Honeycomb Audit Logs | Honeycomb

Honeycomb Audit Logs

Note
This feature is available as part of the Honeycomb Enterprise plan.

Audit Logs in Honeycomb allow you to see who or what caused a change in specific resource configurations. Currently supported resources are:

  • User Logins (authentication and IP changes)
  • Derived Columns (Create, Update, Delete)
  • SLOs (Create, Update, Delete)
    • SLI expression updates
  • Triggers (Create, Update, Delete, and state changes to/from Triggered)
  • Query Results (Create)
  • API Keys (Create, Update, Disable)

Access Audit Logs 

Audit logs are only visible for team members with the Team Owner role.

Access the Audit Logs by:

  1. In the left navigation menu, select Account.
  2. Then, select Team settings.
  3. Team settings appears in the next screen.
  4. Select Audit among the existing Team settings tabs.

Export with Audit Logs 

In the Audit tab, select Download CSV to download your Audit Logs.

Available for download in a Comma Separated Values (CSV) file, Audit Logs include all available Audit data for your team.

For each entry, the CSV includes:

  • Who performed the action
  • What time the action was performed
  • What kind of action was performed
  • Whether or not the action succeeded or failed

The Audit Logs CSV file uses the following schema and definitions. Not all attributes are relevant and apply to each entry.

  • timestamp: Timestamp when the action was recorded by the system.
  • resource.type: Type of resource that the log is related to.
  • resource.action: Create, Update, or Delete. In the case of certain resources, can be a system event.
  • resource.id: Contains a unique identifier associated with the resource being modified if applicable.
  • environment.slug: Lists the slug (unique name) of the specific Honeycomb Environment associated with the entry if applicable.
  • dataset.slug: Lists the slug (unique name) of the specific Honeycomb Dataset associated with the entry if applicable.
  • changed_fields: For Create, Update, or Delete logs, this field lists what attributes of the resource changed.
  • user.id: Lists the user’s id if a log is the result of a user action. Value will be “System” if it is the result of an automated action.
  • user.email: Lists the user’s email address if a log is the result of a user action.
  • user.ip_address: IP address that generated the log (only available on User Login entries).
  • metadata: Other information about the event or change, if available.