Events from TD Console (including workflows), TD Toolkit, and API activities are logged. The following are Event Areas with the most common event names and descriptions available to users with the Premium Audit Log subscription. For a complete list of Premium Audit Log events including operations and columns logged, visit our complete Premium Audit Log Event list.


To identify query activities, look at event areas such as job and schedule events. Job events cover many events such as Hive and Presto queries, data connector jobs, and result output tasks. Schedule events refer to saved query activities.


Account

Event Name

Description

Operation

Columns Logged

account_modify

Change TD account

PATCH /v4/account(.:format)

attribute_name, old_value, new_value

audit_log_download

Audit log download

GET /v4/audits(.:format)


ip_whitelist_modify

Add IP address

POST /v4/ip_whitelist_entries(.:format)

PATCH /v4/ip_whitelist_entries/:id(.:format)

PUT /accounts/:account_id/update_ip_whitelist(.:format)

PUT /users/:id/update_ip_whitelist(.:format)

old_value, new_value, affected_user_id

ip_whitelist_modify

Remove IP address

DELETE /v4/ip_whitelist_entries/:id(.:format)

old_value, new_value, affected_user_id

password_policy_modify

Change password policy

PATCH /v4/account/password_policy(.:format)

attribute_name, old_value, new_value

sign_in

Log in

GET /users/confirmation(.:format)

PATCH /users/invitation(.:format)

GET|POST /users/auth/google_login/callback(.:format)

GET /users/sign_in_jwt(.:format)

POST /users/sign_in(.:format)


sign_in_failed

Sign-in failed

POST /users/sign_in(.:format)


sign_in_failed_by_ipwhitelist

Sign-in failed due to IP Whitelist issue

<all areas requiring sign-in with ipwhitelist>


sign_in_failed_by_private_connect

Private connect sign-in failed

<all areas requiring sign-in with private connect>


sign_in_failed_reporting

Generate failed sign-in report

GET /reporting/login(.:format)


sign_in_failed_sso

Single-sign on failed

GET|POST /users/auth/google_login/callback(.:format)


sign_in_reporting

Generate sign in report

GET /reporting/login(.:format)


sign_out

Log out

DELETE /users/sign_out(.:format)


password_revalidate

Revalidate password to get API keys or auth config.

POST /v4/users/revalidate_password(.:format)


password_revalidate_failed

Failed to revalidate a password

POST /v4/users/revalidate_password(.:format)


See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Audience Studio

Event Name

Description

Operation

Columns Logged

audience_behavior_poll_records

Run to build or update master segment

GET /audiences/:audience_id/behaviors/:id/poll_records(.:format)

resource_type, resource_id, resource_name, resource_path, count

audience_behavior_sample

Run to build or update master segment

GET /audiences/:audience_id/behaviors/:id/sample_values(.:format)

resource_type, resource_id, resource_name, resource_path, count

audience_create

Initial create of a master segment

POST /audiences(.:format)

resource_type, resource_id, resource_name, resource_path

audience_modify

Master segment change

PATCH /audiences/:id(.:format)

PUT /audiences/:id(.:format)

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

audience_run

Run to build or update master segment

POST /audiences/:id/run(.:format)

resource_type, resource_id, resource_name, resource_path

audience_sample

Returns sampled data of the specified audience

GET /audiences/:id/sample_values(.:format)

resource_type, resource_id, resource_name, resource_path, count

customer_activity_index

Returns the activity of the specified customer

GET /audiences/:audience_id/customers/:customer_id/activities(.:format)

GET /audiences/:audience_id/customers/:customer_id/behaviors(.:format)

resource_type, resource_id, resource_name, resource_path, count

customer_attributes_index

Returns the attributes of the specified customer

GET /audiences/:audience_id/customers/:customer_id/attributes(.:format)

resource_type, resource_id, resource_name, resource_path, count

audience_delete

Delete master segment

DELETE /audiences/:id(.:format)

resource_type, resource_id, resource_name, resource_path

customer_index

Access profile list

GET /audiences/:audience_id/customers(.:format)

resource_type, resource_id, resource_name, resource_path, count

customer_show

View a customer profile



predictive_segment_create

Create predictive scoring specifications

POST /audiences/:audience_id/predictive_segments(.:format)

resource_type, resource_id, resource_name, resource_path

predictive_segment_features

Run predictive scoring

GET /audiences/:audience_id/predictive_segments/:id/model/features(.:format)

resource_type, resource_id, resource_name, resource_path, count

predictive_segment_run

Run predictive scoring

POST /audiences/:audience_id/predictive_segments/:id/run(.:format)

resource_type, resource_id, resource_name, resource_path

predictive_segment_modify

Predictive scoring change

PATCH /audiences/:audience_id/predictive_segments/:id(.:format)

PUT /audiences/:audience_id/predictive_segments/:id(.:format)

