To review actions performed by people in your organization, dbt provides logs of audited user and system events in real time. The audit log appears as events happen and includes details such as who performed the action, what the action was, and when it was performed. You can use these details to troubleshoot access issues, perform security audits, or analyze specific events.
note
Single-tenant deployment environments hosted on Microsoft Azure do not currently support audit logs. For more information, refer to Single tenant.
You must be an Account Admin to access the audit log and this feature is only available on Enterprise plans.
The dbt Cloud audit log stores all the events that occurred in your organization in real-time, including:
For events within 90 days, the dbt Cloud audit log has a selectable date range that lists events triggered.
For events beyond 90 days, Account Admins can export all events by using Export All.
On the audit log page, you will see a list of various events and their associated event data. Each of these events show the following information in dbt:
Event name: Action that was triggered
Agent: User who triggered that action/event
Timestamp: Local timestamp of when the event occurred
Click the event card to see the details about the activity that triggered the event. This view provides important details, including when it happened and what type of event was triggered. For example, if someone changes the settings for a job, you can use the event details to see which job was changed (type of event: v1.events.job_definition.Changed), by whom (person who triggered the event: actor), and when (time it was triggered: created_at_utc). For types of events and their descriptions, see Events in audit log.
The event details provides the key factors of an event:
Name
Description
account_id
Account ID of where the event occurred
actor
Actor that carried out the event - User or Service
actor_id
Unique ID of the actor
actor_ip
IP address of the actor
actor_name
Identifying name of the actor
created_at_utc
UTC timestamp on when the event occurred
event_type
Unique key identifying the event
id
Unique ID of the event
service
Service that carried out the action
source
Source of the event - dbt Cloud UI or API
v1.events.event_type
This key will be different for each event and will match the event_type. This data will include all the details about the object(s) that was changed.
The audit log supports various events for different objects in dbt Cloud. You will find events for authentication, environment, jobs, service tokens, groups, user, project, permissions, license, connection, repository, and credentials.
You can search the audit log to find a specific event or actor, which is limited to the ones listed in Events in audit log. The audit log successfully lists historical events spanning the last 90 days. You can search for an actor or event using the search bar, and then narrow your results using the time window.
You can use the audit log to export all historical audit results for security, compliance, and analysis purposes:
For events within 90 days — dbt Cloud will automatically display the 90 days selectable date range. Select Export Selection to download a CSV file of all the events that occurred in your organization within 90 days.
For events beyond 90 days — Select Export All. The Account Admin will receive an email link to download a CSV file of all the events that occurred in your organization.