创建 auditLogQuery

Namespace：microsoft.graph.security

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用，请使用 版本 选择器。

创建新的 auditLogQuery 对象。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	❌	❌	❌

权限

可以通过 Microsoft Purview 审核搜索 API 通过以下权限访问审核数据，这些权限在 Microsoft 365 服务级别进行分类。 若要了解详细信息，包括如何选择权限的信息，请参阅权限。

Microsoft 365 服务	委派（工作或学校帐户）	委派（个人 Microsoft 帐户）	应用程序
Microsoft OneDrive	AuditLogsQuery-OneDrive.Read.All	不支持	AuditLogsQuery-OneDrive.Read.All
Microsoft Exchange	AuditLogsQuery-Exchange.Read.All	不支持	AuditLogsQuery-Exchange.Read.All
Microsoft SharePoint	AuditLogsQuery-SharePoint.Read.All	不支持	AuditLogsQuery-SharePoint.Read.All
Endpoint 的数据丢失保护	AuditLogsQuery-Endpoint.Read.All	不支持	AuditLogsQuery-Endpoint.Read.All
Microsoft Dynamics CRM	AuditLogsQuery-CRM.Read.All	不支持	AuditLogsQuery-CRM.Read.All
Microsoft Entra	AuditLogsQuery-Entra.Read.All	不支持	AuditLogsQuery-Entra.Read.All
所有审核日志	AuditLogsQuery.Read.All	不支持	AuditLogsQuery.Read.All

HTTP 请求

POST /security/auditLog/queries

请求标头

名称	说明
Authorization	持有者 {token}。 必填。 详细了解 身份验证和授权。
Content-Type	application/json. 必需。