POST /audiences/:audience_id/predictive_segments/:id/workflow_finished(.:format)

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

predictive_segment_delete

Delete predictive scoring

DELETE /audiences/:audience_id/predictive_segments/:id(.:format)

resource_type, resource_id, resource_name, resource_path

profile_index

Select to view a profile details page from the profile list
(an API pull of profile info)

GET /audiences/:audience_id/profiles(.:format)

resource_type, resource_id, resource_name, resource_path, count

segment_create

Create a segment

POST /audiences/:audience_id/segments(.:format)

resource_type, resource_id, resource_name, resource_path

segment_customer_query

Get customers who belongs to a segment

GET /audiences/:audience_id/segments/queries/:query_id/customers(.:format)

resource_type, resource_id, resource_name, resource_path, count

segment_folder_create

Create a segment folder

POST /audiences/:audience_id/folders(.:format)

resource_type, resource_id, resource_name, resource_path

segment_folder_modify

Segment folder change

PATCH /audiences/:audience_id/folders/:id(.:format)

PUT /audiences/:audience_id/folders/:id(.:format)

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

segment_modify

Segment change

POST /audiences/:audience_id/folders/:id/put_in(.:format)

PATCH /audiences/:audience_id/segments/:id(.:format)

PUT /audiences/:audience_id/segments/:id(.:format)

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

segment_query

Refresh segment view

POST /audiences/:audience_id/segments/queries(.:format)

resource_type, resource_id, resource_name, resource_path

segment_query_kill

Refresh segment view

POST /audiences/:audience_id/segments/queries/:query_id/kill(.:format)

resource_type, resource_id, resource_name, resource_path

syndication_create

Specify activation of a segment

POST /audiences/:audience_id/segments/:segment_id/syndications(.:format)

resource_type, resource_id, resource_name, resource_path

segment_folder_delete

Delete segment folder

DELETE /audiences/:audience_id/folders/:id(.:format)

resource_type, resource_id, resource_name, resource_path

segment_delete

Delete segment

DELETE /audiences/:audience_id/segments/:id(.:format)

resource_type, resource_id, resource_name, resource_path

syndication_execution_download

Download data set of activated segment

GET /audiences/:audience_id/segments/:segment_id/syndications/:syndication_id/
executions/:syndication_execution_id/download(.:format)

resource_type, resource_id, resource_name, resource_path

syndication_index

Download data set of activated segment

GET /audiences/:audience_id/syndications(.:format)

GET /audiences/:audience_id/segments/:segment_id/syndications(.:format)

resource_type, resource_id, resource_name, resource_path, count

syndication_modify

Activation change

PATCH /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)

PUT /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

syndication_run

Run activation (export)

POST /audiences/:audience_id/segments/:segment_id/syndications/:id/run(.:format)


resource_type, resource_id, resource_name, resource_path

syndication_show

Run activation (export)

GET /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)

resource_type, resource_id, resource_name, resource_path

syndication_delete

Delete activation

DELETE /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)

resource_type, resource_id, resource_name, resource_path

web_access_token_index

Access the Profiles API token list page

GET /audiences/:audience_id/tokens(.:format)

resource_type, resource_id, resource_name, resource_path, count

web_access_token_create

Create Profiles API

POST /audiences/:audience_id/tokens(.:format)

resource_type, resource_id, resource_name, resource_path

web_access_token_delete

Delete Profiles API

DELETE /audiences/:audience_id/tokens/:id(.:format)

resource_type, resource_id, resource_name, resource_path

web_access_token_run

Run Profiles API

POST /audiences/:audience_id/tokens/:id/run(.:format)

resource_type, resource_id, resource_name, resource_path

web_access_token_show

Show Profiles API

GET /audiences/:audience_id/tokens/:id(.:format)

resource_type, resource_id, resource_name, resource_path

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Audience Studio v5

Customers using the v5 BETA release may be using objects for different functions in v4 and v5 and may want to review differences. With a combination of requested_path_info and resource_id, you can identify that these are events that took place in v5. Further, you will note /entities is part of the path for v5.

Event Name

Description

Operation

Columns Logged

segment_folder_create

Create a segment folder

POST /entities/folders

resource_type, resource_id, resource_name, resource_path

segment_folder_modify

Modify a segment folder

PATCH /entities/folders/:folder_id

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

segment_folder_delete

Delete a segment folder

DELETE /entities/folders/:folder_id

resource_type, resource_id, resource_name, resource_path

segment_create

Create a segment

POST /entities/segments

resource_type, resource_id, resource_name, resource_path

segment_modify

Modify a segment

PATCH /entities/segments/:segment_id

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

segment_delete

Delete a segment

DELETE /entities/segments/:segment_id

resource_type, resource_id, resource_name, resource_path

syndication_index

Access the specified list of activations

GET /entities/segments/:segment_id/syndications

resource_type, resource_id, resource_name, resource_path, count

syndication_show

Access the specified activation

GET /entities/segments/:segment_id/syndications/:syndication_id

resource_type, resource_id, resource_name, resource_path

syndication_create

Specify activation of a segment

POST /entities/segments/:segment_id/syndications

resource_type, resource_id, resource_name, resource_path

syndication_modify

Activation change

PATCH /entities/segments/:segment_id/syndications/:syndication_id

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

syndication_delete

Delete activation

DELETE /entities/segments/:segment_id/syndications/:syndication_id

resource_type, resource_id, resource_name, resource_path

syndication_run

Run activation (export)

