Audit logs

Table of Contents

Contents of a security audit event
Fetch logs via API
Security events
- Authentication and login
- Users
- Orgs
- Roles
- User groups
- Data connections
- Data objects
- RLS
- Answers
- Liveboards

ThoughtSpot Cloud logs events related to user activities, account authentication, and CRUD operations. Administrators can use the security audit logs to detect potential security threats or compromised user accounts in an organization.

To fetch security events from ThoughtSpot, you can push the logs to your Security information and event management (SIEM) server, or pull the logs via audit logs REST API.

Contents of a security audit event🔗

Audit events in the security logs capture the following information:

type
Type of the action audited. For example, LOGIN_FAILED.
desc
Description of the event. For example, User login failed.
ts
Timestamp of the event.
id
The ID of the event.
client
A map of key-value pairs that show client information such as userName, userGUID, and cIP. Name and GUID of the user that initiated the action audited in the log.
data
A collection of string key-value pairs for the audited action.
- For events related to login and authentication, the data string includes the username of the user.
  {"data":{"userName":"UserA"}
- For events related to CRUD operations on objects, the object ID and name are included in the data string.
  {"data":{"modifiedPrivileges":["AUTHORING"],"currentPrivileges":[],"groupIdentity":{"id":{"id":"f60c79e9-2be0-4321-959c-fe1c09590780"},"name":"testGroup","owner":{"id":"f60c79e9-2be0-4321-959c-fe1c09590780"},"type":"UserGroup"}}
  
  {"data":{"pinboardIds":"[\"f9ab90a9-b895-41f4-a244-8dce3f48d24a\"]"}
- For events related to errors, the data string shows the error code and message.
  {"data":{"error":"Error Code: WEAK_PASSWORD_CANNOT_USE_FIRST_LAST_NAME Incident Id: 51a9474b-f13c-44ab-8c48-e35c773a5911\ Error Message: Cannot use first or last name in the password.","userId":"e3dc4950-0677-45f9-9b2d-ffb16501c359"}
orgId
Org ID if your ThoughtSpot application instance has Orgs.

Fetch logs via API🔗

To fetch logs via REST API, you need ADMINISTRATION (Can administer ThoughtSpot) privilege. You can use any of the following APIs:

POST /api/rest/2.0/logs/fetch (Recommended)
GET /tspublic/v1/logs/topics/{topic} (REST API v1)

On Orgs-enabled clusters, the API fetches security logs for the current Org text. However, the administrator of the primary Org (Org 0) can fetch logs not just for the primary Org, but also for all other Orgs if the get_all_logs parameter is set to true in the API request.

Security events🔗

The following section lists security events audited in ThoughtSpot logs:

Note	The code examples listed in this section are for representational purposes only. The event details in the log may vary as per the configuration of your ThoughtSpot cluster.

Authentication and login🔗

Event Description

Event	Description
`LOGIN_SUCCESSFUL`	The user has successfully logged in to ThoughtSpot application, either as a local user, an IdP user, or an Active Directory (AD) user. Audit logs show the event, the username of the user being logged in, or the authentication type.
`LOGIN_FAILED`	When a login attempt fails / authentication is denied. Either the password of a local user is incorrect, or the IdP / AD denied the authentication request. Logs show the event and the username of the user attempting to log in.
`ACCOUNT_LOCKED`	When a local user account is locked because the user failed to authenticate `x` times in a row. The value of `x` is usually four attempts. In case of any questions, contact ThoughtSpot Support.
`LOGOUT_SUCCESSFUL`	When a user logs out successfully from ThoughtSpot. Logs show the event and the username of the user being logged out.
`LOGOUT_FAILED`	User logout failed.
`FAILED_TO_CREATE_AUTH_TOKEN`	Failed to create an authentication token.
`AUTH_TOKEN_CREATED_SUCCESSFULLY`	Successfully created authentication token.

LOGIN_SUCCESSFUL

The user has successfully logged in to ThoughtSpot application, either as a local user, an IdP user, or an Active Directory (AD) user. Audit logs show the event, the username of the user being logged in, or the authentication type.

LOGIN_FAILED

When a login attempt fails / authentication is denied. Either the password of a local user is incorrect, or the IdP / AD denied the authentication request. Logs show the event and the username of the user attempting to log in.