请求正文

在请求正文中，提供 auditLogQuery 对象的 JSON 表示形式。

创建 auditLogQuery 时，可以指定以下属性。

属性	类型	说明
displayName	String	保存的审核日志查询的显示名称。 可选。
filterStartDateTime	DateTimeOffset	查询中日期范围的开始日期。 可选。
filterEndDateTime	DateTimeOffset	查询中日期范围的结束日期。 可选。
recordTypeFilters	microsoft.graph.security.auditLogRecordType 的集合 (字符串)	记录指示的操作类型。 可能的值为：、、、、、exchangeItemGroupsharePointFileOperationsyntheticProbesharePointazureActiveDirectoryoneDrive、、 microsoftTeamsDevicehrSignalmicrosoftTeamsAdminsharePointContentTypeOperationsharePointFieldOperationinformationBarrierPolicyApplicationdataInsightsRestApiAudithygieneEventexchangeItemAggregatedteamsHealthcarelabelContentExplorerthreatIntelligenceAtpContentpowerAppsPlansharePointListItemOperationpowerAppsAppworkplaceAnalyticsmipLabelmicrosoftTeamsAnalyticssecurityComplianceInsightsinformationWorkerProtectiondiscoverymicrosoftTeamsskypeForBusinessCmdletsyammercrmthreatIntelligencepowerBIAuditexchangeAggregatedOperationsecurityComplianceCenterEOPCmdletmicrosoftFlowcampaignmailSubmissioncomplianceDLPSharePointClassificationmicrosoftStreamaeDthreatIntelligenceUrldataGovernancethreatFinderkaizalasecurityComplianceAlertssharePointListOperationsharePointCommentOperationprojectcomplianceDLPExchangesharePointSharingOperationswayskypeForBusinessUsersBlockedazureActiveDirectoryAccountLogonskypeForBusinessPSTNUsagedataCenterSecurityCmdletazureActiveDirectoryStsLogoncomplianceDLPSharePointexchangeItemexchangeAdmindlpEndpoint， airInvestigation， quarantine， microsoftForms， applicationAudit， complianceSupervisionExchange， customerKeyServiceEncryption， ， mipAutoLabelSharePointItemofficeNativemipAutoLabelSharePointPolicyLocationmicrosoftTeamsShiftssecureScoremipAutoLabelExchangeItemcortanaBriefingsearchwdatpAlertspowerPlatformAdminDlppowerPlatformAdminEnvironmentmdatpAuditsensitivityLabelPolicyMatchsensitivityLabelActionsensitivityLabeledFileActionattackSimairManualInvestigationsecurityComplianceRBACuserTrainingairAdminActionInvestigationmsticphysicalBadgingSignalteamsEasyApprovalsaipDiscoveraipSensitivityLabelActionaipProtectionActionaipFileDeletedaipHeartBeatmcasAlertsonPremisesFileShareScannerDlponPremisesSharePointScannerDlpexchangeSearchsharePointSearchprivacyDataMinimizationlabelAnalyticsAggregatemyAnalyticsSettingssecurityComplianceUserChangecomplianceDLPExchangeClassificationcomplianceDLPEndpointmipExactDataMatchmsdeResponseActionsmsdeGeneralSettingsmsdeIndicatorsSettingsms365DCustomDetectionmsdeRolesSettingsmapgAlertsmapgPolicymapgRemediationprivacyRemediationActionprivacyDigestEmailmipAutoLabelSimulationProgressmipAutoLabelSimulationCompletionmipAutoLabelProgressFeedbackdlpSensitiveInformationType， mipAutoLabelSimulationStatistics， largeContentMetadata， microsoft365Group， cdpMlInferencingResult， filteringEntityEventdlpImportResultcdpCompliancePolicyExecutionmultiStageDispositionprivacyDataMatchhealthcareSignalfilteringEmailFeaturesfilteringDocMetadatapowerBIDlpfilteringUrlInfofilteringAttachmentInfocoreReportingSettingscomplianceConnectorconsumptionResourcepowerPlatformLockboxResourceCommandpowerPlatformLockboxResourceAccessRequestcdpPredictiveCodingLabelcdpCompliancePolicyUserFeedbackwebpageActivityEndpointomePortalscorePlatformGenericAuditRecordpowerPlatformServiceActivityfilteringTimeTravelDocMetadatamicrosoftManagedServicePlatformlabelExplorerfilteringMailSubmissionalertfilteringRuleHitsmipLabelAnalyticsAuditRecordfilteringUrlClickalertStatuscmImprovementActionChangetenantAllowBlockListcdpUnifiedFeedbackfilteringPostMailDeliveryActionfilteringMailGradingResultcaseInvestigationrecordsManagementprivacyRemediationcaseehrConnectorincidentStatuscdpDlpSensitivealertIncidentdataShareOperationpublicFolderfilteringMailMetadatacdpClassificationMailItemcdpClassificationDocumentofficeScriptsRunActionprivacyTenantAuditHistoryRecord， aipScannerDiscoverEvent， eduDataLakeDownloadOperation， m365ComplianceConnector， microsoftGraphDataConnectOperation， mdcRegulatoryComplianceAssessmentsplannerTaskListplannerTenantSettingsprojectForTheWebProjectprojectForTheWebTaskplannerPlanListprojectForTheWebRoadmapItemprojectForTheWebRoadmapprojectForTheWebProjectSettingsprojectForTheWebRoadmapSettingsquarantineMetadatamicrosoftTodoAudittimeTravelFilteringDocMetadataplannerRostersharePointAppPermissionOperationteamsQuarantineMetadatamicrosoftTeamsSensitivityLabelActionfilteringTeamsMetadatafilteringTeamsUrlInfofilteringTeamsPostDeliveryActionmicrosoftGraphDataConnectConsentattackSimAdminfilteringAtpDetonationInfofilteringRuntimeInfovivaGoalsmdaDataSecuritySignalprivacyPortalmdcSecurityConnectorsmdcRegulatoryComplianceControlsmdcRegulatoryComplianceStandardsmanagedTenantsmdcAssessmentsplannerTaskplannerCopyPlanplannerPlanms365DIncidentms365DSuppressionRulepurviewDataMapOperationfilteringUrlPostClickActionupdateQuarantineMetadataplannerRosterSensitivityLabelunifiedSimulationSummaryteamsUpdatesunifiedSimulationMatchedItemirmUserDefinedDetectionSignalfilteringDelistingMetadatamicrosoftPurviewfilteringEmailContentFeaturespowerPagesSitepowerAppsResourcecomplianceDLPSharePointClassificationExtended、microsoftDefenderForIdentityAudit、、supervisoryReviewDayXInsight、defenderExpertsforXDRAdmin、hostedRpacdpContentExplorerAggregateRecordcdpEdgeBlockedMessage、、cdpHygieneAttachmentInfo、cdpHygieneSummary、cdpPostMailDeliveryActioncdpEmailFeatures、cdpUrlClickcdpHygieneUrlInfo、cdpPackageManagerHygieneEvent、、filteringDocScan、timeTravelFilteringDocScan、 。 unknownFutureValuemapgOnboard 可选。
keywordFilter	String	用于搜索审核日志的非索引属性的自由文本字段。 可选。
serviceFilter	String	指审核记录中的工作负载属性。 这是发生活动的Microsoft服务。 可选。
operationFilters	字符串集合	用户或管理员活动的名称。 有关最常见操作/活动的说明，请参阅在 Office 365 保护中心搜索审核日志。 可选。
userPrincipalNameFilters	字符串集合	UPN (用户主体名称) 执行操作的用户 (操作属性中指定的) ，导致记录被记录;例如， my_name@my_domain_name。 可选。
ipAddressFilters	字符串集合	记录活动时使用的设备的 IP 地址。 可选。
objectIdFilters	字符串集合	对于 SharePoint 和 OneDrive for Business 活动，用户访问的文件或文件夹的完整路径名称。 对于 Exchange 管理员审核日志，通过 cmdlet 修改的对象的名称。 可选。
administrativeUnitIdFilters	字符串集合	标记为审核日志记录的管理单元。 可选。
status	microsoft.graph.security.auditLogQueryStatus	查询的当前状态。 可能的值包括 notStarted、running、succeeded、failed、cancelled、unknownFutureValue。 可选。