POST /entities/segments/:segment_id/syndications/:syndication_id/run

resource_type, resource_id, resource_name, resource_path

funnel_create

Create a funnel

POST /entities/funnels

resource_type, resource_id, resource_name, resource_path

funnel_modify

Modify a funnel

PATCH /entities/funnels/:funnel_id

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

funnel_delete

Delete a funnel

DELETE /entities/funnels/:funnel_id

resource_type, resource_id, resource_name, resource_path

ab_test_create

Create ab_test

POST /entities/ab_tests

resource_type, resource_id, resource_name, resource_path

syndication_index

Download data set of activated segment*

GET /entities/parent_segments/:audience_id/syndications

resource_type, resource_id, resource_name, resource_path, count

predictive_segment_create

Create a predictive segment

POST /entities/predictive_segments

resource_type, resource_id, resource_name, resource_path

predictive_segment_modify

Modify a predictive segment

PATCH /entities/predictive_segments/:predictive_segment_id

resource_type, resource_id, resource_name, resource_path, attribute_name, old_value, new_value

predictive_segment_delete

Delete a predictive segment

DELETE /entities/predictive_segments/:predictive_segment_id

resource_type, resource_id, resource_name, resource_path

predictive_segment_run

Run a predictive segment

POST /entities/predictive_segments/:predictive_segment_id/run

resource_type, resource_id, resource_name, resource_path

predictive_segment_features

Returns predictive scoring results

GET /entities/predictive_segments/:predictive_segment_id/model/features

resource_type, resource_id, resource_name, resource_path

Permission Denial Access Logs for Folder Permissions

For any endpoint for objects within v5 console Audience Studio, the permission could be denied. For instance, if a View Only user attempts to create a segment, the permission is denied and the denial is reflected in the audit log. Learn more about policy-based permissions

The audit log will log the following information if the event is denied due to lack of permissions:

  • time (time of denial)

  • event_name (e.g., audiences.statistics)

  • user_id

  • account_id

  • requested_http_verb (e.g., GET/POST)

  • requested_path (e.g., /audiences/195415/statistics)

  • event_result (denied)

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Permission Denial Access Logs for Column Visibility Access Control

For any endpoint for column access control within v5 Audience Studio, the permission could be denied. For instance, if trying to sample values of pii or blocked attribute or behavior columns, a non-clear attribute is included in the query parameter columns, or if a key query parameter is not clear, or if the last person to update a particular activation doesn't have the correct permissions. 

The audit log will log the following information is the event is denied due to lack of permissions:

  • time (time of denial)

  • event_name (e.g., entities/segments.create.column_visibility_violation)

  • user_id (TD User id)

  • account_id (TD Account ID)

  • requested_http_verb (e.g., GET/POST)

  • requested_path_info (e.g., /entities/segments)

  • event_result

  • resource_type (attribute or behavior)

  • resource_id (the column identifier which is used when defining PBP-PII permission, e.g. 1$attribute.customers.age)

  • visibility (blocked, pii, non_pii, or clear)

    • The column’s visibility

  • required_visibility(blocked, pii, non_pii, or clear)

    • The required visibility for the operation


View the specific event type that may be denied due to lack of permissions in the following table. Learn more about Audience Column Visibility Control

Event NameDescriptionOperationColumns Logged

audiences.sample_values.column_visibility_violation


GET /audiences/:id/sample_values(.:format)


audience_behaviors.sample_values.column_visibility_violation


GET /audiences/:audience_id/behaviors/:id/sample_values(.:format)


segments.query.column_visibility_violation


POST /audiences/:audience_id/segments/query(.:format)


segments.new_query.column_visibility_violation


POST /audiences/:audience_id/segments/queries(.:format)


segments.index_query_customers.column_visibility_violation


GET /audiences/:audience_id/segments/queries/:query_id/customers(.:format)


syndications.run.column_visibility_violation


POST /audiences/:audience_id/segments/:segment_id/syndications/:id/run(.:format)


syndications.workflow_queries.column_visibility_violation


GET /audiences/:audience_id/segments/:segment_id/syndications/:id/workflow_queries(.:format)


syndications.create.column_visibility_violation


POST /audiences/:audience_id/segments/:segment_id/syndications(.:format)


