> ## Documentation Index > Fetch the complete documentation index at: https://developers.harvey.ai/llms.txt > Use this file to discover all available pages before exploring further. # Search Audit Logs > Takes a timestamp as a parameter and returns the audit log at or after the timestamp. Useful to begin pagination to get more logs. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). ### Permissions Requires `Territory admin` or `Organization admin` permission. ## OpenAPI ````yaml /audit_logs_api.json get /api/v1/logs/audit/search/ openapi: 3.0.1 info: title: Harvey Audit Log API description: > The Harvey Audit Log API allows customers to query audit logs for their workspace. These APIs cover ways to query audit logs at a given time or from an ID and how to paginate through audit logs over time. The current API request rate limit for audit log querying is 1 per second. For a complete list of all audit log types, use cases, and implementation examples, see the [Audit Logs Guide](/guides/audit_logs). version: 1.0.0 contact: email: support@harvey.ai servers: - url: https://api.harvey.ai description: Harvey API server security: [] paths: /api/v1/logs/audit/search/: get: tags: - Search summary: Search Audit Logs description: > Takes a timestamp as a parameter and returns the audit log at or after the timestamp. Useful to begin pagination to get more logs. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). operationId: searchAuditLogs parameters: - name: time in: query required: true schema: type: integer format: timestamp description: UTC epoch timestamp, up to 1 year old from now - name: log_type in: query required: false schema: type: string description: >- Optional filter to return only logs of a specific type. For Microsoft add-in activity, use add-in-specific log types such as `user:word_add_in_docx_drafting` or `user:outlook_add_in_ask`. See the [Audit Logs Guide](/guides/audit_logs#audit-log-types) for a complete list of log types. example: auth:login responses: '200': description: Audit log entry at or after time content: application/json: schema: $ref: '#/components/schemas/AuditLogResponse' examples: admin_add_client_matters: summary: Admin Add Client Matters Event value: log: data: ip: 0.0.0.0 len_added_client_matters: 1 site: us user_agent: >- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 id: 0194f5c5-2021-75ae-b202-f049fca9dce2 ip: 0.0.0.0 timestamp: '2025-02-11T16:08:44.324452' type: admin:add_client_matters user: user@example.com user_agent: >- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 '400': description: Bad request. '401': description: Unauthorized. '429': description: Rate limit exceeded. '500': description: Internal server error. security: - bearerAuth: [] components: schemas: AuditLogResponse: type: object properties: log: $ref: '#/components/schemas/AuditLog' required: - log AuditLog: type: object properties: data: type: object description: Optional metadata for certain event types. properties: begin_date: type: string format: date-time description: Start timestamp of system-level event window. end_date: type: string format: date-time description: End timestamp of system-level event window. num_events: type: integer description: Number of events captured by the system-level log. event_id: type: integer description: Optional identifier for the underlying user action. additionalProperties: true id: type: string format: uuid description: Unique identifier for the log entry. example: 0194f5c5-2021-75ae-b202-f049fca9dce2 ip: type: string description: IP address of the actor. example: 0.0.0.0 timestamp: type: string format: date-time description: Date when the event occurred in ISO format. example: '2025-02-11T16:08:44.324452' type: type: string description: >- Type of audit log event. Microsoft add-in activity is returned through the same Audit Log API, with event types such as `user:word_add_in_docx_drafting` and `user:outlook_add_in_ask`. We may add more types at any time, so in developing and maintaining your code, you should not assume that only these types exist. For a complete list of all audit log types and their descriptions, see the [Audit Logs Guide](/guides/audit_logs#audit-log-types). example: admin:fetch_workspace_history user: type: string description: Email of the user who triggered the event. example: user@example.com user_agent: type: string description: User agent of the actor who triggered the event. example: >- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 required: - data - id - ip - timestamp - type - user - user_agent securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT ````