Query Logs

URL:
https://<root>/logs/query
Methods:
GET
Required Capability:
Access allowed with any authorized privilege
Version Introduced:
10.3.1

Description

The query operation allows you to aggregate, filter, and page through logs written by ArcGIS Enterprise portal. Logs can be queried according to log levels and start and end times, and further filtered by the log code, users associated with the event being logged, the log's source, and by request ID (introduced at ArcGIS Enterprise 11.3).

Queryable log information

Log level

Each logged event has a specific level associated with them. The table below outlines the log level types:

LevelDetails

SEVERE

Serious problems that require immediate attention. This level only includes severe messages.

WARNING

Moderate problems that require attention. This level also includes severe messages.

Info

Common administrative messages of the portal, including messages about organization settings being updated. This level also includes severe and warning messages.

Fine

Common messages from use of the portal, like names of operations and requests received. This level includes severe, warning, and info messages.

Verbose

Messages providing more detail about how the portal fulfills operations and requests. This level includes severe, warning, info, and fine messages.

Debug

Highly verbose messages designed for developers and support technicians who want to obtain a better understanding of the portal's state when troubleshooting. Don't use this level in a production environment; it may cause a decrease in performance. If you're not troubleshooting an issue, use the Warning level instead.

Off

Logging is turned off. Events are not logged with the portal.

Time

Each logged event records the time the event occurred. Events are organized chronologically, with the most recent event displayed first. Logs can be filtered for a specific time frame by specifying the start and end time for the query. The start time will be the most recent time and the end time will be the earliest time.

Log codes

Each logged event has a code associated with it. The codes are organized into several categories with specific ranges and content. You can specify a specific code or code range to display when querying the logs.

CategoryRangeMessage Content

Publishing

200000–201999

Publishing and deleting hosted services.

Content management

202000–203999

  • Adding, removing, updating, and moving items.
  • Changing item ownership.
  • Sharing items with everyone, the organization, and groups.

Security

204000–205999

  • Built-in or organization-specific user log in.
  • Portal token generation and configuration.
  • Disabling and enabling account sign up.
  • Disabling and enabling the ArcGIS Portal Directory.
  • Importing or exporting a security certificate.
  • Creating, deleting, and disabling users.
  • Changing user role privileges.
  • Creating and deleting custom roles.
  • Disabling and enabling HTTPS and anonymous access.
  • Updating the identity store.

Organization management

206000–207999

  • Customizing the organization home page.
  • Configuration of the gallery, basemaps, display units, utility services, and federated servers.
  • Creating and deleting groups.
  • Adding users to a group and removing users from a group.
  • Invite users to a group or accepting an invitation to a group.
  • Configuration of ArcGIS Pro licenses.
  • ArcGIS Web Adaptor configuration.
  • Modifying the location of the portal content directory.
  • Configuring forward and reverse proxy servers.
  • Exceeding the number of named users authorized for the portal.
  • Editing log setting and deleting logs.

Installation and upgrade

208000–209999

Installing and upgrading the software, creating the portal website, and authorizing the software.

Search index

210000–211999

Generating the portal's item search index.

General

212000–219999

  • Restarting the portal.
  • Configuring a highly available portal.
  • Other general messages generated through regular use of the portal.

Source component

The source of the logged events are generated from the sharing, administrative, and portal components of the software. Events related to publishing and users are categorized under Sharing. Events related to security and indexing are categorized under Portal Admin. Events related to installing the software are categorized under Portal.

Request IDs

Introduced at 11.3, logs for requests made through the Portal Admin API have a request ID associated with them that can be used to further filter logs. The request ID can be gathered and used during queries in the following way:

  1. Make an initial query request for the Enterprise portal logs to find a log associated with the request. Its recommended that the source is set as PORTAL ADMIN to limit log results to those that would return a request ID. Logs can be further filtered by specifying a time range the request occured within, specifying a log code range, or providing the username of the member who is associated with the request.
  2. Once you've found a log entry for the request, copy the request ID.
  3. Return to the query operation and perform a new request, this time including the request ID as part of the query. You can make queries to different log levels to identify any logs of that type that are associated with the request ID.

Request parameters

ParameterDetails

level

(Required)

Returns only records with a log level at or more severe than the level specified. The default is WARNING.

Values: OFF | SEVERE | WARNING | INFO | FINE | VERBOSE | DEBUG

startTime

(Optional)

The most recent time to query. If, after running a request, the hasMore response property is true, you can retrieve additional log records by running a new request that uses the value you had for the endTime parameter in the first request as the value for the startTime parameter for the new request. Time can be specified as a portal timestamp (format in yyyy-mm-ddThh:mm:ss) or in Unix format. The default is the current date. If the startTime parameter is specified, but endTime is not, all of the oldest logs are returned up to the start time.

