Monitor users

Hi,

We do not have a reference of the audit log.

However, as a quick start, each JSON record in the audit log looks like:

{"severity":"INFO","logger":"dku.audit.generic","message":{"callPath":"/api/admin/logs/get-content","msgType":"admin-log-get","authSource":"USER_FROM_UI","clientIP":"127.0.0.1","name":"audit/audit.log","authUser":"admin","originalIP":"90.3.190.212"},"mdc":{"apiCall":"/api/admin/logs/get-content","user":"admin"},"callTime":2,"timestamp":"2020-04-19T04:39:40.340-0400"}

• You want to focus the ones where "logger" is "dku.audit.generic".

• Generally speaking, you can ignore "severity", "callTime", "mdc" and "message.callPath" which are fairly internal details

• Then, the most important pieces of information are:timestamp, message.authUser and message.msgType

These three items make up the "when", "who" and "what" of the activity. Then, depending on "msgType", you will have additional details within "message".

The granularity of audit event is very fine and each page view will trigger multiple audit events corresponding to the underlying API calls. You'll thus indeed want to focus on some specific audit events.

Most events will at least contain a "projectKey" element in message, and will contain information about the current object. For example, all dataset-related events will contain "datasetName" and so on.

Here are some "interesting" audit events "msgType"

• application-open: DSS was open in a browser tab
• login/logout: self-explanatory
• dataset-read-data-sample: A dataset's Explore was open
• flow-job-start / flow-job-done: A job was started/completed
• flow-object-build-start / flow-object-build-failed / flow-object-build-success: Within a job, a dataset was built
• scenario-run: A scenario was run manually
• scenario-fire-trigger: A scenario was run automatically