Getting Horizon Events using the REST API

In a previous post I described on how to configure the Horizon Event database using the REST API’s. In this post I will describe on how you can retreive those events using a script that I have created. To get the first few events is easy, just use the /external/v1/audit-events api cmdlet and you get the first batch of events in an unsorted fashion. The script that I have created will get the events since a certain date and if you want only gets the types with a certain severity.

The script is created for Powershell 7 and has been tested with 7.3.4


I have written 4 parameters into this script, 2 are mandatory and 2 are optional

  • Credential
    • This optional parameter needs to be a credential object from get-credential. If this is not supplied you will be asked to provide credentials in domain\username and password.
  • ConnectionServerFQDN
    • This mandatory parameter needs to be a string object with the fqdn of the connection server to connetc to i.e. server.domain.dom
  • SinceDate
    • This mandatory parameter needs to be a datetime object for the earliest date to get events for. for example use (get-date).adddays(-100) to get events up to 100 days old.
  • AuditSeverityTypes
    • This optional parameter needs to be an array with SeverityTypes to get events for. Allowed types are : INFO,WARNING,ERROR,AUDIT_SUCCESS,AUDIT_FAIL,UNKNOWN.


First I get my credentials using get-credential, you cna also import them from an xml using import-clixml creds.xml for example

$credentials = get-credential

Next I get all events for the last day using:

.\Horizon_Rest_Get_Events.ps1 -ConnectionServerFQDN -sincedate (get-date).AddDays(-1) -Credential $credentials

Or just the ERROR and INFO events using:

.\Horizon_Rest_Get_Events.ps1 -ConnectionServerFQDN -sincedate (get-date).AddDays(-100) -Credential $credentials -auditseveritytypes "ERROR","AUDIT_FAIL"

Yes I had to get back in days some further to get error events.

The Script

The script itself can be found on my github .

Bookmark the permalink.

Comments are closed.