ACCOUNT_LOCKED

When a local user account is locked because the user failed to authenticate x times in a row. The value of x is usually four attempts. In case of any questions, contact ThoughtSpot Support.

LOGOUT_SUCCESSFUL

When a user logs out successfully from ThoughtSpot. Logs show the event and the username of the user being logged out.

LOGOUT_FAILED

User logout failed.

FAILED_TO_CREATE_AUTH_TOKEN

Failed to create an authentication token.

AUTH_TOKEN_CREATED_SUCCESSFULLY

Successfully created authentication token.

Example

[
   {
      "date":"2024-07-01T05:04:09.290175Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-d4f6fe8d-72b2-49cd-abd3-ee4916d152ed\",\"ts\":\"2024-07-01T05:04:09Z\",\"orgId\":0,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"LOGIN_SUCCESSFUL\",\"desc\":\"User login successful\",\"data\":{\"userName\":\"User1\"}}"
   },
   {
      "date":"2024-07-01T10:09:32.410661Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-0714c97a-9d79-4620-8e56-c3ca69a92936\",\"ts\":\"2024-07-01T10:09:32Z\",\"orgId\":0,\"userGUID\":null,\"userName\":null,\"cIP\":\"10.253.143.236\",\"type\":\"LOGIN_FAILED\",\"desc\":\"User login failed\",\"data\":{\"userName\":\"User1\"}}"
   },
   {
      "date":"2024-07-01T08:43:51.934333Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-b9a4c682-f7a3-4f19-9523-088769ffd20d\",\"ts\":\"2024-07-01T08:43:51Z\",\"orgId\":0,\"userGUID\":\"67e15c06-d153-4924-a4cd-ff615393b60f\",\"userName\":\"User1\",\"cIP\":null,\"type\":\"LOGOUT_SUCCESSFUL\",\"desc\":\"User logout successful\",\"data\":{}}"
   },
   {
      "date":"2024-07-01T06:39:23.699320Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-d9c591b1-76cc-4a88-92e6-7ffefb9fe183\",\"ts\":\"2024-07-01T06:39:23Z\",\"orgId\":0,\"userGUID\":\"deffe426-f293-4e04-8f9e-ee2f7624d07a\",\"userName\":\"User1\",\"cIP\":\"\",\"type\":\"UPDATE_PASSWORD_FAILURE\",\"desc\":\"Password update failed\",\"data\":{\"error\":\"Error Code: WEAK_PASSWORD_CANNOT_USE_FIRST_LAST_NAME Incident Id: 51a9474b-f13c-44ab-8c48-e35c773a5911\\nError Message: Cannot use first or last name in the password.\",\"userId\":\"e3dc4950-0677-45f9-9b2d-ffb16501c359\"}}"
   },
]

Users🔗

Event Description

Event	Description
`USERS_MODIFIED`	Records any change to the user profile, whether modified manually on the Admin page or through SAML sync. This event is created when a new user is added, or the attribute for any existing user is modified.
`USERS_CREATED`	A new user account was created manually on the Admin page or via internal API. The logs may reflect the event and also the name of the user, among other details.
`USERS_DELETED`	A user account was deleted, either manually on the Admin page or via internal API.
`UPDATE_PASSWORD`	An attempt to change a user account password was made. The attempt might be successful or unsuccessful.
`UPDATE_PASSWORD_FAILURE`	Failed to update password. The logs may reflect the incident ID, error code, and also the probable cause of the failure. The common issues could be a weak password, a commonly used password, using a part of the username in the password, and the like.
`USER_ACTIVATE`	User account activation was attempted. This attempt can be successful or failed due to reasons such as the activation link being garbled due to email security tools, firewall blocking ThoughtSpot domains, or the link expiry.

USERS_MODIFIED

Records any change to the user profile, whether modified manually on the Admin page or through SAML sync. This event is created when a new user is added, or the attribute for any existing user is modified.

USERS_CREATED

A new user account was created manually on the Admin page or via internal API. The logs may reflect the event and also the name of the user, among other details.

USERS_DELETED

A user account was deleted, either manually on the Admin page or via internal API.

UPDATE_PASSWORD

An attempt to change a user account password was made. The attempt might be successful or unsuccessful.

UPDATE_PASSWORD_FAILURE

Failed to update password. The logs may reflect the incident ID, error code, and also the probable cause of the failure. The common issues could be a weak password, a commonly used password, using a part of the username in the password, and the like.

