REST-API-Endpunkte für Enterprise-Überwachungsprotokolle

Get the audit log for an enterprise

Gets the audit log for an enterprise.

The authenticated user must be an enterprise admin to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get the audit log for an enterprise"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

"Enterprise administration" enterprise permissions (read)

Parameter für "Get the audit log for an enterprise"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.

Abfrageparameter
Name, Typ, BESCHREIBUNG
`phrase` string A search phrase. For more information, see Searching the audit log.
`include` string The event types to include: `web` - returns web (non-Git) events. `git` - returns Git events. `all` - returns both web and Git events. The default is `web`. Kann eine der folgenden sein: `web`, `git`, `all`
`after` string A cursor, as given in the Link header. If specified, the query only searches for events after this cursor.
`before` string A cursor, as given in the Link header. If specified, the query only searches for events before this cursor.
`order` string The order of audit log events. To list newest events first, specify `desc`. To list oldest events first, specify `asc`. The default is `desc`. Kann eine der folgenden sein: `desc`, `asc`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: `1`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: `30`

HTTP response status codes for "Get the audit log for an enterprise"

Status code	BESCHREIBUNG
`200`	OK

Code samples for "Get the audit log for an enterprise"

Request example

get/enterprises/{enterprise}/audit-log

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log

Response

Status: 200

[
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_requests#merge",
    "device_cookie": null,
    "actor": "mona-admin",
    "actor_id": 7,
    "repo": "octo-org/octo-repo",
    "repo_id": 17,
    "business": "github",
    "business_id": 1,
    "org": "octo-org",
    "org_id": 8,
    "action": "pull_request.merge",
    "@timestamp": 1635940599755,
    "created_at": 1635940599755,
    "operation_type": "modify",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "POST",
      "request_id": "e4dabc4d-ba16-4bca-1234-649be7ae1188",
      "server_id": "5d17aab5-fd9f-abcd-a820-16bed246441b",
      "request_category": "other",
      "controller_action": "merge",
      "url": "https://example.com/octo-org/octo-repo/pull/1/merge",
      "client_id": 322299977.1635936,
      "referrer": "https://example.com/octo-org/octo-repo/pull/1",
      "actor_session": 1,
      "pull_request_id": 1,
      "category_type": "Resource Management"
    }
  },
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_request_review_events#create",
    "device_cookie": null,
    "actor": "mona-admin",
    "actor_id": 7,
    "business_id": 1,
    "org_id": 8,
    "action": "pull_request_review.submit",
    "@timestamp": 1635940593079,
    "created_at": 1635940593079,
    "operation_type": "modify",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "PUT",
      "request_id": "c0f63bb7-17b6-4796-940c-12345c5a581b",
      "server_id": "2abc1234-f651-43e3-9696-e942ad5f8c89",
      "request_category": "other",
      "controller_action": "create",
      "url": "https://example.com/octo-org/octo-repo/pull/1/reviews",
      "client_id": 322299977.1635936,
      "referrer": "https://example.com/octo-org/octo-repo/pull/1/files",
      "actor_session": 1,
      "spammy": false,
      "pull_request_id": 1,
      "body": null,
      "allowed": true,
      "id": 1,
      "state": 40,
      "issue_id": 1,
      "review_id": 1,
      "category_type": "Resource Management"
    }
  },
  {
    "actor_ip": "88.123.45.123",
    "from": "pull_requests#create",
    "device_cookie": null,
    "actor": "mona",
    "actor_id": 9,
    "user_id": 9,
    "repo": "octo-org/octo-repo",
    "repo_id": 17,
    "business": "github",
    "business_id": 1,
    "org": "octo-org",
    "org_id": 8,
    "action": "pull_request.create",
    "@timestamp": 1635940554161,
    "created_at": 1635940554161,
    "operation_type": "create",
    "actor_location": {
      "country_code": "GB",
      "country_name": "United Kingdom",
      "region": "ENG",
      "region_name": "England",
      "city": "Louth",
      "postal_code": "LN11",
      "location": {
        "lat": 53.4457,
        "lon": 0.141
      }
    },
    "data": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
      "method": "POST",
      "request_id": "2773abeb-477f-4ebf-a017-f8e8a206c305",
      "server_id": "796e3115-4ce8-4606-8fd0-99ea57a2e12b",
      "request_category": "other",
      "controller_action": "create",
      "url": "https://example.com/octo-org/octo-repo/pull/create?base=octo-org%3Amain&head=mona%3Apatch-1",
      "client_id": 386351111.163594,
      "referrer": "https://example.com/octo-org/octo-repo/compare/main...mona:patch-1",
      "actor_session": 2,
      "pull_request_id": 1,
      "category_type": "Resource Management"
    }
  }
]

