pub fn run_query(active_path: &Path, query: &AuditQuery) -> Vec<AuditEvent>Expand description
Run query against the audit log rooted at active_path (the
current .audit.log). Walks the active file plus every sibling
rotated archive (.audit.log.<ms>.zst), oldest-first by filename.
Returns the matching events in chronological order, capped at
query.limit.