syndications.update.column_visibility_violation


PATCH /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)


syndications.update.column_visibility_violation


PUT /audiences/:audience_id/segments/:segment_id/syndications/:id(.:format)


segments.create.column_visibility_violation


POST /audiences/:audience_id/segments(.:format)


segments.update.column_visibility_violation


PATCH /audiences/:audience_id/segments/:id(.:format)


segments.update.column_visibility_violation


PUT /audiences/:audience_id/segments/:id(.:format)


predictive_segments.create.column_visibility_violation


POST /audiences/:audience_id/predictive_segments(.:format)


predictive_segments.update.column_visibility_violation


PATCH /audiences/:audience_id/predictive_segments/:id(.:format)


predictive_segments.update.column_visibility_violation


PUT /audiences/:audience_id/predictive_segments/:id(.:format)


customers.index.column_visibility_violation


GET /audiences/:audience_id/customers(.:format)


customer_attributes.fetch_by_key.column_visibility_violation


GET /audiences/:audience_id/customers/customer_attributes/fetch_by_key(.:format)


tokens.run.column_visibility_violation


POST /audiences/:audience_id/tokens/:id/run(.:format)


tokens.segments_workflow_queries.column_visibility_violation


GET /audiences/:audience_id/tokens/:id/segments_workflow_queries(.:format)


tokens.create.column_visibility_violation


POST /audiences/:audience_id/tokens(.:format)


tokens.update.column_visibility_violation


PATCH /audiences/:audience_id/tokens/:id(.:format)


tokens.update.column_visibility_violation


PUT /audiences/:audience_id/tokens/:id(.:format)


entities/syndications.run.column_visibility_violation


POST /entities/segments/:segment_id/syndications/:id/run(.:format)


entities/syndications.create.column_visibility_violation


POST /entities/segments/:segment_id/syndications(.:format)


entities/syndications.update.column_visibility_violation


PATCH /entities/segments/:segment_id/syndications/:id(.:format)


entities/syndications.update.column_visibility_violation


PUT /entities/segments/:segment_id/syndications/:id(.:format)


entities/segments.create.column_visibility_violation


POST /entities/segments(.:format)


entities/segments.update.column_visibility_violation


PATCH /entities/segments/:id(.:format)


entities/segments.update.column_visibility_violation


PUT /entities/segments/:id(.:format)


entities/ab_tests.create.column_visibility_violation


POST /entities/ab_tests(.:format)


entities/predictive_segments.create.column_visibility_violation


POST /entities/predictive_segments(.:format)


entities/predictive_segments.update.column_visibility_violation


PATCH /entities/predictive_segments/:id(.:format)


entities/predictive_segments.update.column_visibility_violation


PUT /entities/predictive_segments/:id(.:format)


entities/tokens.create.column_visibility_violation


POST /entities/tokens(.:format)


entities/tokens.update.column_visibility_violation


PATCH /entities/tokens/:id(.:format)


entities/tokens.update.column_visibility_violation


PUT /entities/tokens/:id(.:format)


Bulk Import

Event Name

Description

Operation

Columns Logged

bulk_import_create

Create bulk import session

POST /v3/bulk_import/create/:name/:database_name/

:table_name(.:format)

id, resource_id, resource_name, target_table

bulk_import_create_part

Split bulk import data into parts

PUT /v3/bulk_import/upload_part/:name/:part(.:format)

id, resource_id, resource_name, target_table

bulk_import_delete

Delete bulk import session

POST /v3/bulk_import/delete/:name(.:format)

id, resource_id, resource_name, target_table

bulk_import_delete_all_part

Delete bulk import parts in a session but session remains

POST /v3/bulk_import/delete_all_parts/:name(.:format)

id, resource_id, resource_name, target_table

bulk_import_delete_part

Delete specific bulk import part from a session

POST /v3/bulk_import/delete_part/:name/:part(.:format)

id, resource_id, resource_name, target_table

bulk_import_error_records_

download

Download bulk import error log

GET /v3/bulk_import/error_records/:name(.:format)

id, resource_id, resource_name, target_table size

bulk_import_finished

Complete processing of bulk import

POST /v3/bulk_import/commit_finished/:id(.:format)

id, resource_id, resource_name, target_table, amount

bulk_import_modify

Detect change to bulk import parameters

POST /v3/bulk_import/perform/:name(.:format)

POST /v3/bulk_import/commit/:name(.:format)

id, resource_id, resource_name, target_table, old_value, new_value

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Connection

Event Name

Description

Operation

Columns Logged

connection_create

Create a new connection in Integration Hub

POST /v4/connections(.:format)

POST /v4/connectors(.:format)

id, resource_id, resource_name

connection_config_create

Create connection using Export Results

POST /v4/connector_configs(.:format)

id, resource_id, target_connection

connection_modify

Rename

PATCH /v4/connections/:id(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

connection_modify_settings

Modify (Update settings)