Get the audit log stream key for encrypting secrets

Retrieves the audit log streaming public key for encrypting secrets.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Fine-grained access tokens for "Get the audit log stream key for encrypting secrets"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameter für "Get the audit log stream key for encrypting secrets"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.

HTTP response status codes for "Get the audit log stream key for encrypting secrets"

Status code	BESCHREIBUNG
`200`	The stream key for the audit log streaming configuration was retrieved successfully.

Code samples for "Get the audit log stream key for encrypting secrets"

Request example

get/enterprises/{enterprise}/audit-log/stream-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/stream-key

The stream key for the audit log streaming configuration was retrieved successfully.

Status: 200

{
  "key_id": "123",
  "key": "actual-public-key-value"
}

List audit log stream configurations for an enterprise

Lists the configured audit log streaming configurations for an enterprise. This only lists configured streams for supported providers.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Fine-grained access tokens for "List audit log stream configurations for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameter für "List audit log stream configurations for an enterprise"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.

HTTP response status codes for "List audit log stream configurations for an enterprise"

Status code	BESCHREIBUNG
`200`	OK

Code samples for "List audit log stream configurations for an enterprise"

Request example

get/enterprises/{enterprise}/audit-log/streams

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams

OK

Status: 200

[
  {
    "id": 1,
    "stream_type": "Splunk",
    "stream_details": "US",
    "enabled": true,
    "created_at": "2024-06-06T08:00:00Z",
    "updated_at": "2024-06-06T08:00:00Z",
    "paused_at": null
  }
]

Create an audit log streaming configuration for an enterprise

Creates an audit log streaming configuration for any of the supported streaming endpoints: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, Google Cloud Storage, Datadog.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Fine-grained access tokens for "Create an audit log streaming configuration for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameter für "Create an audit log streaming configuration for an enterprise"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.

Name, Typ, BESCHREIBUNG

enabled boolean Erforderlich

This setting pauses or resumes a stream.

stream_type string Erforderlich

The audit log streaming provider. The name is case sensitive.

Kann eine der folgenden sein: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Erforderlich

Can be one of these objects:

Name, Typ, BESCHREIBUNG

AzureBlobConfig object

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Name, Typ, BESCHREIBUNG
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Erforderlich
`container` string Erforderlich The name of the Azure Blob Storage container to which the audit logs will be sent.

AzureHubConfig object

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Name, Typ, BESCHREIBUNG
`name` string Erforderlich Instance name of Azure Event Hubs
`encrypted_connstring` string Erforderlich Encrypted Connection String for Azure Event Hubs
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Amazon S3 Bucket Name.
`region` string Erforderlich AWS S3 Bucket Region.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Erforderlich Authentication Type for Amazon S3. Wert: `oidc`
`arn_role` string Erforderlich

AmazonS3AccessKeysConfig object

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Amazon S3 Bucket Name.
`region` string Erforderlich Amazon S3 Bucket Name.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Erforderlich Authentication Type for Amazon S3. Wert: `access_keys`
`encrypted_secret_key` string Erforderlich Encrypted AWS Secret Key.
`encrypted_access_key_id` string Erforderlich Encrypted AWS Access Key ID.

