audit_logs

Description

Exposes the audit log for all actions performed within the organization. Use this table for security auditing, compliance reporting, and change tracking. Requires USAGE privilege on the organization. Results are returned in chronological order. For large organizations, use WHERE event_ts > ... to filter by time range.

Syntax

SELECT * FROM deltastream.sys."audit_logs";

Columns

Column

Type

Nullable

Description

organization_id

VARCHAR

The unique identifier of the organization this resource belongs to.

object_type

VARCHAR

The type of resource the action was performed on, e.g. role, store, relation, query.

object_fqn

VARCHAR

The fully qualified name of the resource the action was performed on.

action_name

VARCHAR

Name of the action performed, e.g. created, updated, deleted.

action_description

VARCHAR

Human-readable description of the action.

actor_role

VARCHAR

The role that performed the action.

actor_role_deleted

BOOLEAN

Whether the actor role has since been deleted.

actor_user

VARCHAR

The user who performed the action.

event_ts

TIMESTAMP_LTZ

Timestamp when the action occurred.

Examples

$ dsql -e 'SELECT * FROM deltastream.sys."audit_logs";'
[{"organization_id":"00000000-0000-0000-0000-000000000001","object_type":"role","object_fqn":"okta_skim_provisioner","action_name":"created","action_description":"role okta_skim_provisioner created","actor_role":"orgadmin","actor_role_deleted":false,"actor_user":"User Name","event_ts":"2025-05-28T21:24:37.684Z"},{"organization_id":"00000000-0000-0000-0000-000000000001","object_type":"role","object_fqn":"okta_skim_provisioner","action_name":"updated","action_description":"ownership of role okta_skim_provisioner transferred to role orgadmin","actor_role":"orgadmin","actor_role_deleted":false,"actor_user":"User Name","event_ts":"2025-05-28T21:24:37.684Z"}]

Filter audit events by resource type:

SELECT object_fqn, action_name, actor_user, event_ts FROM deltastream.sys."audit_logs" WHERE object_type = 'store' ORDER BY event_ts DESC;

Filter audit events by actor:

SELECT object_type, object_fqn, action_name, event_ts FROM deltastream.sys."audit_logs" WHERE actor_user = '[email protected]' ORDER BY event_ts DESC;

hashtagDescription

hashtagSyntax

hashtagColumns

hashtagExamples

hashtagSee Also

Description

Syntax

Columns

Examples

See Also