PATCH /v4/connections/:id(.:format)

id, resource_id, resource_name

connection_delete

Delete

DELETE /v4/connections/:id(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Data Transfer

Event Name

Description

Operation

Columns Logged

data_transfer_create

Transfer create

POST /v3/bulk_loads(.:format)

POST /v4/data_transfers(.:format)

id, resource_id, resource_name

data_transfer_guess

TD guess of file format

POST /v3/bulk_loads/guess(.:format)

POST /v4/data_transfers/guess(.:format)


data_transfer_modify

Transfer modify

PATCH /v3/bulk_loads/:find_by_name(.:format)

PATCH /v4/data_transfers/:id(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

data_transfer_preview

TD preview of how a file will be parsed

POST /v3/bulk_loads/preview(.:format)

POST /v4/data_transfers/preview(.:format)


data_transfer_run

Transfer start

POST /v3/bulk_loads/:find_by_name/jobs(.:format)

POST /v3/bulk_loads/:id/jobs/run_scheduled(.:format)

POST /v4/data_transfers(.:format)

POST /v4/data_transfers/:id/run(.:format)

id, resource_id, resource_name, job, scheduled_time

data_transfer_delete

Transfer delete

DELETE /v3/bulk_loads/:find_by_name(.:format)

DELETE /v4/data_transfers/:id(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Database

Event Name

Event Type

Operation

Columns Logged

database_create

Create

POST /v3/database/create/:name(.:format)

POST /v4/databases(.:format)

POST /databases(.:format)

id, resource_id, resource_name

database_modify

Modify description

PUT|PATCH /v4/databases/:id(.:format)

PATCH /databases/:id(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

database_permission_modify

Update user permission

PATCH /v4/database_permissions(.:format)

PUT /databases/:id/share(.:format)

PUT /users/:id/update_permissions(.:format)

id, resource_id, resource_name, affected_user_id, affected_user old_value, new_value

database_delete

Delete

POST /v3/database/delete/:name(.:format)

DELETE /v4/databases/:id(.:format)

DELETE /databases/:id(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

File Upload

Event Name

Event Type

Operation

Columns Logged

file_upload_import_create

Upload file into Treasure Data

POST /v4/file_uploads/import(.:format)

id, resource_id, target_table

file_upload_import_old_console

Upload from Web

POST /import/file/finalize(.:format)

id, resource_id

web_upload_import_finished

Complete upload from web

POST /v3/table/imported/:table_id/web_upload/:web_upload_id(.:format)

id, resource_id, resource_name, target_table

file_upload_guess

TD guess of file format

GET /v4/file_uploads/guess(.:format)

id, resource_id, resource_name

file_upload_preview

TD preview of how a file will be parsed

POST /v4/file_uploads/preview(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Heroku Paas

Event Name

Event Type

Operation

Columns Logged

heroku_apikey_read

Get Heroku API key

GET /heroku/apikey(.:format)

id, resource_id

heroku_create

Create a Heroku to TD connection

POST /heroku/resources(.:format)

id, resource_id

heroku_sign_in

Sign into Heroku

POST /heroku/sso(.:format)

id, resource_id

See the complete list of premium audit log events in the TD community.

Jobs

Event Name

Description

Operation

Columns Logged

job_issue

New Job (Hive, Presto)

POST /v3/connections/:connection_id/tables/:table_id/bulk_loads(.:format)

POST /v3/export/run/:database_name/:table_name(.:format)

POST /v3/job/issue/:type/:database(.:format)

POST /v4/jobs(.:format)

POST /v4/queries/:id/jobs(.:format)

POST /query_forms/submit(.:format)

POST /v3/job/finished/:id(.:format)

id, resource_id, resource_name, job_type, target_table(option), scheduled_time(option, query_text

job_modify

Start or finish job

POST /v3/job/started/:id(.:format)

POST /v3/job/finished/:id(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

job_kill

Kill job; end job processing

POST /v3/job/kill/:id(.:format)

DELETE /v4/jobs/:id(.:format)

POST /jobs/:id/kill(.:format)

id, resource_id, resource_name

job_result_download

Job Result Download, from the Jobs > Results view on TD Console.