SplunkConfig object

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Name, Typ, BESCHREIBUNG
`domain` string Erforderlich Domain of Splunk instance.
`port` integer Erforderlich The port number for connecting to Splunk.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Erforderlich Encrypted Token.
`ssl_verify` boolean Erforderlich SSL verification helps ensure your events are sent to your Splunk endpoint securely.

HecConfig object

Hec Config for Audit Log Stream Configuration

Properties of HecConfig

Name, Typ, BESCHREIBUNG
`domain` string Erforderlich Domain of Hec instance.
`port` integer Erforderlich The port number for connecting to HEC.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Erforderlich Encrypted Token.
`path` string Erforderlich Path to send events to.
`ssl_verify` boolean Erforderlich SSL verification helps ensure your events are sent to your HEC endpoint securely.

GoogleCloudConfig object

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Google Cloud Bucket Name
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Erforderlich

DatadogConfig object

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Name, Typ, BESCHREIBUNG
`encrypted_token` string Erforderlich Encrypted Splunk token.
`site` string Erforderlich Datadog Site to use. Kann eine der folgenden sein: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

HTTP response status codes for "Create an audit log streaming configuration for an enterprise"

Status code	BESCHREIBUNG
`200`	The audit log stream configuration was created successfully.

Code samples for "Create an audit log streaming configuration for an enterprise"

Request example

post/enterprises/{enterprise}/audit-log/streams

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

The audit log stream configuration was created successfully.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

List one audit log streaming configuration via a stream ID

Lists one audit log stream configuration via a stream ID.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Fine-grained access tokens for "List one audit log streaming configuration via a stream ID"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameter für "List one audit log streaming configuration via a stream ID"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.
`stream_id` integer Erforderlich The ID of the audit log stream configuration.

HTTP response status codes for "List one audit log streaming configuration via a stream ID"

Status code	BESCHREIBUNG
`200`	Lists one audit log stream configuration via stream ID.

Code samples for "List one audit log streaming configuration via a stream ID"

Request example

get/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

Lists one audit log stream configuration via stream ID.

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Update an existing audit log stream configuration

Updates an existing audit log stream configuration for an enterprise.

When using this endpoint, you must encrypt the credentials following the same encryption steps as outlined in the guide on encrypting secrets. See "Encrypting secrets for the REST API."

Fine-grained access tokens for "Update an existing audit log stream configuration"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameter für "Update an existing audit log stream configuration"

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.
`stream_id` integer Erforderlich The ID of the audit log stream configuration.

Name, Typ, BESCHREIBUNG

enabled boolean Erforderlich

This setting pauses or resumes a stream.

stream_type string Erforderlich

The audit log streaming provider. The name is case sensitive.

Kann eine der folgenden sein: Azure Blob Storage, Azure Event Hubs, Amazon S3, Splunk, HTTPS Event Collector, Google Cloud Storage, Datadog

vendor_specific object Erforderlich

Can be one of these objects:

Name, Typ, BESCHREIBUNG

AzureBlobConfig object

Azure Blob Config for audit log streaming configuration.

Properties of AzureBlobConfig

Name, Typ, BESCHREIBUNG
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_sas_url` string Erforderlich
`container` string Erforderlich The name of the Azure Blob Storage container to which the audit logs will be sent.

AzureHubConfig object

Azure Event Hubs Config for audit log streaming configuration.

Properties of AzureHubConfig

Name, Typ, BESCHREIBUNG
`name` string Erforderlich Instance name of Azure Event Hubs
`encrypted_connstring` string Erforderlich Encrypted Connection String for Azure Event Hubs
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

AmazonS3OIDCConfig object

Amazon S3 OIDC Config for audit log streaming configuration.