响应

如果成功，此方法在 201 Created 响应正文中返回响应代码和 auditLogQuery 对象。

示例

请求

以下示例显示了一个请求。

HTTP

POST https://graph.microsoft.com/beta/security/auditLog/queries
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.security.auditLogQuery",
  "displayName": "String",
  "filterStartDateTime": "String (timestamp)",
  "filterEndDateTime": "String (timestamp)",
  "recordTypeFilters": [
    "String"
  ],
  "keywordFilter": "String",
  "serviceFilter": "String",
  "operationFilters": [
    "String"
  ],
  "userPrincipalNameFilters": [
    "String"
  ],
  "ipAddressFilters": [
    "String"
  ],
  "objectIdFilters": [
    "String"
  ],
  "administrativeUnitIdFilters": [
    "String"
  ],
  "status": "String"
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.Security;

var requestBody = new AuditLogQuery
{
	OdataType = "#microsoft.graph.security.auditLogQuery",
	DisplayName = "String",
	FilterStartDateTime = DateTimeOffset.Parse("String (timestamp)"),
	FilterEndDateTime = DateTimeOffset.Parse("String (timestamp)"),
	RecordTypeFilters = new List<AuditLogRecordType?>
	{
		AuditLogRecordType.ExchangeAdmin,
	},
	KeywordFilter = "String",
	OperationFilters = new List<string>
	{
		"String",
	},
	UserPrincipalNameFilters = new List<string>
	{
		"String",
	},
	IpAddressFilters = new List<string>
	{
		"String",
	},
	ObjectIdFilters = new List<string>
	{
		"String",
	},
	AdministrativeUnitIdFilters = new List<string>
	{
		"String",
	},
	Status = AuditLogQueryStatus.NotStarted,
	AdditionalData = new Dictionary<string, object>
	{
		{
			"serviceFilter" , "String"
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Security.AuditLog.Queries.PostAsync(requestBody);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

CLI

mgc-beta security audit-log queries create --body '{\
  "@odata.type": "#microsoft.graph.security.auditLogQuery",\
  "displayName": "String",\
  "filterStartDateTime": "String (timestamp)",\
  "filterEndDateTime": "String (timestamp)",\
  "recordTypeFilters": [\
    "String"\
  ],\
  "keywordFilter": "String",\
  "serviceFilter": "String",\
  "operationFilters": [\
    "String"\
  ],\
  "userPrincipalNameFilters": [\
    "String"\
  ],\
  "ipAddressFilters": [\
    "String"\
  ],\
  "objectIdFilters": [\
    "String"\
  ],\
  "administrativeUnitIdFilters": [\
    "String"\
  ],\
  "status": "String"\
}\
'