GET /result/:id(.:format)

GET /v4/jobs/:id/result(.:format)

id, resource_id, resource_name, format, bytesize

job_result_download_deniedJob Result Download is denied from the Job > Results view on TD Console or Job Result Download is denied from APIGET /v3/job/result/:id(.:format)resource_id, resource_name

job_result_show

Job Result Preview, from the Jobs > Results view on TD Console

GET /v4/jobs/:id/result(.:format)

id, resource_id, resource_name, amount

job_result_export

Job results exported

POST /v3/job/result_export/:target_job_id

id, resource_id, resource_name, target_resource_id, target_resource_name

job_result_export_failed

Job results export failed

POST /v3/job/result_export/:target_job_id

id, target_resource_id, target_resource_name

job_status_update_by_system

Status of job has been updated by the system

PUT /v3/internal/jobs/:job_id/status

id, ip_address, http_verb, requested_path_info, user_id, user_email, resource_id, resource_name, attribute_name, old_value, new_value

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Permission

Event Name

Event Type

Operation

Columns Logged

permission_modify

Modify any permission

PATCH /v4/access_control/users/:user_id/permissions(.:format)

affected_user_id, old_value, new_value, # for accounts without policy based permissions

permission_policy_create

Create a policy

POST /v4/access_control/policies(.:format)

id, resource_id, resource_name

permission_policy_attach_user

Assign user to a policy

POST /v4/access_control/users/:user_id/policies/:policy_id(.:format)

PATCH /v4/access_control/users/:user_id/policies(.:format)

PATCH /v4/access_control/policies/:policy_id/users(.:format)

id, resource_id, resource_name, affected_user_id

permission_policy_detach_user

Disassociate user from a policy

DELETE /v4/access_control/users/:user_id/policies/:policy_id(.:format)

PATCH /v4/access_control/users/:user_id/policies(.:format)

PATCH /v4/access_control/policies/:policy_id/users(.:format)

id, resource_id, resource_name, affected_user_id

permission_policy_modify

Modify any policy

PATCH /v4/access_control/policies/:id(.:format)

PATCH /v4/access_control/policies/:policy_id/permissions(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

permission_policy_delete

Delete a policy

DELETE /v4/access_control/policies/:id(.:format)

id, resource_id, resource_name

permission_unauthorized_access

Unauthorized access - based on permissions - attempted

GET|POST|PUT|PATCH|DELETE /v4/access_control/*


role_create

Create a role

POST /v4/roles(.:format)

id, resource_id, resource_name, affected_user_id

role_delete

Delete a role

DELETE /v4/roles(.:format)

id, resource_id, resource_name, affected_user_id

unauthorized

Unauthorized access attempted

see list here

resource_type, id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Provisioner

Event NameEvent TypeOperationColumns Logged
provisioner_database_updateUpdate databasePUT /api/def/databases/:database_def_id

account_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name, attribute_name, old_value, new_value

provisioner_change_draft_createCreate change draftPOST /api/ctl/change_draftsaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_change_draft_updateUpdate change draftPUT /api/ctl/change_drafts/:instance_change_draft_id

account_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name, attribute_name, old_value, new_value

provisioner_change_draft_deleteDelete change draftDELETE /api/ctl/change_drafts/:instance_change_draft_idaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_deployment_createCreate deploymentPOST /api/ctl/deploymentsaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_deployment_approveApprove deploymentPOST /api/ctl/deployments/:deployment_id/approveaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_operation_failoverFailoverPOST /api/ctl/operations/failoveraccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_access_key_createCreate access keyPOST /api/ddl/access_keysaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_access_key_updateUpdate access keyPUT /api/ddl/access_keys/:access_key_id

account_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name, attribute_name, old_value, new_value

provisioner_access_key_deleteDelete access keyDELETE /api/ddl/access_keys/:access_key_idaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_access_policy_createCreate access policyPOST /api/ddl/access_policiesaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_access_policy_updateUpdate access policyPUT /api/ddl/access_policies/:access_policy_id

account_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name, attribute_name, old_value, new_value

provisioner_access_policy_deleteDelete access policyDELETE /api/ddl/access_policies/:access_policy_idaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_extension_createCreate extensionPOST /api/ddl/extensionsaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_schema_createCreate schemaPOST /api/ddl/schemasaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_schema_updateUpdate schemaPUT /api/ddl/schemas/:schema_id

account_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name, attribute_name, old_value, new_value

provisioner_schema_deleteDelete schemaDELETE /api/ddl/schemas/:schema_idaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name
provisioner_table_access_createCreate table accessPOST /api/ddl/table_access_controlsaccount_id, user_id, user_email, ip_address, requested_http_verb, requested_path_info,
resource_type, resource_id, resource_path, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Queries

Event Name

Event Type

Operation

Columns Logged

query_create

Create a query

POST /v3/schedule/create/:name(.:format)

POST /v4/queries(.:format)

POST /query_forms/submit(.:format)

id, resource_id, resource_name

query_clone

Copy a query

POST /v4/queries/:id/clone(.:format)

POST /queries/:id/clone(.:format)

id, resource_id, resource_name

query_modify

Change a query

GET /v3/schedule/update/:old_name(.:format)

PATCH /v4/queries/:id(.:format)

POST /query_forms/submit(.:format)

id, resource_id, resource_name

query_run

Run a query

POST /v3/schedule/run/:name/:time(.:format)

POST /v4/queries/:id/jobs(.:format)

POST /query_forms/submit(.:format)