USER_ACTIVATE

User account activation was attempted. This attempt can be successful or failed due to reasons such as the activation link being garbled due to email security tools, firewall blocking ThoughtSpot domains, or the link expiry.

Example

[
   {
      "date":"2024-07-01T06:38:53.924085Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-3bc0deb9-419f-4428-979b-cec4cc805c81\",\"ts\":\"2024-07-01T06:38:53Z\",\"orgId\":0,\"userGUID\":\"deffe426-f293-4e04-8f9e-ee2f7624d07a\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"USERS_CREATED\",\"desc\":\"New user accounts creation attempted\",\"data\":{\"userNames\":\"test_123\"}}"
   },
   {
      "date":"2024-07-01T01:00:17.085206Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-c90ebdf6-b050-4b5e-a5fa-381cf1daf61e\",\"ts\":\"2024-07-01T01:00:16Z\",\"orgId\":0,\"userGUID\":\"95d7a40f-2067-4101-a5f4-080f448ed615\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"USERS_MODIFIED\",\"desc\":\"User account detail modification attempted\",\"data\":{\"action\":\"Add/Edit email id for an existing user attempted\",\"emailId\":null,\"userId\":\"95d7a40f-2067-4101-a5f4-080f448ed615\"}}"
   },
   {
      "date":"2024-07-01T10:11:27.931449Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-58350ebf-cf2c-4504-b0a9-8ab092c93c66\",\"ts\":\"2024-07-01T10:11:27Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"USERS_DELETED\",\"desc\":\"User accounts deletion attempted\",\"data\":{\"userGUIDs\":[{\"id\":\"33e8874b-0884-4754-8bef-535de6330f4d\"}]}}"
   },
   {
      "date":"2024-07-01T06:39:23.699320Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-d9c591b1-76cc-4a88-92e6-7ffefb9fe183\",\"ts\":\"2024-07-01T06:39:23Z\",\"orgId\":0,\"userGUID\":\"deffe426-f293-4e04-8f9e-ee2f7624d07a\",\"userName\":\"User1\",\"cIP\":\"\",\"type\":\"UPDATE_PASSWORD_FAILURE\",\"desc\":\"Password update failed\",\"data\":{\"error\":\"Error Code: WEAK_PASSWORD_CANNOT_USE_FIRST_LAST_NAME Incident Id: 51a9474b-f13c-44ab-8c48-e35c773a5911\\nError Message: Cannot use first or last name in the password.\",\"userId\":\"e3dc4950-0677-45f9-9b2d-ffb16501c359\"}}"
   },
]

Orgs🔗

Event Description

Event	Description
`ORG_SWITCH_FAILED`	Failed to switch org for user. This could happen due to reasons such as incorrect parameters provided, the org not existing anymore, and so on.
`ORG_CREATION_SUCCESSFUL`	Successfully created an Org. The logs may reflect the event and the name of the org created.
`ORG_DELETION_SUCCESSFUL`	Successfully deleted an Org.
`ORG_CREATION_FAILED`	Org creation failed due to reasons such as incorrect parameters provided, the user not having the required permissions and so on.
`ORG_DELETION_FAILED`	Org deletion failed due to reasons such as incorrect parameters provided, the user not having the required permissions and so on.
`ORG_ACCESS_GRANTED_TO_USER`	When a user is successfully added to an Org. The logs may reflect this event and the ID of the user.
`ORG_SWITCH_SUCCESSFUL`	When a user successfully switches the Org. The logs may reflect the ID of the user and the Org being switched to.

ORG_SWITCH_FAILED

Failed to switch org for user. This could happen due to reasons such as incorrect parameters provided, the org not existing anymore, and so on.

ORG_CREATION_SUCCESSFUL

Successfully created an Org. The logs may reflect the event and the name of the org created.

ORG_DELETION_SUCCESSFUL

Successfully deleted an Org.

ORG_CREATION_FAILED

Org creation failed due to reasons such as incorrect parameters provided, the user not having the required permissions and so on.

ORG_DELETION_FAILED

Org deletion failed due to reasons such as incorrect parameters provided, the user not having the required permissions and so on.

ORG_ACCESS_GRANTED_TO_USER

When a user is successfully added to an Org. The logs may reflect this event and the ID of the user.

ORG_SWITCH_SUCCESSFUL

When a user successfully switches the Org. The logs may reflect the ID of the user and the Org being switched to.

