# Retrieve real-time configuration change audit logs with filtering options

Requires audits::read:config permission.

Endpoint: GET /audit/tail/config
Version: 1.0.0
Security: JWTAuthorizer

## Query parameters:

  - `itemID` (string)
    ID for the item to audit. If specified, must include itemType.

  - `itemType` (string)
    Type of item to audit, e.g., Node or Cluster. If specified, must include itemID

  - `timestamp` (string)
    Start time (unix timestamp) to query from

  - `eTime` (string)
    End time (unix timestamp) to query to

  - `auditEvent` (string)
    Audit type to filter (create, delete, change, or action)

  - `ip` (string)
    IP address filter

  - `user` (string)
    User name filter

  - `details` (string)
    Details text filter

## Response 200 fields (application/json):

  - `auditType` (string)
    Type of change
    Enum: "change", "create", "delete", "action"

  - `ip` (string)
    IP address of the client that initiated the change
    Example: "44.44.44.43"

  - `itemId` (string)
    Unique ID of the item that was changed
    Example: "19084f81-5668-41ee-adbe-295e4c65531a"

  - `itemType` (string)
    Type of the item that was changed
    Example: "Node"

  - `message` (string)
    Message describing the change
    Example: "Node license created"

  - `timestamp` (number)
    Unix timestamp when the change happened
    Example: 1729533326

  - `uid` (string)
    Unique ID of the change
    Example: "8845f684-4ffe-4b01-a62f-5619a7eae486"

  - `userName` (string)
    User name of the client that initiated the change
    Example: "admin@trustgrid.io"