ALQL fields
Audit Log Query Language (ALQL) lets you search for a value in a specific field. Each field in the audit log has a corresponding ALQL name.
In a clause, a field is followed by an operator and one or more values. The operator compares the value of the field with one or more values on the right, such that only true results are retrieved by the clause. It's not possible to compare two fields in ALQL.
Created field type
A filter with date and time to refine the search.
This is a mandatory field.
By default, ALQL uses a seven-day date range in the format of a full timestamp. You may change the format to YYYY-MM-DD, which the ALQL assumes to be 00:00:00 UTC. You can also optionally add a Z to explicitly enforce the UTC timezone. For example, YYYY-MM-DDZ or YYYY-MM-DDTHH:mm:ss.msZ.
You have a choice of other date and time formats to use with the created field type. The following table describes them.
形式 | 説明 | 例 |
|---|---|---|
Date only | This is how a simple date looks. |
December 7, 2025, UTC |
Date with hour only
| ALQL fills in the minutes and seconds with zeros if you don’t add them. |
December 7, 2025, 3pm, UTC |
Date with hour and minute | ALQL fills in the seconds with zeros if you don’t add them. |
December 7, 2025, 3.30pm, UTC |
Date with hour, minute and seconds | This includes both the date and the time down to the second. |
December 7, 2025, 3.30pm, and 45 seconds, UTC |
Date with hour, minute, seconds and milliseconds | This format includes the date and time down to milliseconds. |
December 7, 2025, 3.30pm, 45 seconds, and 123 milliseconds, UTC |
Date with offset | This format includes the timezone offset from UTC, formatted as a number. |
December 7, 2025, 3.30pm, 45 seconds, 10 hours ahead of UTC |
構文 | created |
|---|---|
フィールド タイプ | CREATED |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
Activity field type
Filter with activity to refine the search. Explore all the activities that can occur in your organization
構文 | activity |
|---|---|
フィールド タイプ | ACTIVITY |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
Actor field type
Filter with actor to refine the search.
構文 | actor |
|---|---|
フィールド タイプ | ACTOR |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
IP Address field type
Filter with IP address to refine the search.
構文 | ip address |
|---|---|
フィールド タイプ | IP ADDRESS |
オートコンプリート | いいえ |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
City, region and country field types
Filter with location to refine the search.
構文 | city
region
country |
|---|---|
フィールド タイプ | CITY, REGION and COUNTRY |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例
|
|
App field type
Filter with Atlassian app name to refine the search.
構文 | app |
|---|---|
フィールド タイプ | APP |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
Site field type
Filter with the site ID, also known as the cloud ID, to refine the search.
To find your cloud ID:
Navigate to admin.atlassian.com. If you're a member of more than one, select the relevant organization.
In the side navigation, select Apps, then Sites.
Select the relevant site from the list.
The cloud ID is listed after
/s/in your address bar.
構文 | site |
|---|---|
フィールド タイプ | SITE |
オートコンプリート | はい |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
Correlation ID field type
Filter with the correlation ID to refine the search. The correlation ID is an ID shared between events in audit logs. The most common shared events relate to Customer-Managed Keys (CMK). Using this field is equivalent to using the Related activities dropdown in the basic audit log search.
構文 | correlation id |
|---|---|
フィールド タイプ | CORRELATION ID |
オートコンプリート | いいえ |
サポートされる演算子 |
|
サポートされない演算子 |
|
例 |
|
この内容はお役に立ちましたか?