX",
    "error_msg" : "XXX"
  }
}

Status Code

Status Code

Description

200

Request succeeded.

400

Incorrect request parameter.

403

Authentication failed.

500

Internal server error.

Error Codes

For details, see Error Codes.

Parent topic: Data Analytics