Audit log system table reference
This system table is in Public Preview.
This article outlines the audit log table schema and has sample queries you can use with the audit log system table to answer common account activity questions. For information on audit log events, see Audit log reference.
Table path: This system table is located at system.access.audit.
Audit log considerations
- Most audit logs are only available in the region of the workspace.
- Account-level audit logs record
workspace_idas0.
Audit log system table schema
The audit log system table uses the following schema:
Column name | Data type | Description | Example |
|---|---|---|---|
| string | ID of the account |
|
| string | ID of the workspace |
|
| string | Audit log schema version |
|
| timestamp | Timestamp of the event. Timezone information is recorded at the end of the value with |
|
| date | Calendar date the action took place |
|
| string | IP address where the request originated |
|
| string | Origination of request |
|
| string | ID of the session where the request came from |
|
| struct | Identity of user initiating request |
|
| string | Service name initiating request |
|
| string | Category of the event captured in audit log |
|
| string | ID of request |
|
| map | Map of key values containing all the request parameters. Depends on request type |
|
| struct | Struct of response return values |
|
| string | Workspace or account level event |
|
| string | ID of the event |
|
| struct | Identities involved in the action, including |
|