Reviewing Audit Logs
This documentation covers Audit Logs, including what they are, what parts of the platform they cover, and how to access them.
Prerequisites
- An existing Snorkel Flow deployment, with access to notebook server
- Administrative access to the Snorkel Flow deployment
What are audit logs?
Audit logs are a way of seeing which user has made what actions in the platform. Specific actions and their metadata are logged in the platform, including what type of action was taken, when the action was taken, who took the action, and any relevant information about the action, such as which object or objects were deleted, created, or modified.
What do audit logs encompass?
Currently, the following resource actions in the platform have auditable events.
Application-related
- Annotation Create/Commit/Transfer/Delete
- Application Create/Update/Delete
- Batch Create/Update/Delete
- Dataset Create/Delete
- Datasource Create/Delete
- LF Create/Delete
- Training Set Create/Update/Delete
User-related
- User Create/Update/Delete
- User Role Assignment/Removal
- User Role Creation
- User API Keys Create/Delete
- User Login
- Workspace Create/Update
Miscellaneous
- External LLM Config Create
- Custom PIP install
How do I access audit logs?
You can access audit logs by calling our /audit-logs endpoint via our SDK. Here's a sample code to run it inside a notebook. Note that this will only work if you are a SuperAdmin.
# Inside Snorkel Flow notebook server
import snorkelflow.client_v3 as sf
# Configure client context for Snorkel Flow instance
ctx = sf.SnorkelFlowContext.from_kwargs()
resp = ctx.tdm_client.get('/audit-logs?limit=100')
print(resp)
This will return a JSON formatted list of values. An example of this is show below.
[
{
"event_id": 1,
"event_time": "2021-08-17T20:51:47.268843",
"event_name": "api_key",
"event_type": "create",
"event_details": {
"censored_key": "************************************************************E4YO"
},
"user_uid": 2
}
]
The meaning of these fields is as follows:
- event_id: A unique ID of each event that has occurred on the platform.
- event_time: The time the event took place.
- event_name: The name of the type of event. Usually this points to the resource it's related to (e.g. lf, application, workspace, user)
- event_type: The type of event that has occurred. (e.g. create/read/update/delete).
- event_details: A JSON object that is unique for each event type. Information in this field is only relevant for the specific event_name, and event_type. (e.g. for a login event, you will have {'user_uid': 22, 'username': 'john_wick'})
- user_uid: The uid of the user who took the action.