Examples
Use dark colors for code blocksCopy
1
2
3
4
5
//Timestamp
{ "startTime": "2015-05-01T13:15:00", ... }

//Unix
{ "startTime": 1430504100, ... }

endTime

(Optional)

The oldest time to include in the result set. You can use this to limit the query to the last number of minutes, hours, days, months, and years as needed. Time can be specified as a portal timestamp (format in yyyy-mm-ddThh:mm:ss) or in Unix format. The default is the beginning of all logging. If the endTime parameter is specified, but startTime is not, all of the most recent logs will be returned up to the end time.

Examples
Use dark colors for code blocksCopy
1
2
3
4
5
//Timestamp
{ "endTime": "2015-05-01T13:00:00", ... }

//Unix
{ "endTime": "1430503200, ... }

filterType

The filter type. The only accepted value is json.

filter

(Optional)

Filters Enterprise portal logs by a set of filter definitions:

  • codes: A comma-separated list of log codes. This list can include specific log code values, a log code range, or a combination of specific log codes and log code ranges. Specyfing a value for the codes filter definition will only return logs that are a match with a specific log code or are within the log code range.
  • users: A comma-separated list of organization member usernames.
  • requestIds: Introduced at 11.3. An ID associated with a request made using the Portal Admin API. Only logs with a source of PORTAL ADMIN will return a request ID.
  • source: The source component of the logged event. Accepted values are * (meaning all source components are included in the query), SHARING, PORTAL ADMIN, and PORTAL.
Example
Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
//Filtering using log codes, username, and source component
filter={
  "codes": [
    204000–205999,
    212015,
    219114
  ],
  "users": [
    "admin",
    "jcho"
  ],
  "requestIds": [],
  "source": ["PORTAL ADMIN"]
}

//Filtering using request ID
filter={
  "codes": [],
  "users": [],
  "requestIds": ["311bbe1c-a8bc-4cd9-9f73-1b9a12cbf178"],
  "source": []
}

pageSize

(Optional)

The maximum number of log records to be returned by this query. The default is 1000.

Example
Use dark colors for code blocksCopy
1
pageSize=1000

federatedServers

(Required)

Introduced at ArcGIS Enterprise 11.4. Specifies whether logs from federated servers should be included in the query. To include logs from every federated server, set the value for federatedServers to all. To include logs from a specific federated server, set the value as the server's URL. To exclude federated server logs from the query, leave the value for federatedServers empty.

Use dark colors for code blocksCopy
1
2
3
4
5
//Include logs from all federated servers
federatedServers=all

//Include logs from a specific federated server
federatedServers=https://machine.domain.com/arcgis

f

The response format. The default is html.

Values: html | json | xml | pjson

Example usage

The following is a sample GET request for the query operation:

Use dark colors for code blocksCopy
1
https://machine.domain.com/webadaptor/portaladmin/logs/query?level=SEVERE&startTime=1569263675708&endTime=1569212579554&filterType=json&filter={"codes":["201999"],"users":["user1"],"requestIds":[],"source":["Sharing"]}&pageSize=1000&federatedServers=all&f=json

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{
  "hasMore": false,
  "startTime": 1569263675708,
  "endTime": 1569212579554,
  "logMessages": [
    {
      "type": "SEVERE",
      "message": " Failed to delete folder 'user1/testFolder' (id:a1b2c3d4e5f6g7h8i9a1b2c3d4e5f6g7).  Some items in the folder cannot be deleted.",
      "time": 1569263675708,
      "source": "Sharing",
      "machine": "MACHINE.DOMAIN.COM",
      "user": "user1",
      "code": 219999,
      "elapsed": "",
      "process": "13944",
      "thread": "1",
      "methodName": "",
      "requestID": ""
    },
    {
      "type": "SEVERE",
      "message": " Failed to delete item 'https://machine.domain.com/webadaptor/rest/services/Hosted/testItem/FeatureServer' (id:edf7f18f65604380bb045da9cbe18833) in folder 'user1/testFolder' (id:a1b2c3d4e5f6g7h8i9a1b2c3d4e5f6g7). Unable to delete item: https://machine.domain.com/webadaptor/rest/services/Hosted/testItem/FeatureServer",
      "time": 1569263645008,
      "source": "Sharing",
      "machine": "MACHINE.DOMAIN.COM",
      "user": "user1",
      "code": 219999,
      "elapsed": "",
      "process": "13944",
      "thread": "1",
      "methodName": "",
      "requestID": ""
    },
    {
      "type": "SEVERE",
      "message": " Failed to delete item 'https://machine.domain.com/webadaptor/rest/services/Hosted/testItem2/FeatureServer' (id:edf7f18f65604380bb045da9cbe18833). Error while deleteing 'edf7f18f65604380bb045da9cbe18833' {\"success\":false,\"error\":{\"message\":\"Delete Service failed for url 'https://machine.domain.com/webadaptor/rest/services/Hosted/testItem2/FeatureServer (Delete service error: \\nException: Read timed out)'\"}}",
      "time": 1569263645008,
      "source": "Sharing",
      "machine": "MACHINE.DOMAIN.COM",
      "user": "user1",
      "code": 219999,
      "elapsed": "",
      "process": "13944",
      "thread": "1",
      "methodName": "",
      "requestID": ""
    }
  ]
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.