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Go

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  "time"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelssecurity "github.com/microsoftgraph/msgraph-beta-sdk-go/models/security"
	  //other-imports
)

requestBody := graphmodelssecurity.NewAuditLogQuery()
displayName := "String"
requestBody.SetDisplayName(&displayName) 
filterStartDateTime , err := time.Parse(time.RFC3339, "String (timestamp)")
requestBody.SetFilterStartDateTime(&filterStartDateTime) 
filterEndDateTime , err := time.Parse(time.RFC3339, "String (timestamp)")
requestBody.SetFilterEndDateTime(&filterEndDateTime) 
recordTypeFilters := []graphmodelssecurity.AuditLogRecordTypeable {
	auditLogRecordType := graphmodels.STRING_AUDITLOGRECORDTYPE 
	requestBody.SetAuditLogRecordType(&auditLogRecordType)
}
requestBody.SetRecordTypeFilters(recordTypeFilters)
keywordFilter := "String"
requestBody.SetKeywordFilter(&keywordFilter) 
operationFilters := []string {
	"String",
}
requestBody.SetOperationFilters(operationFilters)
userPrincipalNameFilters := []string {
	"String",
}
requestBody.SetUserPrincipalNameFilters(userPrincipalNameFilters)
ipAddressFilters := []string {
	"String",
}
requestBody.SetIpAddressFilters(ipAddressFilters)
objectIdFilters := []string {
	"String",
}
requestBody.SetObjectIdFilters(objectIdFilters)
administrativeUnitIdFilters := []string {
	"String",
}
requestBody.SetAdministrativeUnitIdFilters(administrativeUnitIdFilters)
status := graphmodels.STRING_AUDITLOGQUERYSTATUS 
requestBody.SetStatus(&status) 
additionalData := map[string]interface{}{
	"serviceFilter" : "String", 
}
requestBody.SetAdditionalData(additionalData)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
queries, err := graphClient.Security().AuditLog().Queries().Post(context.Background(), requestBody, nil)

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.security.AuditLogQuery auditLogQuery = new com.microsoft.graph.beta.models.security.AuditLogQuery();
auditLogQuery.setOdataType("#microsoft.graph.security.auditLogQuery");
auditLogQuery.setDisplayName("String");
OffsetDateTime filterStartDateTime = OffsetDateTime.parse("String (timestamp)");
auditLogQuery.setFilterStartDateTime(filterStartDateTime);
OffsetDateTime filterEndDateTime = OffsetDateTime.parse("String (timestamp)");
auditLogQuery.setFilterEndDateTime(filterEndDateTime);
LinkedList<com.microsoft.graph.beta.models.security.com.microsoft.graph.beta.models.security.AuditLogRecordType> recordTypeFilters = new LinkedList<com.microsoft.graph.beta.models.security.com.microsoft.graph.beta.models.security.AuditLogRecordType>();
recordTypeFilters.add(com.microsoft.graph.beta.models.security.AuditLogRecordType.ExchangeAdmin);
auditLogQuery.setRecordTypeFilters(recordTypeFilters);
auditLogQuery.setKeywordFilter("String");
LinkedList<String> operationFilters = new LinkedList<String>();
operationFilters.add("String");
auditLogQuery.setOperationFilters(operationFilters);
LinkedList<String> userPrincipalNameFilters = new LinkedList<String>();
userPrincipalNameFilters.add("String");
auditLogQuery.setUserPrincipalNameFilters(userPrincipalNameFilters);
LinkedList<String> ipAddressFilters = new LinkedList<String>();
ipAddressFilters.add("String");
auditLogQuery.setIpAddressFilters(ipAddressFilters);
LinkedList<String> objectIdFilters = new LinkedList<String>();
objectIdFilters.add("String");
auditLogQuery.setObjectIdFilters(objectIdFilters);
LinkedList<String> administrativeUnitIdFilters = new LinkedList<String>();
administrativeUnitIdFilters.add("String");
auditLogQuery.setAdministrativeUnitIdFilters(administrativeUnitIdFilters);
auditLogQuery.setStatus(com.microsoft.graph.beta.models.security.AuditLogQueryStatus.NotStarted);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("serviceFilter", "String");
auditLogQuery.setAdditionalData(additionalData);
com.microsoft.graph.models.security.AuditLogQuery result = graphClient.security().auditLog().queries().post(auditLogQuery);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const auditLogQuery = {
  '@odata.type': '#microsoft.graph.security.auditLogQuery',
  displayName: 'String',
  filterStartDateTime: 'String (timestamp)',
  filterEndDateTime: 'String (timestamp)',
  recordTypeFilters: [
    'String'
  ],
  keywordFilter: 'String',
  serviceFilter: 'String',
  operationFilters: [
    'String'
  ],
  userPrincipalNameFilters: [
    'String'
  ],
  ipAddressFilters: [
    'String'
  ],
  objectIdFilters: [
    'String'
  ],
  administrativeUnitIdFilters: [
    'String'
  ],
  status: 'String'
};

await client.api('/security/auditLog/queries')
	.version('beta')
	.post(auditLogQuery);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PHP

