Consistency in the Logs API

I’m using a non-interactive client. It is not entirely clear to me how to query the Logs API (!/Logs/get_logs ) in a manner that will always give consistent results.

Should querying be done by time range only using a Lucene query? if so, can I be sure that all events that ever occurred up to a given time will be returned?

Or should I use the event-ID using ‘from’ parameter? If so, how can I frame the results with IDs (as can be done using a time-range)

Which of the methods should I use to get consistent results? Meaning, if I call the same exact query (using timestamp or event-ID) will I get the exact same result set?

It depends on your goal. Log entries are maintained only a certain amount of time that is dependent of the type of subscription that you have. If you want to maintain all log data generated by Auth0 then you will need to move the log entries from Auth0 to your own logging infrastructure.

For the scenario above you would recurrently use the checkpoint-based search with a from to indicate you wan to retrieve logs after a certain identifier so that you get all logs. Related to this scenario you should check the available extensions that already support automatically moving logs from Auth0 to a wide-variety of target sources:

If you’re interested in querying only the log entries that are maintained by Auth0 you can use the other criteria-based approach, however, this will apply the search only to the log entries that are still being maintained by Auth0.

Thanks for the reply J.

So, just to clarify, suppose I want to work with IDs and utilize the ‘from’ parameter, and, for instance, the initial request that I make returns IDs A, B and C - which ID should I put in the ‘from’ field in order to get in a consequent request all events that happened after these events - A, B or C?

Also, suppose I put ID X in the ‘from’ field, will event X be part of the returned results?