Honeycomb Audit Logs
Audit Logs in Honeycomb allow you to see who or what caused a change in specific resource configurations.
Currently supported resources are:
- User Logins (authentication and IP changes)
- Derived Columns (Create, Update, Delete)
- Triggers (Create, Update, Delete, and state changes to/from Triggered)
Access Audit Logs
Audit logs are only visible for team members with the Team Owner role.
Access the Audit Logs by:
- In the left navigation menu, select Account.
- Then, select Team settings.
- Team settings appears in the next screen.
- Select Audit among the existing Team settings tabs.
Export with Audit Logs
In the Audit tab, select Download CSV to download your Audit Logs.
Available for download in a Comma Separated Values (CSV) file, Audit Logs include all available Audit data for your team.
For each entry, the CSV includes:
- Who performed the action
- What time the action was performed
- What kind of action was performed
- Whether or not the action succeeded or failed
The Audit Logs CSV file uses the following schema and definitions.
Not all attributes are relevant and apply to each entry.
- timestamp: Timestamp when the action was recorded by the system.
- resource.type: Type of resource that the log is related to.
- resource.action: Create, Update, or Delete. In the case of certain resources, can be a system event.
- resource.id: Contains a unique identifier associated with the resource being modified if applicable.
- environment.slug: Lists the slug (unique name) of the specific Honeycomb Environment associated with the entry if applicable.
- dataset.slug: Lists the slug (unique name) of the specific Honeycomb Dataset associated with the entry if applicable.
- changed_fields: For Create, Update, or Delete logs, this field lists what attributes of the resource changed.
- user.id: Lists the user’s id if a log is the result of a user action. Value will be “System” if it is the result of an automated action.
- user.email: Lists the user’s email address if a log is the result of a user action.
- user.ip_address: IP address that generated the log (only available on User Login entries).
- metadata: Other information about the event or change, if available.