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Security\AuditLogQuery;
use Microsoft\Graph\Beta\Generated\Models\Security\AuditLogRecordType;
use Microsoft\Graph\Beta\Generated\Models\Security\AuditLogQueryStatus;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AuditLogQuery();
$requestBody->setOdataType('#microsoft.graph.security.auditLogQuery');
$requestBody->setDisplayName('String');
$requestBody->setFilterStartDateTime(new \DateTime('String (timestamp)'));
$requestBody->setFilterEndDateTime(new \DateTime('String (timestamp)'));
$requestBody->setRecordTypeFilters([new AuditLogRecordType('string'),	]);
$requestBody->setKeywordFilter('String');
$requestBody->setOperationFilters(['String', 	]);
$requestBody->setUserPrincipalNameFilters(['String', 	]);
$requestBody->setIpAddressFilters(['String', 	]);
$requestBody->setObjectIdFilters(['String', 	]);
$requestBody->setAdministrativeUnitIdFilters(['String', 	]);
$requestBody->setStatus(new AuditLogQueryStatus('string'));
$additionalData = [
	'serviceFilter' => 'String',
];
$requestBody->setAdditionalData($additionalData);

$result = $graphServiceClient->security()->auditLog()->queries()->post($requestBody)->wait();

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PowerShell

Import-Module Microsoft.Graph.Beta.Security

$params = @{
	"@odata.type" = "#microsoft.graph.security.auditLogQuery"
	displayName = "String"
	filterStartDateTime = [System.DateTime]::Parse("String (timestamp)")
	filterEndDateTime = [System.DateTime]::Parse("String (timestamp)")
	recordTypeFilters = @(
	"String"
)
keywordFilter = "String"
serviceFilter = "String"
operationFilters = @(
"String"
)
userPrincipalNameFilters = @(
"String"
)
ipAddressFilters = @(
"String"
)
objectIdFilters = @(
"String"
)
administrativeUnitIdFilters = @(
"String"
)
status = "String"
}

New-MgBetaSecurityAuditLogQuery -BodyParameter $params

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.security.audit_log_query import AuditLogQuery
from msgraph_beta.generated.models.security.audit_log_record_type import AuditLogRecordType
from msgraph_beta.generated.models.audit_log_record_type import AuditLogRecordType
from msgraph_beta.generated.models.audit_log_query_status import AuditLogQueryStatus
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AuditLogQuery(
	odata_type = "#microsoft.graph.security.auditLogQuery",
	display_name = "String",
	filter_start_date_time = "String (timestamp)",
	filter_end_date_time = "String (timestamp)",
	record_type_filters = [
		AuditLogRecordType.ExchangeAdmin,
	],
	keyword_filter = "String",
	operation_filters = [
		"String",
	],
	user_principal_name_filters = [
		"String",
	],
	ip_address_filters = [
		"String",
	],
	object_id_filters = [
		"String",
	],
	administrative_unit_id_filters = [
		"String",
	],
	status = AuditLogQueryStatus.NotStarted,
	additional_data = {
			"service_filter" : "String",
	}
)

result = await graph_client.security.audit_log.queries.post(request_body)

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。 有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并 创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

以下示例显示了相应的响应。

注意：为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.security.auditLogQuery",
  "id": "168ec429-084b-a489-90d8-504a87846305",
  "displayName": "String",
  "filterStartDateTime": "String (timestamp)",
  "filterEndDateTime": "String (timestamp)",
  "recordTypeFilters": [
    "String"
  ],
  "keywordFilter": "String",
  "serviceFilter": "String",
  "operationFilters": [
    "String"
  ],
  "userPrincipalNameFilters": [
    "String"
  ],
  "ipAddressFilters": [
    "String"
  ],
  "objectIdFilters": [
    "String"
  ],
  "administrativeUnitIdFilters": [
    "String"
  ],
  "status": "String"
}