Audit events
Audit events allow administrators to monitor the actions performed by all the users in the data.world application through the UI or while using API. The audit log reporting functionality enhances the accountability of actions in the application. Administrators can track the actions taken by users in the application and find the root cause of issues by identifying the resources on which the action was performed and who performed the action.
Event types that are tracked include:
Resource creation
Resource deletion
Metadata edits
Suggest change events, such as change suggested, change rejected, change accepted, suggestion canceled.
Audit events are captured for the following resources:
All metadata catalog resources including but not limited to:
Collections
Database resources such as tables and columns
Analysis resources such as dashboards
Business glossary items
All custom resources defined in your metadata profile
Datasets (Note that events are not captured for adding or removing files from datasets)
Projects (Note that events are not captured for adding or removing Project Files, Project queries, Project Insights)
The audit events information is stored in three tables.
audit_events
audit_events_with_changes
query_audit
How can you use the audit events data?
Reconstruct the chronology of changes to catalog resources within your catalog. This can be useful for determining how often resources are added, removed, or updated in the catalog. Additionally, the audit event data can be used to rollback changes to a previous value in cases an undesirable change was applied.
You can also use the events data to understand how often, when, and by whom changes to catalog resources are suggested, what changes are proposed, and whether those suggestions are approved, rejected, or canceled.
audit_events table
This table captures all parent events, for example, when the resource was created, updated, or deleted.
Column | Description |
|---|---|
AGENTID | The user responsible for triggering the event. |
ENVIRONMENT | The data.world environment where the event occurred. |
EVENT_DATE_UTC | The date when the event was generated. |
EVENT_TIMESTAMP_UTC | The timestamp when the event was generated. |
EVENT_TYPE | The type of event, for example, resource.create, resource.delete, suggestion.create. |
ID | Unique identifier for the event. |
ORG | The data.world organization to which this event applies. |
PREDICATES | An array of predicates to which this event applies. |
SITEID | Unique data.world site ID associated with this event. |
SOURCE | Whether the event was generated by interacting with the UI or via the API. Note that changes made through the base layer are not captured. |
SUGGESTION_APPROVER | The organization who can approve the suggested changes. |
SUGGESTION_COMPLETEDBY | The principal who approved or rejected the suggested change. |
SUGGESTION_ID | Unique identifier for the suggestion object. |
SUGGESTION_REQUESTOR | The principal requesting that a change should be considered. |
TARGET_RESOURCE | The resource IRI of the resource impacted by this event. |
TYPE_IRIS | An array of associated semantic types for the target resource, that is, https://dwec.data.world/v0/Catalog |
Useful queries
Count of all resources created on a specified date.
Sample query
SELECT COUNT(audit_events.id) AS new_resources_cnt FROM audit_events WHERE audit_events.event_type = 'resource.create' AND audit_events.event_date_utc = DATE_PARSE('2023-04-11', 'yyyy-MM-dd')Find all activities for a particular target resource ordered from newest to oldest (UTC timestamp).
Sample query
SELECT * FROM audit_events WHERE audit_events.target_resource = '{some target resource URI}' ORDER BY audit_events.event_timestamp_utc DESCFind suggestion requester, approvers, and target resources for all suggestions that occurred on a particular date and ordered by resource and requester.
Sample query
SELECT audit_events.suggestion_requestor ,audit_events.suggestion_approver ,audit_events.target_resource FROM audit_events WHERE audit_events.event_type = 'suggestion.create' AND audit_events.event_date_utc = DATE_PARSE('2023-04-07','yyyy-MM-dd') ORDER BY audit_events.target_resource, audit_events.suggestion_requestor
audit_events_with_changes table
This table captures how often, when, and by whom changes to catalog resources are suggested, what changes are proposed, and whether those suggestions are approved, rejected, or canceled.
Column | Description |
|---|---|
ACTION | The action performed in an event. For example, add, remove, etc. |
AGENTID | The user responsible for triggering the event. |
CHANGESET_DATE_UTC | Date of the event in the format yyyy-mm-dd |
CHANGESET_EVENT_ID | The event ID for the detailed child event. |
CHANGESET_PREDICATE | The target predicate or context for the change or event. |
CHANGESET_TIMESTAMP_UTC | Timestamp of the event in the format yyyy-mm-dd HH:MM:SS |
CHANGE_SEQUENCE_NO | Sequence order in which the child events were generated for a given parent event. |
CHANGE_TYPE | The type of the child event. For example, changeset.applied, suggestion.propose, suggestion.reject, etc. |
CURRENT_VALUE | The value of the Updated field prior to applying the change event. CURRENT_VALUE is populated on events with EVENT_TYPE like suggestion. |
DATA_TYPE | The data type of the field that was modified. |
ENVIRONMENT | The data.world environment where the event occurred. |
EVENT_DATE_UTC | The date when the parent event was generated. |
EVENT_ID | The unique identifier for the parent event. |
EVENT_TIMESTAMP_UTC | The timestamp when the parent event was generated. |
EVENT_TYPE | The type of the parent event. For example, resource.create, resource.delete, suggestion.create, etc. |
FIELD_TYPE | The type of the field that was modified, that is, literal or uri |
LANGUAGE | When provided, describes the language tag associated with the field being updated. For example, en=english, sp=spanish, etc. |
ORG | The data.world organization to which this event applies. |
PREDICATES | For a given parent ID, an array of predicates to which this event applies. |
SITEID | Unique data.world site ID associated with this event. |
SOURCE | Whether the event was generated by interacting with the UI or via the API. |
TARGET_RESOURCE | The resource IRI of the resource impacted by this event. |
TYPE_IRIS | An array of associated semantic types for the target resource, i.e. https://dwec.data.world/v0/Catalog |
VALUE | The value of the Updated field after the event was generated. |
Useful queries
Find all change details for a particular target resource ordered from newest to oldest and by change sequence. Note that the change sequence captures the order in which an action occurs (for example, add or remove some value)
Sample query
SELECT * FROM audit_events_with_changes ac WHERE ac.target_resource = '{some target resource URI}' ORDER BY ac.changeset_timestamp_utc DESC, ac.change_sequence_no ASCFind the proposed suggestions details for a particular date and ordered by target resource.