Example

{
  "date": "2024-07-02T11:14:43.708374Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-2059ac42-63a0-4e06-8d0d-013db003e029\",\"ts\":\"2024-07-02T11:14:43Z\",\"orgId\":-1,\"userGUID\":\"75bb3ce8-44b9-4783-a11b-0945194dc862\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"ORG_CREATION_SUCCESSFUL\",\"desc\":\"Successfully created an Org\",\"data\":{\"OrgName\":\"TestOrgForID\"}}"
}

{
  "date": "2024-07-01T06:38:54.282280Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-c3ccac49-c549-4669-bca7-fa42cca51374\",\"ts\":\"2024-07-01T06:38:54Z\",\"orgId\":0,\"userGUID\":\"deffe426-f293-4e04-8f9e-ee2f7624d07a\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"ORG_ACCESS_GRANTED_TO_USER\",\"desc\":\"Added user to an Org\",\"data\":{\"UserId\":\"280f4f79-0b28-4950-bbb3-4c4fd79867d0\",\"Attempted to Grant Org Access\":\"[0]\"}}"
}

{
  "date": "2024-07-01T14:27:12.336514Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-03e131ce-6dbf-4367-be41-9b042a6f2264\",\"ts\":\"2024-07-01T14:27:12Z\",\"orgId\":0,\"userGUID\":\"1e3a09aa-43b1-4245-9184-c0e716e657f4\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"ORG_SWITCH_SUCCESSFUL\",\"desc\":\"Successfully switched org\",\"data\":{\"userGuid\":{\"id\":\"1e3a09aa-43b1-4245-9184-c0e716e657f4\"},\"org\":838330977}}"
}

{
  "date": "2024-07-01T05:54:30.985587Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-fc45f998-d35c-4eed-9373-79eb35011062\",\"ts\":\"2024-07-01T05:54:30Z\",\"orgId\":-1,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"ORG_ACCESS_REVOKED_FROM_USER\",\"desc\":\"Removed user from Org\",\"data\":{\"UserId\":\"08f2fc08-11ec-4e14-9b17-37c498497424\",\"Attempted to Revoke Org Access\":\"[0]\"}}"
}

{
  "date": "2024-07-02T16:43:10.032323Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-c18dd249-5dab-4fa7-9ade-2f4cbbb0df08\",\"ts\":\"2024-07-02T16:43:10Z\",\"orgId\":-1,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"ORG_DELETION_SUCCESSFUL\",\"desc\":\"Successfully deleted an Org\",\"data\":{\"OrgId\":1587528480}}"
}

Roles🔗

Event Description

Event	Description
`ROLES_IMPORTED`	Roles import attempted.
`ROLE_CREATED`	Role creation attempted.
`ROLE_UPDATED`	Role updation attempted.
`ROLE_DELETED`	Role deletion attempted.
`ROLES_ASSIGNED`	Roles assignment to group attempted. The logs may reflect the event and other details like role ID and the group id.
`ROLES_REMOVED`	Removal of roles from the group attempted.

ROLES_IMPORTED

Roles import attempted.

ROLE_CREATED

Role creation attempted.

ROLE_UPDATED

Role updation attempted.

ROLE_DELETED

Role deletion attempted.

ROLES_ASSIGNED

Roles assignment to group attempted. The logs may reflect the event and other details like role ID and the group id.

ROLES_REMOVED

Removal of roles from the group attempted.

Example Code

{
   "date":"2024-07-01T02:21:35.726087Z",
   "log":"{\"version\":\"1.1\",\"id\":\"TS-85030a22-f42d-4ae8-b298-d80f0af09a1d\",\"ts\":\"2024-07-01T02:21:35Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"ROLES_ASSIGNED\",\"desc\":\"Roles assignment to group attempted\",\"data\":{\"groupNames\":\"docstestgroup\",\"roleIds\":[]}}"
}

User groups🔗

Event Description

Event	Description
`USER_GROUPS_CREATED`	Creating a new group in ThoughtSpot, either manually through the Admin page in the UI, or through the internal API (also used by the group sync Python script). The log will reflect this event along with other details like the name of the group created.
`USER_GROUPS_DELETED`	Deleting a group in ThoughtSpot. Either manually through the Admin page in the UI, or through the internal API (also used by the group sync Python script).
`PRINCIPALS_IN_GROUP_UPDATE`	Attempt to change the user/group list to a group. Can be through adding/removing users/groups to a group. Attempt could be successful or unsuccessful.
`USER_GROUP_MODIFIED`	Modifying the properties of a group, either in the Admin Portal or over internal API. These properties include visibility settings, group privileges, adding or removing users or subgroups, and more.
`PRIVILEGE_CHANGES`	One or more privileges were modified (added/removed) for a group. The logs may reflect the current privilege and the modified privilege, alongside other identification details.