POST /queries/:id/run(.:format)

id, resource_id, resource_name, query_text

schedule_clone

Copy saved query



schedule_create

Create and save a query



schedule_delete

Delete saved query



schedule_modify

Modify saved query



schedule_run

Run saved query



query_delete

Delete a query

POST /v3/schedule/delete/:name(.:format)

DELETE /v4/queries/:id(.:format)

DELETE /queries/:id(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Streaming Tasks

Event Name

Event Type

Operation

Columns Logged

streaming_tasks_create

Create a streaming task

POST /v4/streaming_tasks

resource_id, resource_name

streaming_task_modify

Modify a streaming task

PATCH/PUT /v4/streaming_tasks

resource_id, resource_name

streaming_task_deleteDelete a streaming taskDELETE /v4/streaming_tasksresource_id, resource_name
streaming_task_auth_createCreate an authentication for a streaming taskPOST /v4/streaming_task_authsresource_id, resource_name
streaming_task_auth_modify Modify an authentication for a streaming taskPATCH/PUT /v4/streaming_task_authsresource_id, resource_name
streaming_task_auth_deleteDelete an authentication for a streaming taskDELETE /v4/streaming_task_authsresource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Table

Event Name

Event Type

Operation

Columns Logged

partial_delete_create

Create job to partially delete the contents of the table
with the given time range

POST /v3/table/partialdelete/:database_name/:table_name(.:format)

id, resource_id, resource_name, target_table

table_change_database

Database change

POST /v3/table/change_database/:database_name/:table_name(.:format)

id, resource_id, resource_name, old_value, new_value

table_create

Create

POST /v3/table/create/:database_name/:name/:type(.:format)

POST /v4/tables(.:format)

POST /databases/:user_database_id/tables(.:format)

id, resource_id, resource_name

table_import_create

Create table during import

PUT /v3/table/import/:database_name/:table_name/:data_format(.:format)

id, resource_id, resource_name

table_insert_finished

Processing for insert of a table completed

POST /v3/table/insert_finished(.:format)

id, resource_id, resource_name, amount

table_modify

Add, or remove, rename columns or modify description

POST /v3/table/update-schema/:database_name/:table_name(.:format)

POST /v3/table/append-schema/:database_name/:table_name(.:format)

PUT|PATCH /v4/tables/:id(.:format)

PATCH /databases/:user_database_id/tables/:id(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

table_preview

Preview table

GET /v3/table/tail/:database_name/:table_name(.:format)

GET /v4/tables/:id/preview(.:format)

GET /databases/:user_database_id/tables/:id/preview(.:format)

id, resource_id, resource_name, amount

table_swap

Exchanges the table name of the table.
Ex: table1 swap with table2 results in table2 having contents of table1 and vice versa

POST /v3/table/swap/:database_name/:table1_name/:table2_name(.:format)

id, resource_id, resource_name, target_resource_id, target_resource_name

table_delete

Delete

POST /v3/table/delete/:database_name/:table_name(.:format)

DELETE /v4/tables/:id(.:format)

DELETE /databases/:user_database_id/tables/:id(.:format)

id, resource_id, resource_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

User

Event Name

Event Type

Operation

Columns Logged

apikey_modify

Change API key

PATCH /v4/api_keys/:id(.:format)

attribute_name, old_value, new_value

password_reset

User resets own password

POST /v4/users/:id/reset_password(.:format)

attribute_name, old_value, new_value

user_apikey_delete

Delete API key

POST /v3/user/apikey/remove/:email

DELETE /v4/api_keys/:id(.:format)

DELETE /users/:user_id/apikey_authentications/:id(.:format)

id, resource_id, resource_name, affected_user_id, affected_user

user_apikey_download

Download of API key by user

GET /v3/user/apikey/list/:email

id, resource_id, resource_name, amount

user_apikey_generate

Create API key

POST /v3/user/apikey/add/:email

POST /v4/api_keys(.:format)

POST /users/:user_id/apikey_authentications(.:format)

id, resource_id, resource_name, affected_user_id, affected_user

user_delete

Delete user

POST /v3/user/remove/:email

DELETE /v4/users/:id(.:format)

DELETE /users/:id(.:format)

id, resource_id, resource_name

user_invite

Invite to account team

POST /v3/user/add/:name(.:format)

POST /v4/users/invite(.:format)

POST /users/invite(.:format)

id, resource_id, resource_name

user_invite_accepted

Accept user invite

PATCH /users/invitation(.:format)

id, resource_id, resource_name

user_modify

Change first name, last name, phone number, password and update email

PATCH /v4/users/:id(.:format)

PATCH /users/password(.:format)

PATCH /users/:id(.:format)

POST /users/:id/promote(.:format)

id, resource_id, resource_name, attribute_name, old_value, new_value

session_invalidation

User’s session is logged out by idle_timeout or existing session_timeout

All requests using session

ip_address, requested_http_verb, requested_path_info, id, user_id, user_email, account_id, event_name

