# ListAuditFindings
Returns a list of audit findings that provide automated analysis of service behavior and root cause analysis. These findings help identify the most significant observations about your services, including performance issues, anomalies, and potential problems. The findings are generated using heuristic algorithms based on established troubleshooting patterns.
## Request Syntax
```
POST /auditFindings?EndTime=EndTime&StartTime=StartTime HTTP/1.1
Content-type: application/json
{
"Auditors": [ "string" ],
"AuditTargets": [
{
"Data": { ... },
"Type": "string"
}
],
"DetailLevel": "string",
"MaxResults": number,
"NextToken": "string"
}
```
## URI Request Parameters
The request uses the following URI parameters.
** [EndTime](#API_ListAuditFindings_RequestSyntax) **
The end of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, `1698778057`
Required: Yes
** [StartTime](#API_ListAuditFindings_RequestSyntax) **
The start of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, `1698778057`
Required: Yes
## Request Body
The request accepts the following data in JSON format.
** [Auditors](#API_ListAuditFindings_RequestSyntax) **
A list of auditor names to filter the findings by. Only findings generated by the specified auditors will be returned.
The following auditors are available for configuration:
+ `slo` - SloAuditor: Identifies SLO violations and detects breached thresholds during the Assessment phase.
+ `operation_metric` - OperationMetricAuditor: Detects anomalies in service operation metrics from Application Signals RED metrics during the Assessment phase
**Note**
Anomaly detection is not supported for sparse metrics (those missing more than 80% of datapoints within the given time period).
+ `service_quota` - ServiceQuotaAuditor: Monitors resource utilization against service quotas during the Assessment phase
+ `trace` - TraceAuditor: Performs deep-dive analysis of distributed traces, correlating traces with breached SLOs or abnormal RED metrics during the Analysis phase
+ `dependency_metric` - CriticalPathAuditor: Analyzes service dependency impacts and maps dependency relationships from Application Signals RED metrics during the Analysis phase
+ `top_contributor` - TopContributorAuditor: Identifies infrastructure-level contributors to issues by analyzing EMF logs of Application Signals RED metrics during the Analysis phase
+ `log` - LogAuditor: Extracts insights from application logs, categorizing error types and ranking severity by frequency during the Analysis phase
+ `change_indicator` - ChangeIndicatorAuditor: Detects change events (deployments, configuration changes) that occurred within 10 minutes before and during a detected anomaly, and surfaces them as findings with deployment timestamps in the Analysis phase. When changes are detected, the `top_contributor` auditor skips its analysis to avoid redundancy.
`InitAuditor` and `Summarizer` auditors are not configurable as they are automatically triggered during the audit process.
Type: Array of strings
Required: No
** [AuditTargets](#API_ListAuditFindings_RequestSyntax) **
A list of audit targets to filter the findings by. You can specify services, SLOs, or service operations to limit the audit findings to specific entities.
Type: Array of [AuditTarget](API_AuditTarget.md) objects
Array Members: Minimum number of 1 item. Maximum number of 10 items.
Required: Yes
** [DetailLevel](#API_ListAuditFindings_RequestSyntax) **
The level of details of the audit findings. Supported values: `BRIEF`, `DETAILED`.
Type: String
Valid Values: `BRIEF | DETAILED`
Required: No
** [MaxResults](#API_ListAuditFindings_RequestSyntax) **
The maximum number of audit findings to return in one operation. If you omit this parameter, the default of 10 is used.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 10.
Required: No
** [NextToken](#API_ListAuditFindings_RequestSyntax) **
Include this value, if it was returned by the previous operation, to get the next set of audit findings.
Type: String
Required: No
## Response Syntax
```
HTTP/1.1 200
Content-type: application/json
{
"AuditFindings": [
{
"AuditorResults": [
{
"Auditor": "string",
"Data": {
"string" : "string"
},
"Description": "string",
"Severity": "string"
}
],
"DependencyGraph": {
"Edges": [
{
"ConnectionType": "string",
"DestinationNodeId": "string",
"Duration": number,
"SourceNodeId": "string"
}
],
"Nodes": [
{
"Duration": number,
"KeyAttributes": {
"string" : "string"
},
"Name": "string",
"NodeId": "string",
"Operation": "string",
"Status": "string",
"Type": "string"
}
]
},
"KeyAttributes": {
"string" : "string"
},
"MetricGraph": {
"EndTime": number,
"MetricDataQueries": [
{
"AccountId": "string",
"Expression": "string",
"Id": "string",
"Label": "string",
"MetricStat": {
"Metric": {
"Dimensions": [
{
"Name": "string",
"Value": "string"
}
],
"MetricName": "string",
"Namespace": "string"
},
"Period": number,
"Stat": "string",
"Unit": "string"
},
"Period": number,
"ReturnData": boolean
}
],
"StartTime": number
},
"Operation": "string",
"Type": "string"
}
],
"EndTime": number,
"NextToken": "string",
"StartTime": number
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AuditFindings](#API_ListAuditFindings_ResponseSyntax) **
An array of structures, where each structure contains information about one audit finding, including the auditor results, severity, and associated metric and dependency graphs.
Type: Array of [AuditFinding](API_AuditFinding.md) objects
Array Members: Minimum number of 0 items. Maximum number of 10 items.
** [EndTime](#API_ListAuditFindings_ResponseSyntax) **
The end of the time period that the returned audit findings apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, `1698778057`
Type: Timestamp
** [NextToken](#API_ListAuditFindings_ResponseSyntax) **
Include this value in your next use of this API to get the next set of audit findings.
Type: String
** [StartTime](#API_ListAuditFindings_ResponseSyntax) **
The start of the time period that the returned audit findings apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, `1698778057`
Type: Timestamp
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** ThrottlingException **
The request was throttled because of quota limits.
HTTP Status Code: 429
** ValidationException **
The resource is not valid.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/application-signals-2024-04-15/ListAuditFindings)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/application-signals-2024-04-15/ListAuditFindings)