USER_GROUPS_CREATED

Creating a new group in ThoughtSpot, either manually through the Admin page in the UI, or through the internal API (also used by the group sync Python script). The log will reflect this event along with other details like the name of the group created.

USER_GROUPS_DELETED

Deleting a group in ThoughtSpot. Either manually through the Admin page in the UI, or through the internal API (also used by the group sync Python script).

PRINCIPALS_IN_GROUP_UPDATE

Attempt to change the user/group list to a group. Can be through adding/removing users/groups to a group. Attempt could be successful or unsuccessful.

USER_GROUP_MODIFIED

Modifying the properties of a group, either in the Admin Portal or over internal API. These properties include visibility settings, group privileges, adding or removing users or subgroups, and more.

PRIVILEGE_CHANGES

One or more privileges were modified (added/removed) for a group. The logs may reflect the current privilege and the modified privilege, alongside other identification details.

Example

[
   {
      "date":"2024-07-01T02:21:35.724677Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-43ff5ec8-3915-4fa4-b383-fd1dacbbffe9\",\"ts\":\"2024-07-01T02:21:35Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"USER_GROUPS_CREATED\",\"desc\":\"New groups creation attempted\",\"data\":{\"groupNames\":\"docstestgroup\"}}"
   },
   {
      "date":"2024-07-01T10:10:56.812564Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-0bf8d03e-0eb9-4b24-bd9e-6fe05a1dfbf7\",\"ts\":\"2024-07-01T10:10:56Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"10.253.143.236\",\"type\":\"USER_GROUPS_DELETED\",\"desc\":\"Groups deletion attempted\",\"data\":{\"groupGUIDs\":[{\"id\":\"f60c79e9-2be0-4321-959c-fe1c09590780\"}]}}"
   },
   {
      "date":"2024-07-01T02:23:59.175130Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-11f8096f-0c48-4f57-a934-636bf21a9a17\",\"ts\":\"2024-07-01T02:23:59Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"PRINCIPALS_IN_GROUP_UPDATE\",\"desc\":\"Principals(User/UserGroup) in group update attempted\",\"data\":{\"groupID\":\"f60c79e9-2be0-4321-959c-fe1c09590780\",\"requestedUsersInGroup\":[{\"id\":\"324da36c-7a41-4578-9e11-0105db097077\"},{\"id\":\"33e8874b-0884-4754-8bef-535de6330f4d\"}]}}"
   },
   {
      "date":"2024-07-01T02:50:10.995314Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-29c9649e-5431-4e17-979f-c5ae2792fdf6\",\"ts\":\"2024-07-01T02:50:10Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"PRIVILEGE_CHANGES\",\"desc\":\"Group privilege changes attempted.\",\"data\":{\"modifiedPrivileges\":[\"AUTHORING\"],\"currentPrivileges\":[],\"groupIdentity\":{\"id\":{\"id\":\"f60c79e9-2be0-4321-959c-fe1c09590780\"},\"name\":\"docstestgroup\",\"owner\":{\"id\":\"f60c79e9-2be0-4321-959c-fe1c09590780\"},\"type\":\"UserGroup\"}}}"
   }
]

Data connections🔗

Event Description

Event	Description
`CREATE_CONNECTION_ATTEMPTED`	Create connection attempted. Attempt can be successful or unsuccessful.
`CREATE_CONNECTION`	Connection created. The logs may reflect the event and other details like connection name and type, the status of the connection, the request ID, and more.
`DELETE_CONNECTION_ATTEMPTED`	Delete connection attempted. Attempt can be successful or unsuccessful.
`DELETE_CONNECTION`	Connection deleted. The logs may reflect the event and other details like the connection status, request ID, and more.
`EDIT_CONNECTION_ATTEMPTED`	Edit connection attempted.
`EDIT_CONNECTION`	Connection edited. The logs may reflect the event and other details like connection name and type, status of the connection, the request ID and more.
`DIGEST_FREQUENCY_CHANGED`	Digest frequency changed
`CREATE_CONFIGURATION_ATTEMPTED`	Create connection configuration attempted.
`CREATE_CONFIGURATION`	Connection configuration created.
`DELETE_CONFIGURATION_ATTEMPTED`	Delete connection configuration attempted.
`DELETE_CONFIGURATION`	Connection configuration deleted.
`EDIT_CONFIGURATION_ATTEMPTED`	Edit connection configuration attempted. The attempt can be successful or unsuccessful.
`EDIT_CONFIGURATION`	Connection configuration edited.

