Skip to content
Percona Software for MySQL Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

Reading Audit Log Filter files

Audit Log Filter exposes a SQL API to read audit files in JSON or JSONL only. Layout and the JSONL option are covered in Audit Log Filter format - JSON and JSONL and Audit Log Filter file format overview. Set audit_log_filter.format accordingly; audit_log_filter.file defines the path, base name, and suffix used to locate files.

If a file no longer matches that pattern, readers ignore it.

Reader functions

Two functions read JSON or JSONL audit files:

Read commands

A session holds at most one active read context. Pick one of the following commands to open, advance, or close it. For the full argument reference, see audit_log_read().

Resume from a bookmark

Start a read at the position returned by audit_log_read_bookmark():

SELECT audit_log_read(audit_log_read_bookmark());

Start at a timestamp

Start a read at an explicit timestamp. When the timestamp omits a time part, the component assumes 00:00:00:

SELECT audit_log_read('{"start": {"timestamp": "2026-05-20 12:28:10"}}');
SELECT audit_log_read('{"start": {"timestamp": "2026-05-20"}}');

Address one specific event

Pass a bookmark literal with timestamp and id and no start envelope:

SELECT audit_log_read('{"timestamp": "2026-05-20 12:28:10", "id": 1561422}');

Limit the events per call

Cap how many events a single call returns by adding max_array_length to any positioning form:

SELECT audit_log_read('{"start": {"timestamp": "2026-05-20 12:28:10"}, "max_array_length": 3}');

Continue from the current cursor

After a read sequence is open, continue advancing without supplying a new position:

SELECT audit_log_read();

Close the active sequence

Release the reader cursor before opening a new sequence at a different position:

SELECT audit_log_read('null');

A read sequence also ends when the session ends. A single call cannot combine the start envelope with a top-level timestamp or id. To reposition while a sequence is active, close it first with 'null'.

Additional reading