Properties of AmazonS3OIDCConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Amazon S3 Bucket Name.
`region` string Erforderlich AWS S3 Bucket Region.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Erforderlich Authentication Type for Amazon S3. Wert: `oidc`
`arn_role` string Erforderlich

AmazonS3AccessKeysConfig object

Amazon S3 Access Keys Config for audit log streaming configuration.

Properties of AmazonS3AccessKeysConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Amazon S3 Bucket Name.
`region` string Erforderlich Amazon S3 Bucket Name.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`authentication_type` string Erforderlich Authentication Type for Amazon S3. Wert: `access_keys`
`encrypted_secret_key` string Erforderlich Encrypted AWS Secret Key.
`encrypted_access_key_id` string Erforderlich Encrypted AWS Access Key ID.

SplunkConfig object

Splunk Config for Audit Log Stream Configuration

Properties of SplunkConfig

Name, Typ, BESCHREIBUNG
`domain` string Erforderlich Domain of Splunk instance.
`port` integer Erforderlich The port number for connecting to Splunk.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Erforderlich Encrypted Token.
`ssl_verify` boolean Erforderlich SSL verification helps ensure your events are sent to your Splunk endpoint securely.

HecConfig object

Hec Config for Audit Log Stream Configuration

Properties of HecConfig

Name, Typ, BESCHREIBUNG
`domain` string Erforderlich Domain of Hec instance.
`port` integer Erforderlich The port number for connecting to HEC.
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_token` string Erforderlich Encrypted Token.
`path` string Erforderlich Path to send events to.
`ssl_verify` boolean Erforderlich SSL verification helps ensure your events are sent to your HEC endpoint securely.

GoogleCloudConfig object

Google Cloud Config for audit log streaming configuration.

Properties of GoogleCloudConfig

Name, Typ, BESCHREIBUNG
`bucket` string Erforderlich Google Cloud Bucket Name
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
`encrypted_json_credentials` string Erforderlich

DatadogConfig object

Datadog Config for audit log streaming configuration.

Properties of DatadogConfig

Name, Typ, BESCHREIBUNG
`encrypted_token` string Erforderlich Encrypted Splunk token.
`site` string Erforderlich Datadog Site to use. Kann eine der folgenden sein: `US`, `US3`, `US5`, `EU1`, `US1-FED`, `AP1`
`key_id` string Erforderlich Key ID obtained from the audit log stream key endpoint used to encrypt secrets.

HTTP response status codes for "Update an existing audit log stream configuration"

Status code	BESCHREIBUNG
`200`	Successful update
`422`	Validation error

Code samples for "Update an existing audit log stream configuration"

Request example

put/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID \
  -d '{"enabled":false,"stream_type":"Azure Event Hubs","vendor_specific":{"namespace":"newnamespace","shared_access_key_name":"newaccesskeyname","shared_access_key":"newaccesskey","event_hub_name":"neweventhub"}}'

Successful update

Status: 200

{
  "id": 1,
  "stream_type": "Splunk",
  "stream_details": "US",
  "enabled": true,
  "created_at": "2024-06-06T08:00:00Z",
  "updated_at": "2024-06-06T08:00:00Z",
  "paused_at": null
}

Header
Name, Typ, BESCHREIBUNG
`accept` string Setting to `application/vnd.github+json` is recommended.

Pfadparameter
Name, Typ, BESCHREIBUNG
`enterprise` string Erforderlich The slug version of the enterprise name.
`stream_id` integer Erforderlich The ID of the audit log stream configuration.

HTTP response status codes for "Delete an audit log streaming configuration for an enterprise"

Status code	BESCHREIBUNG
`204`	The audit log stream configuration was deleted successfully.

Code samples for "Delete an audit log streaming configuration for an enterprise"

Request example

delete/enterprises/{enterprise}/audit-log/streams/{stream_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/audit-log/streams/STREAM_ID

The audit log stream configuration was deleted successfully.

Status: 204