CREATE_CONNECTION_ATTEMPTED

Create connection attempted. Attempt can be successful or unsuccessful.

CREATE_CONNECTION

Connection created. The logs may reflect the event and other details like connection name and type, the status of the connection, the request ID, and more.

DELETE_CONNECTION_ATTEMPTED

Delete connection attempted. Attempt can be successful or unsuccessful.

DELETE_CONNECTION

Connection deleted. The logs may reflect the event and other details like the connection status, request ID, and more.

EDIT_CONNECTION_ATTEMPTED

Edit connection attempted.

EDIT_CONNECTION

Connection edited. The logs may reflect the event and other details like connection name and type, status of the connection, the request ID and more.

DIGEST_FREQUENCY_CHANGED

Digest frequency changed

CREATE_CONFIGURATION_ATTEMPTED

Create connection configuration attempted.

CREATE_CONFIGURATION

Connection configuration created.

DELETE_CONFIGURATION_ATTEMPTED

Delete connection configuration attempted.

DELETE_CONFIGURATION

Connection configuration deleted.

EDIT_CONFIGURATION_ATTEMPTED

Edit connection configuration attempted. The attempt can be successful or unsuccessful.

EDIT_CONFIGURATION

Connection configuration edited.

Example

[
   {
      "date":"2024-07-01T07:19:52.542119Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-b04bf849-3046-4a6f-bdc8-c62ad1fdc767\",\"ts\":\"2024-07-01T07:19:52Z\",\"orgId\":0,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"CREATE_CONNECTION_ATTEMPTED\",\"desc\":\"Create connection attempted\",\"data\":{}}"
   },
   {
      "date":"2024-07-02T13:31:39.428095Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-549789c2-7f4f-4433-82b3-ba0cbedfc3d8\",\"ts\":\"2024-07-02T13:31:39Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"CREATE_CONNECTION\",\"desc\":\"Connection created\",\"data\":{\"connectionName\":\"testconnection\",\"connectionType\":\"RDBMS_SNOWFLAKE\",\"requestId\":\"-1\",\"connectionCreation\":\"Done\"}}"
   },
   {
      "date":"2024-07-02T13:48:26.894659Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-08b7ca4b-4a18-41f5-98a4-b9595636036d\",\"ts\":\"2024-07-02T13:48:26Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"EDIT_CONNECTION_ATTEMPTED\",\"desc\":\"Edit connection attempted\",\"data\":{}}"
   },
   {
      "date":"2024-07-02T13:48:27.636425Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-81e38a1d-fc19-43ae-b888-2ffc74150d75\",\"ts\":\"2024-07-02T13:48:27Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"EDIT_CONNECTION\",\"desc\":\"Connection edited\",\"data\":{\"EditConnection\":\"Done\",\"connectionName\":\"testconnection\",\"connectionType\":\"RDBMS_SNOWFLAKE\",\"requestId\":\"-1\"}}"
   },
   {
      "date":"2024-07-03T08:45:11.938960Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-af207565-043c-40c3-9f4d-f5305c02cb07\",\"ts\":\"2024-07-03T08:45:11Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"DELETE_CONNECTION_ATTEMPTED\",\"desc\":\"Delete connection attempted\",\"data\":{}}"
   },
   {
      "date":"2024-07-03T08:45:12.014540Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-20f6da3c-cdaf-4f4b-8295-0538367e14aa\",\"ts\":\"2024-07-03T08:45:12Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"DELETE_CONNECTION\",\"desc\":\"Connection deleted\",\"data\":{\"connectionDeletion\":\"Done\",\"DeletedIds \":\"[\\\"8199cbbd-1a53-4137-b16f-b2f3f76ed23b\\\"]\"}}"
   }
]

Data objects🔗

Event Description

Event	Description
`CREATE_TABLES`	Creation of new tables attempted.
`SHARE_OBJECTS`	A user attempted to sharing an object with groups/users. The attempt can be successful or unsuccessful. The log will list the shared object ID, its type, and associated permissions.
`CSV_UPLOAD_STARTED`	CSV upload started.
`CSV_UPLOAD_FINISHED`	CSV upload finished.
`DATA_UPLOAD_CONFIGURED`	Data upload configured for a connection. The event logs may reflect details explaining the action done by the user, the username and ID, and the connection ID.

