Table: launchdarkly_audit_log - Query LaunchDarkly Audit Logs using SQL
LaunchDarkly Audit Logs are a feature within the LaunchDarkly service that track and log every change made to any resources within the platform. It provides detailed historical data about who made changes, what changes were made, and when those changes occurred. This feature is crucial for maintaining security, accountability, and understanding the evolution of resources over time.
Table Usage Guide
The launchdarkly_audit_log
table provides insights into the detailed history of changes made to any resources within the LaunchDarkly service. As a System Administrator or Security Specialist, explore change-specific details through this table, including who made the changes, what changes were made, and the timestamp of those changes. Utilize it to monitor resource management, identify potential security risks, and maintain accountability for changes made within the platform.
Examples
Basic info
Explore the audit logs to gain insights into various actions performed within your account, such as who made changes and when, to maintain security and accountability.Explore which changes have been made in your LaunchDarkly settings by identifying instances where the audit log has been updated. This allows you to monitor and review the configuration changes for better understanding and control over your feature flag management.
select name, id, account_id, audit_log_title, kind, datefrom launchdarkly_audit_log;
select name, id, account_id, audit_log_title, kind, datefrom launchdarkly_audit_log;
List the most recent actions for the account
Assess the most recent activities within an account to understand the actions taken and by whom. This can provide valuable insights into user behavior and activity trends.Discover the latest activities related to your account, such as who performed them and when. This is useful to monitor account activity and track recent changes.
select date, audit_log_title, (member ->> 'firstName') || ' ' || (member ->> 'lastName') as actor_display_name, name, title_verbfrom launchdarkly_audit_logorder by date desclimit 10;
select date, audit_log_title, json_extract(member, '$.firstName') || ' ' || json_extract(member, '$.lastName') as actor_display_name, name, title_verbfrom launchdarkly_audit_logorder by date desclimit 10;
List the most common actors
Discover the most frequently occurring individuals in your audit logs to identify who is making the most changes. This can be useful for understanding user behavior, ensuring compliance, and identifying potential security risks.Gain insights into the most frequently appearing actors within a specific account. This is useful for identifying the most active members and understanding user behavior within the account.
select account_id, name, (member ->> 'firstName') || ' ' || (member ->> 'lastName') as actor_display_name, count(*)from launchdarkly_audit_loggroup by account_id, actor_display_name, nameorder by count desc;
select account_id, name, (json_extract(member, '$.firstName')) || ' ' || (json_extract(member, '$.lastName')) as actor_display_name, count(*)from launchdarkly_audit_loggroup by account_id, actor_display_name, nameorder by count(*) desc;
List out the most common actions
Gain insights into the most frequently occurring actions within your audit log to better understand user behavior and system usage.Explore which actions are most commonly performed in your system. This insight can be used to understand user behavior and optimize system design for better efficiency.
select title_verb, name, count(*)from launchdarkly_audit_loggroup by title_verb, nameorder by count desc;
select title_verb, name, count(*)from launchdarkly_audit_loggroup by title_verb, nameorder by count(*) desc;
Find all project creation events
Discover the instances where new projects were initiated. This query is useful to track the creation of new projects, providing insights into who initiated them and when, which can aid in project management and accountability.Determine the instances where new projects were initiated. This allows you to track project creation activities, providing valuable insights into team productivity and workflow patterns.
select name, id, date, (member ->> 'firstName') || ' ' || (member ->> 'lastName') as actor_display_name, audit_log_title, name, title_verbfrom launchdarkly_audit_log, jsonb_array_elements(accesses) as awhere a ->> 'action' = 'createProject'order by date desc;
select name, id, date, (json_extract(member, '$.firstName')) || ' ' || (json_extract(member, '$.lastName')) as actor_display_name, audit_log_title, name, title_verbfrom launchdarkly_audit_log, json_each(accesses) as awhere json_extract(a.value, '$.action') = 'createProject'order by date desc;
List events that occurred over the last five minutes
Explore recent activity by identifying events that have transpired in the last five minutes. This is particularly useful for real-time monitoring and immediate response to changes or anomalies.Explore recent activities by listing events that happened in the last five minutes. This can help in real-time monitoring and quick response to changes or issues.
select audit_log_title, name, id, datefrom launchdarkly_audit_logwhere name = 'audit-log-name' and date >= now() - interval '5 minutes';
select audit_log_title, name, id, datefrom launchdarkly_audit_logwhere name = 'audit-log-name' and date >= datetime('now', '-5 minutes');
List ordered events that occurred between five to ten minutes ago
Explore events that happened within a specific time frame in the recent past. This is particularly useful for tracking changes and identifying any anomalies or unexpected activity within that period.Explore the sequence of events that took place within a specific timeframe in the past. This is particularly useful for tracking changes or incidents that occurred between five to ten minutes ago, allowing for timely response and action.
select name, audit_log_title, id, datefrom launchdarkly_audit_logwhere name = 'audit-log-name' and date between (now() - interval '10 minutes') and (now() - interval '5 minutes')order by date asc;
select name, audit_log_title, id, datefrom launchdarkly_audit_logwhere name = 'audit-log-name' and date between (datetime('now', '-10 minutes')) and (datetime('now', '-5 minutes'))order by date asc;
Schema for launchdarkly_audit_log
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
accesses | jsonb | Details on the actions performed and resources acted on in this audit log entry. | |
account_id | text | A unique identifier of the member of the organization. | |
app | jsonb | Authorized app data representation. | |
audit_log_title | text | A description of what occurred, in the 'format member' 'titleVerb' 'target'. | |
comment | text | Optional comment for the audit log entry. | |
date | timestamp with time zone | >, >=, =, <, <= | Date of the audit log. |
description | text | Description of the change recorded in the audit log entry. | |
id | text | = | The ID of the audit log entry. |
kind | text | Type of resource. | |
member | jsonb | Summary of the member like email, first name, last name etc. | |
name | text | The name of the resource this audit log entry refers to. | |
parent | jsonb | Parent resource representation. | |
query | text | = | Text to search for. You can search for the full or partial name of the resource, or full or partial email address of the member who made a change. |
short_description | text | Shorter version of the change recorded in the audit log entry. | |
spec | text | = | A resource specifier that lets you filter audit log listings by resource. |
subject | jsonb | A pointer to a SubjectDataRep object containing additional data about the subject related to this audit log entry. It is optional and may be omitted. | |
target | jsonb | Target resource representation. | |
title | text | Title of the resource. | |
title_verb | text | The action and resource recorded in this audit log entry. | |
token | jsonb | Access token data representation. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- launchdarkly
You can pass the configuration to the command with the --config
argument:
steampipe_export_launchdarkly --config '<your_config>' launchdarkly_audit_log