Audit logging

PreviousConnect to Cube NextIntegrations

Last updated 1 year ago

Audit logging

The Arcwise admin panel exposes a which shows relevant changes to warehouse connections, API integrations, user roles, and more. Audit logs can also be exported as a CSV.

Logged events

Here is a (non-complete) list of events currently logged by Arcwise:

Event / Action

Description

reindex_warehouse_all

Occurs nightly when Arcwise automatically re-indexes your warehouse. A failure event will be logged if any errors are encountered.

create_warehouse_connection update_warehouse_connection

Logged when a new warehouse connection is created or one is updated.

create_role delete_role edit_role

Logged when a new user is added, deleted, or their permissions are edited

create_token delete_token

Logged when a Personal Access Token is created or deleted by a user.

Accessing audit logs via API

Arcwise's audit logs can be accessed via API. First, you'll need an administrator to create an API key ("personal access token").

Obtaining a Personal Access Token

Click your email / initials at the top right and select "My profile".
Scroll down to the "Personal Access Tokens" section and click "+ Create"
At any time, you can click the delete button to permanently revoke a token, at which point it will immediately lose access to Arcwise.

Make an HTTP request to access the event logs

Set the Authorization header to Bearer: <your personal access token> to authenticate with this endpoint.
You can optionally pass in the following query parameters through the URL:

Parameter

Description

from_timestamp

A UNIX timestamp or ISO date/time string to specify the start time for retrieved event logs.

to_timestamp

A UNIX timestamp or ISO date/time string to specify the end time for retrieved event logs.

limit

An integer indicating the maximum number of logs to return. (Default: 1000)

The output will be a JSON list where each entry is an object with the following keys:

Key

Description

event

Name of the event (e.g. add_role, edit_role, delete_role)

message

A description of the event with more details. (may be null)

timestamp

The UNIX timestamp when the event took place.

severity

One of info, warning, or error.

user_id

The Arcwise user ID that initiated the event (may be null)

Example cURL API request/response

# Request
curl 'https://backend.arcwise.app/api/event_history?limit=1&from_timestamp=1700000000' \
  -H 'Authorization: Bearer 12345678-9012-3456-7890-123456789012' -X GET

# Response: 200 OK
[
  {
    "event": "create_token",
    "timestamp": 1706599957,
    "severity": "info",
    "message": "User 0000-1111-2222 created personal access token 3333-4444-5555",
    "user_id": "0000-1111-2222"
  }
]

PreviousConnect to Cube NextIntegrations

Last updated 1 year ago

The Arcwise admin panel exposes a which shows relevant changes to warehouse connections, API integrations, user roles, and more. Audit logs can also be exported as a CSV.

Logged events

Here is a (non-complete) list of events currently logged by Arcwise:

Event / Action

Description

reindex_warehouse_all

Occurs nightly when Arcwise automatically re-indexes your warehouse. A failure event will be logged if any errors are encountered.

create_warehouse_connection update_warehouse_connection

Logged when a new warehouse connection is created or one is updated.

create_role delete_role edit_role

Logged when a new user is added, deleted, or their permissions are edited

create_token delete_token

Logged when a Personal Access Token is created or deleted by a user.

Accessing audit logs via API

Arcwise's audit logs can be accessed via API. First, you'll need an administrator to create an API key ("personal access token").

Obtaining a Personal Access Token

Log into
Click your email / initials at the top right and select "My profile".
Scroll down to the "Personal Access Tokens" section and click "+ Create"
Provide a name for your token (e.g. "audit_logs") and hit "Save". Your new token should now appear in the table. Click the "copy" or "view" buttons to obtain your API token and save it to a secure location.
At any time, you can click the delete button to permanently revoke a token, at which point it will immediately lose access to Arcwise.

Make an HTTP request to access the event logs

Now, you can make a HTTP GET request to to obtain a JSON list of all log entries within a certain timeframe.

Set the Authorization header to Bearer: <your personal access token> to authenticate with this endpoint.
You can optionally pass in the following query parameters through the URL:

Parameter

Description

from_timestamp

A UNIX timestamp or ISO date/time string to specify the start time for retrieved event logs.

to_timestamp

A UNIX timestamp or ISO date/time string to specify the end time for retrieved event logs.

limit

An integer indicating the maximum number of logs to return. (Default: 1000)

The output will be a JSON list where each entry is an object with the following keys:

Key

Description

event

Name of the event (e.g. add_role, edit_role, delete_role)

message

A description of the event with more details. (may be null)

timestamp

The UNIX timestamp when the event took place.

severity

One of info, warning, or error.

user_id

The Arcwise user ID that initiated the event (may be null)

Example cURL API request/response

# Request
curl 'https://backend.arcwise.app/api/event_history?limit=1&from_timestamp=1700000000' \
  -H 'Authorization: Bearer 12345678-9012-3456-7890-123456789012' -X GET

# Response: 200 OK
[
  {
    "event": "create_token",
    "timestamp": 1706599957,
    "severity": "info",
    "message": "User 0000-1111-2222 created personal access token 3333-4444-5555",
    "user_id": "0000-1111-2222"
  }
]