CREATE_TABLES

Creation of new tables attempted.

SHARE_OBJECTS

A user attempted to sharing an object with groups/users. The attempt can be successful or unsuccessful. The log will list the shared object ID, its type, and associated permissions.

CSV_UPLOAD_STARTED

CSV upload started.

CSV_UPLOAD_FINISHED

CSV upload finished.

DATA_UPLOAD_CONFIGURED

Data upload configured for a connection. The event logs may reflect details explaining the action done by the user, the username and ID, and the connection ID.

Example

[
   {
      "date":"2024-07-01T06:51:40.843334Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-c8840cae-65a7-41c8-979c-3b31f977b419\",\"ts\":\"2024-07-01T06:51:40Z\",\"orgId\":0,\"userGUID\":\"59481331-ee53-42be-a548-bd87be6ddd4a\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"SHARE_OBJECTS\",\"desc\":\"Sharing of objects with groups/users attempted\",\"data\":{\"objIds\":\"[\\\"0cb2fbe3-2101-4c25-bd6b-0f993084e6c9\\\"]\",\"objType\":\"PINBOARD_ANSWER_BOOK\",\"permissions\":\"{\\\"permissions\\\":{}}\",\"discoverability\":true}}"
   },
   {
      "date":"2024-07-02T13:53:26.992905Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-978c580c-0a26-49ff-b80f-bd9d88bd58b7\",\"ts\":\"2024-07-02T13:53:26Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"DATA_UPLOAD_CONFIGURED\",\"desc\":\"Data Upload configured for a connection\",\"data\":{\"dataUploadEnabledFlag\":true,\"connection\":\"8199cbbd-1a53-4137-b16f-b2f3f76ed23b\",\"userGuid\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\"}}"
   }
]

RLS🔗

Event Description

Event	Description
`CREATE_RLS_RULE`	RLS rule creation attempted. The logs may reflect the event along with other details like user ID, the name and the ID of the rule created.
`UPDATE_RLS_RULE`	RLS rule modification attempted. The logs may reflect the event along with other details like user ID, the name and the ID of the rule created.
`DELETE_RLS_RULES`	RLS rules deletion attempted. The logs may reflect the event along with the ID of the rule created.

CREATE_RLS_RULE

RLS rule creation attempted. The logs may reflect the event along with other details like user ID, the name and the ID of the rule created.

UPDATE_RLS_RULE

RLS rule modification attempted. The logs may reflect the event along with other details like user ID, the name and the ID of the rule created.

DELETE_RLS_RULES

RLS rules deletion attempted. The logs may reflect the event along with the ID of the rule created.

Example

{
  "date": "2024-07-02T16:38:11.892840Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-c3497e5a-f253-4937-93d7-22cdc252ed1d\",\"ts\":\"2024-07-02T16:38:11Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"10.253.143.244\",\"type\":\"CREATE_RLS_RULE\",\"desc\":\"RLS rule creation attempted\",\"data\":{\"ruleName\":\"testrule\",\"ruleId\":\"8168b43c-8e82-46ea-8d56-590a23dbc89f\",\"ownerId\":{\"id\":\"4ab7bdac-c306-47d4-9365-bdfcef3e8783\"}}}"
}

{
"date": "2024-07-02T04:53:17.170353Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-cec39fb2-2fd0-44bb-af42-0e9f8221290a\",\"ts\":\"2024-07-02T04:53:17Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"10.253.143.244\",\"type\":\"UPDATE_RLS_RULE\",\"desc\":\"RLS rule modification attempted\",\"data\":{\"ruleName\":\"Test RLS\",\"ruleId\":\"27e67d0f-d5e2-494c-9198-dc581a1a872b\",\"ownerId\":{\"id\":\"7740d593-2923-45fd-ae53-f1c69ee7b564\"}}}"
}

