Visit our new documentation site! This documentation page is no longer updated.

Audit Logs

Treasure Data offers standard and premium features that enable administrators to monitor the access and use of data. Treasure Data premium audit logs provide a detailed audit trail of all the activity that occurs in an account.

Audit log is an add-on feature. Contact us (to: if you’re interested.

Table of Contents

Standard and Premium Audit Logs

The Treasure Data standard audit log enables you to view events that occur within the last 24 hours. You can also download the log. You access the audit log from the Admin Window, under the Activity tab.

When you download the standard audit log, you see more data (such as resource type and IP address) than you see on the Activity page.

Users who buy the premium license can view, filter, and query the audit log. The premium audit log captures and holds an unlimited number of events. Refer to Premium Audit Log Captured Events. When you purchase this premium feature, an audit log table is added to your account Database view. The filename for the log is td_audit_log. Even if you have multiple databases, you have only one audit log.

Premium Audit Log Structure

The following is an example of what an audit log contains:

Name Description Examples
Time UNIX timestamp for event occurred time
resource_id Dependent upon on event. If the event is “table_create”, the ID is the created table id. If “database_delete”, the ID is the deleted database id.
Requested_path_info The event path /users/sign_in v4/jobs/5736181/result v3/table/create/new_db/new_table…
ip_address Of the connection that executed the audited event
requested_http_verb The API action GET POST
account_id Treasure Data account ID
resource_name Name of the resource or entity jean_tableau_table_csv test_query_job
user_id Operator’s user id
event_name The event. If the event is a component specific operation, you see “event_name: cdp_create_segment” sign-in job_result_download schedule_create
format Data format
new_value When the resource attribute is changed, the new value is stored
old_value The value before the value was changed
attribute_name When the resource attribute is changed, name of the attribute is stored. For example, if a user changed their table schema, the attribute_name is “schema”. password schema
affected_user_id email acted upon
user_email email of the operator

Premium Audit Log Captured Events

Events from the console (including workflows), CLI and from API activities are logged.

Event Area Event Type Event Area Event Type
Account IP address Add Table Create
IP address Remove Delete
Log in Modify description
Log out Update settings
Audit log download Rename
Connection Create Update schema: added columns
Delete Update schema: removed columns
Rename Update schema: renamed columns
Modify (Update settings) Update schema: modified description
Database Create User Invite
Delete Modify Database Permissions
Modify description IP address Add
Update permission IP address Remove
Data Transfer Transfer Create Modify Permission
Transfer Delete Change Profile
Transfer Modify Change email
Transfer Start Change password
Transfer Pause Query Create and Save for the first time
File Upload Upload Edit and Save
Job Kill Run
New Job (Hive, Presto) Save as
Job Result Show Clone
Job Result Preview Rename
Job Result Download Delete

Last modified: Apr 06 2018 15:41:34 UTC

If this article is incorrect or outdated, or omits critical information, let us know. For all other issues, access our support channels.