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Insights

Event Name

Event Type

Operation

Columns Logged

reporting_sso

Log into reporting

GET /reporting/sso

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name

reporting_user_create

Create a user in reporting

POST /reporting/users

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name

reporting_user_update

Update a user in reporting

PUT /reporting/users/:id

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name, new_value, old_value, attribute_name

reporting_user_destroy

Delete a user in reporting

DELETE /reporting/users/:id

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name

reporting_datamodel_create

Create a data model in reporting

POST /reporting/datamodels

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name

reporting_datamodel_destroy

Delete a data model in reporting

DELETE /reporting/datamodels/:id

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id, resource_name

reporting_relation_create

Create a relation

POST /datamodels/:datamodel_id/relations

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id

reporting_relation_destroy

Delete a relation

DELETE /datamodels/:datamodel_id/relations/:id

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id

reporting_build_start

Start building a report

POST /datamodels/:id/builds

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id

reporting_build_stop

Stop building a report

DELETE /datamodels/:id/builds/:build_id

id, ip_address, user_id, user_email, account_id, requested_http_verb, requested_path_info, resource_id

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Workflow

Event Name

Event Type

Operation

Columns Logged

insufficient_permission

Unauthorized action attempted

PUT /api/attempts

POST /api/attempts/{id}/kill

DELETE /api/projects/{id}

PUT /api/projects/{id}/secrets/{key}

DELETE /api/projects/{id}/secrets/{key}

POST /api/schedules/{id}/skip

POST /api/schedules/{id}/backfill

POST /api/schedules/{id}/disable

POST /api/schedules/{id}/enable

PUT|POST /api/projects

GET /api/attempts

GET /api/attempts/{id}

GET /api/attempts/{id}/retries

GET /api/attempts/{id}/tasks

GET /api/logs/{attempt_id}/files

GET /api/logs/{attempt_id}/files/{file_name}

GET /api/project

GET /api/projects

GET /api/projects/{id}

GET /api/projects/{id}/revisions

GET /api/projects/{id}/schedules

GET /api/projects/{id}/sessions

GET /api/projects/{id}/secrets

GET /api/schedules

GET /api/schedules/{id}

GET /api/sessions

GET /api/sessions/{id}/attempts

GET /api/sessions/{id}/attempts

GET /api/workflow

GET /api/workflows

GET /api/workflows/{id}

GET /api/workflows/{id}/truncated_session_time

GET /api/console/projects/{id}/workflows

GET /api/projects/{id}/archive/multipart

GET /api/console/workflows

GET /api/projects

GET /api/projects/{id}/workflows

id, ip_address, account_id, user_id, user_email

workflow_attempt_create

User attempts to run a workflow from TD Console

PUT /api/attempts


workflow_attempt_kill

Kill a workflow session attempt

POST /api/attempts/{id}/kill


workflow_project_revision_create

Create a project revision

User creates a new workflow or updates and saves an existing workflow from TD Console

PUT|POST /api/projects

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_project_secret_delete

Delete a workflow secret

DELETE /api/projects/{id}

id, ip_address, resource_id, resource_name, resource_path, session_time, account_id, user_id, user_email, old_value, new_value

workflow_project_secret_create

User sets a workflow secret

PUT /api/projects/{id}/secrets/{key}

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_schedule_backfill

User re-executes failed past Workflows and replaces the results.

User creates a new workflow or updates and saves an existing workflow from TD Console

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_schedule_disable

Disable (deactivate) a workflow schedule

POST /api/schedules/{id}/disable

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_schedule_enable

Enable (activate) a workflow schedule

POST /api/schedules/{id}/enable

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_schedule_skip

Skip scheduled workflow

POST /api/schedules/{id}/skip

id, ip_address, resource_id, resource_name, resource_path, account_id, user_id, user_email, old_value, new_value

workflow_project_delete

Delete the workflow project

DELETE /api/projects/{id}

id, ip_address, resource_id, resource_name, resource_path, session_time, account_id, user_id, user_email, old_value, new_value

See the complete list of premium audit log events in the TD complete Premium Audit Log Event list.

Workflow - Custom Scripts

Event name

Event type

Operation

Columns logged 

custom_script_task_starts

custom script task starts

workflow py>: task

id
resource_id
resource_name
resource_path
account_id
session_id
is_scheduled
task_created_at
diagnostic_messages
user_id
user_email
ip_address
revision_created_user
docker_image

custom_script_task_ends

custom script task ends

workflow py>: taskid
resource_id
resource_name
resource_path
account_id
session_id
is_scheduled
task_created_at
task_finished_at
task_duration
task_exit_code
diagnostic_messages
user_id
user_email
ip_address
revision_created_user
docker_image
  • No labels