{
  "date": "2024-07-03T08:35:35.088210Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-5ae19b3b-4feb-4d52-a136-f8b1551d1bfa\",\"ts\":\"2024-07-03T08:35:35Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"10.253.143.244\",\"type\":\"DELETE_RLS_RULES\",\"desc\":\"RLS rules deletion attempted\",\"data\":{\"rlsRuleIds\":\"[\\\"8168b43c-8e82-46ea-8d56-590a23dbc89f\\\"]\"}}"
}

Answers🔗

Event Description

Event	Description
`CREATE_ANSWER`	A new answer creation was attempted. The logs may reflect the event and also the identification details of the created answer.
`UPDATE_ANSWERS`	Existing answers modification attempted. The logs may reflect the event and also the identification details of the edited answer.
`DELETE_ANSWERS`	Answers deletion attempted. The logs may reflect the event and also the identification details of the deleted answer.

CREATE_ANSWER

A new answer creation was attempted. The logs may reflect the event and also the identification details of the created answer.

UPDATE_ANSWERS

Existing answers modification attempted. The logs may reflect the event and also the identification details of the edited answer.

DELETE_ANSWERS

Answers deletion attempted. The logs may reflect the event and also the identification details of the deleted answer.

Example

[
   {
      "date":"2024-07-01T10:30:33.194487Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-8099d0ca-a266-47ce-ba9c-d1fd58ff9419\",\"ts\":\"2024-07-01T10:30:33Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"\",\"type\":\"CREATE_ANSWER\",\"desc\":\"New answer creation attempted\",\"data\":{\"answerName\":\"answertest\"}}"
   },
   {
      "date":"2024-07-03T06:55:55.982007Z",
      "log":"{\"version\":\"1.1\",\"id\":\"TS-9816ff72-9bda-4264-9d09-5829e04a140b\",\"ts\":\"2024-07-03T06:55:55Z\",\"orgId\":0,\"userGUID\":\"08f2fc08-11ec-4e14-9b17-37c498497424\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"UPDATE_ANSWERS\",\"desc\":\"Existing answers modification attempted\",\"data\":{\"answerName\":\"Total quantity purchased, Total sales by date\"}}"
   }
]

Liveboards🔗

Event Description

Event	Description
`CREATE_PINBOARD`	New Liveboard creation was attempted. The logs may reflect the event and show the Liveboard name among other details.
`UPDATE_PINBOARDS`	Existing Liveboard modifications were attempted. The log mays reflect the event and show the Liveboard name among other details.
`DELETE_PINBOARDS`	Existing Liveboard deletion attempted. The log show the event with the Liveboard name and other details.

CREATE_PINBOARD

New Liveboard creation was attempted. The logs may reflect the event and show the Liveboard name among other details.

UPDATE_PINBOARDS

Existing Liveboard modifications were attempted. The log mays reflect the event and show the Liveboard name among other details.

DELETE_PINBOARDS

Existing Liveboard deletion attempted. The log show the event with the Liveboard name and other details.

Example

{
"date": "2024-07-01T03:04:40.498420Z",
"log": "{\"version\":\"1.1\",\"id\":\"TS-491ac9ec-c83e-4333-8996-b267b76325a6\",\"ts\":\"2024-07-01T03:04:40Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"CREATE_PINBOARD\",\"desc\":\"New pinboard creation attempted\",\"data\":{\"pinboardName\":\"docstestlb\"}}"
}

{
  "date": "2024-07-01T09:42:51.001346Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-223125c8-b889-472c-9cd6-5654fb0c3409\",\"ts\":\"2024-07-01T09:42:50Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"\",\"type\":\"UPDATE_PINBOARDS\",\"desc\":\"Existing pinboards modification attempted\",\"data\":{\"pinboardName\":\"docstestlb\"}}"
}

{
  "date": "2024-07-01T10:26:12.876266Z",
  "log": "{\"version\":\"1.1\",\"id\":\"TS-7ccfdc7a-b042-41fb-a181-0d7b0c50aec8\",\"ts\":\"2024-07-01T10:26:12Z\",\"orgId\":0,\"userGUID\":\"08bf7af5-5d61-46d9-add4-6a20715371cd\",\"userName\":\"User1\",\"cIP\":\"127.0.0.1\",\"type\":\"DELETE_PINBOARDS\",\"desc\":\"Pinboards deletion attempted\",\"data\":{\"pinboardIds\":\"[\\\"f9ab90a9-b895-41f4-a244-8dce3f48d24a\\\"]\"}}"
}