Sample query
SELECT * FROM audit_events_with_changes ac WHERE ac.event_type = 'suggestion.create' AND ac.change_type = 'propose' AND ac.event_date_utc = DATE_PARSE('2023-04-12','yyyy-MM-dd') ORDER BY ac.target_resourceFind approved suggestions details for a particular target resource and predicate, ordered by timestamp descending and change sequence ascending.
Sample query
SELECT * FROM audit_events_with_changes ac WHERE ac.event_type = 'suggestion.approve' AND ac.change_type = 'approve' AND ac.changeset_predicate = '{some predicate URI}' AND ac.target_resource = '{some resource URI}' ORDER BY ac.changeset_timestamp_utc DESC, ac.change_sequence_no ASC
query_audit table
Captures information about the queries run on the data.world platform. It includes details such as the text of the query, the user who executed it, the time it was run, and the type of query. Each row represents a distinct step in the query’s lifecycle, from query start to execution to completion.
Column | Description |
|---|---|
ACTION | The type of query event this is (start, end, prepare etc.) |
CUSTOMER | The customer associated with the query event. |
ENVIRONMENT | data.world environment that the query was run in. |
EVENTID | Unique identifier for the log event itself. |
ORIGINATION | The part of the platform (API, query UI, preview, etc) that triggered the query. |
OWNER | The user or org that owns this query. |
QUERYRUNAGENTID | Unique identifier for the user that executed a specific query event. |
QUERYRUNTOKEN | Unique identifier representing each distinct query run on the platform. |
QUERYTEXT | Stores the text of the query executed on the data.world platform. |
QUERYTYPE | Indicates the type of the specific query executed on the platform. |
RAW | The raw JSON comprising the query event log. |
REQUESTMARKER | Unique hash ID representing the request marker associated with the query event. |
RESOURCEID | The `agentid/[dataset or project]` combo that provides the context for the query. |
SITEID | Unique identifier of the data.world instance where the query event occurred. |
TARGETQUERYTEXT | The query text passed to an external target for queries that reference virtulized files. |
TOTALQUERYTIME | Time duration in milliseconds for full life-cycle of a specific query. |
TOTALRESULTCOUNT | Indicates the total count of results obtained from a data query. |
TS | Timestamp in UTC. |
aice_kt_consumption_events_audit
This table captures Knowledge Token (KT) usage events triggered by agents operating across various organizations. It includes detailed metadata such as the context of the agent run, datasets accessed, user identifiers, and granular KT usage metrics including Catalog Agent activity and Archie enrichment interactions. This model supports auditing, monitoring, and billing analyses for platform-wide KT activity.
Column Name | Description |
|---|---|
AGENT_RUN_TOKEN | Unique identifier for the agent run. |
ORG | Name of the organization associated with the event. |
DATASET | The dataset accessed during the run. |
AGENT_NAME | Human-readable name of the agent. |
AGENTID | Unique identifier for the data.world user who initiated or was associated with the event. |
CONTEXT | Specific agent context or function being executed (for example, list-collection-use-cases). |
BULK_OPERATION | Indicates whether the run was part of a bulk operation. |
RUN_DATE | The calendar date when the agent run occurred. |
START_TIME | Timestamp for when the agent run started. |
DURATION | The duration of the agent run, in seconds. |
RELATIONSHIPS | Number of relationships involved in the operation. |
ATTRIBUTES | Number of attributes processed during the operation. |
CONCEPTS | Number of concepts included in the agent run. |
QUESTION | Prompt or query submitted by the user during the run. |
EXCEPTION | Any error or exception message encountered during execution. |
SPEND | Signifies if the run is or eligible to be calculated as billable and added to the KT Spend total. |
KT_BULK_DATA_ANALYST_AGENT | Knowledge Token (KT) usage by Bulk Data Analyst Agent (used for billing purposes). |
KT_STANDARD_DATA_ANALYST_AGENT | Knowledge Token (KT) usage by Standard Data Analyst Agent (billing unit). |
KT_CATALOG_AGENT | Knowledge Token (KT) usage incurred by Catalog Agent operations. |
KT_BULK_ARCHIE_ENRICH | Knowledge Token (KT) usage for Archie enrichment tasks (e.g., metadata processing, enrichment pipelines). |
KT_SPEND | Calculated spend in Knowledge Token (KT) billing units, aggregated per agent run. |
Useful queries
Find the number of consumption events grouped by AI agent and organization, ordered by most active agents (highest run count) to least, to identify adoption patterns and high-usage combinations of agent and org.
Sample query
SELECT agentid , org , count(*) AS n_runs_by_agentid FROM aice_kt_consumption_events_audit GROUP BY org, agentid ORDER BY n_runs_by_agentid DESC;This query breaks down the usage of two specific AI capabilities—kt_bulk_archie_enrich and kt_bulk_data_analyst_agent—at the agent level. It shows how many times each agent was used to perform tasks related to data enrichment and data analysis, respectively.
Sample query
SELECT agentid , SUM(CASE WHEN kt_bulk_archie_enrich > 0 THEN 1 ELSE 0 END) AS n_archie_kt_runs , SUM(CASE WHEN kt_bulk_data_analyst_agent > 0 THEN 1 ELSE 0 END) AS n_aice_kt_runs FROM aice_kt_consumption_events_audit GROUP BY agentid;