diff --git a/docs/cloud/integrations/log-streaming/datadog.mdx b/docs/cloud/integrations/log-streaming/datadog.mdx index 2b654439b..1d82a0d40 100644 --- a/docs/cloud/integrations/log-streaming/datadog.mdx +++ b/docs/cloud/integrations/log-streaming/datadog.mdx @@ -72,40 +72,22 @@ The log streaming configuration applies to your entire workspace. All logs match Logs are sent to Datadog with the following structure: -### User Activity Logs - -Each user activity log entry includes: - - `timestamp`: ISO 8601 timestamp of the event +- `log_type`: The type of log (`audit` for user activity logs, `system` for system logs) - `status`: Log level (`info` for successful actions, `error` for failed actions) -- `message`: Human-readable description of the action -- `service`: Service name (configurable, defaults to `elementary`) -- `source`: Source tag (configurable, defaults to `elementary-cloud`) -- `dd.tags`: Additional tags including: - - `log_type:audit` - - `action:` (e.g., `user_login`, `create_test`) - - `success:` - - `user_email:` - - `env_id:` (if applicable) - - `env_name:` (if applicable) -- Custom attributes from the event content (JSON parsed) - -### System Logs - -Each system log entry includes: - -- `timestamp`: ISO 8601 timestamp of the event -- `status`: Log level (`info` for successful operations, `error` for failed operations) -- `message`: Human-readable description of the system event - `service`: Service name (configurable, defaults to `elementary`) - `source`: Source tag (configurable, defaults to `elementary-cloud`) +- `event_name`: The specific action that was performed (e.g., `user_login`, `create_test`) +- `success`: Boolean indicating whether the action completed successfully +- `user_email`: User email address (only present in audit logs) +- `user_name`: User display name (only present in audit logs) +- `env_id`: Environment identifier (empty for account-level actions) +- `env_name`: Environment name (empty for account-level actions) +- `event_content`: Additional context-specific information as a JSON object - `dd.tags`: Additional tags including: - - `log_type:system` - - `action:` (e.g., `dbt_data_sync_completed`, `alerts_sent`) - - `success:` + - `log_type:` (e.g., `audit`, `system`) + - `event_name:` (e.g., `user_login`, `create_test`) - `env_id:` (if applicable) - - `env_name:` (if applicable) -- Custom attributes from the event content (JSON parsed) ## Viewing Logs in Datadog @@ -115,8 +97,8 @@ You can filter logs using: - `source:elementary-cloud` - All Elementary logs - `log_type:audit` - User activity logs only - `log_type:system` - System logs only -- `action:` - Specific action types -- `env_name:` - Logs from a specific environment +- `event_name:` - Specific action types +- `env_id:` - Logs from a specific environment - `success:false` - Failed operations only diff --git a/docs/cloud/integrations/log-streaming/gcs.mdx b/docs/cloud/integrations/log-streaming/gcs.mdx index da30cbfe9..39c6a82fb 100644 --- a/docs/cloud/integrations/log-streaming/gcs.mdx +++ b/docs/cloud/integrations/log-streaming/gcs.mdx @@ -121,16 +121,13 @@ Each user activity log entry includes: { "timestamp": "2024-01-15T14:30:45.123456Z", "log_type": "audit", - "action": "user_login", + "event_name": "user_login", "success": true, - "user": { - "id": "usr_abcdef1234567890", - "email": "john.doe@example.com", - "name": "John Doe" - }, + "user_email": "john.doe@example.com", + "user_name": "John Doe", "env_id": "env_7890123456abcdef", "env_name": "Production", - "data": { + "event_content": { "additional": "context" } } @@ -144,11 +141,11 @@ Each system log entry includes: { "timestamp": "2024-01-15T14:30:45.123456Z", "log_type": "system", - "action": "dbt_data_sync_completed", + "event_name": "dbt_data_sync_completed", "success": true, "env_id": "env_7890123456abcdef", "env_name": "Production", - "data": { + "event_content": { "environment_id": "env_789", "environment_name": "Production" } @@ -159,15 +156,13 @@ Each system log entry includes: - `timestamp`: ISO 8601 timestamp of the event (UTC) - `log_type`: Either `"audit"` for user activity logs or `"system"` for system logs -- `action`: The specific action that was performed (e.g., `user_login`, `create_test`, `dbt_data_sync_completed`) +- `event_name`: The specific action that was performed (e.g., `user_login`, `create_test`, `dbt_data_sync_completed`) - `success`: Boolean indicating whether the action completed successfully -- `user`: User information (only present in audit logs) - - `id`: User ID - - `email`: User email address - - `name`: User display name +- `user_email`: User email address (only present in audit logs) +- `user_name`: User display name (only present in audit logs) - `env_id`: Environment identifier (empty string for account-level actions) - `env_name`: Environment name (empty string for account-level actions) -- `data`: Additional context-specific information as a JSON object +- `event_content`: Additional context-specific information as a JSON object
diff --git a/docs/cloud/integrations/log-streaming/splunk.mdx b/docs/cloud/integrations/log-streaming/splunk.mdx index 641826f99..1c353c6ea 100644 --- a/docs/cloud/integrations/log-streaming/splunk.mdx +++ b/docs/cloud/integrations/log-streaming/splunk.mdx @@ -81,16 +81,13 @@ Each user activity log entry includes: { "timestamp": "2024-01-15T14:30:45.123456Z", "log_type": "audit", - "action": "user_login", + "event_name": "user_login", "success": true, - "user": { - "id": "usr_abcdef1234567890", - "email": "john.doe@example.com", - "name": "John Doe" - }, + "user_email": "john.doe@example.com", + "user_name": "John Doe", "env_id": "env_7890123456abcdef", "env_name": "Production", - "data": { + "event_content": { "additional": "context" } } @@ -104,11 +101,11 @@ Each system log entry includes: { "timestamp": "2024-01-15T14:30:45.123456Z", "log_type": "system", - "action": "dbt_data_sync_completed", + "event_name": "dbt_data_sync_completed", "success": true, "env_id": "env_7890123456abcdef", "env_name": "Production", - "data": { + "event_content": { "environment_id": "env_789", "environment_name": "Production" } @@ -119,15 +116,13 @@ Each system log entry includes: - `timestamp`: ISO 8601 timestamp of the event (UTC) - `log_type`: Either `"audit"` for user activity logs or `"system"` for system logs -- `action`: The specific action that was performed (e.g., `user_login`, `create_test`, `dbt_data_sync_completed`) +- `event_name`: The specific action that was performed (e.g., `user_login`, `create_test`, `dbt_data_sync_completed`) - `success`: Boolean indicating whether the action completed successfully -- `user`: User information (only present in audit logs) - - `id`: User ID - - `email`: User email address - - `name`: User display name -- `env_id`: Environment identifier (empty string for account-level actions) -- `env_name`: Environment name (empty string for account-level actions) -- `data`: Additional context-specific information as a JSON object +- `user_email`: User email address +- `user_name`: User display name +- `env_id`: Environment identifier (empty for account-level actions) +- `env_name`: Environment name (empty for account-level actions) +- `event_content`: Additional context-specific information as a JSON object
@@ -154,8 +149,8 @@ source="elementary-cloud" log_type="audit" source="elementary-cloud" log_type="system" # Search for specific actions -source="elementary-cloud" action="user_login" -source="elementary-cloud" action="dbt_data_sync_completed" +source="elementary-cloud" event_name="user_login" +source="elementary-cloud" event_name="dbt_data_sync_completed" # Filter by environment source="elementary-cloud" env_name="Production" @@ -164,7 +159,7 @@ source="elementary-cloud" env_name="Production" source="elementary-cloud" success=false # Search by user email -source="elementary-cloud" user.email="john.doe@example.com" +source="elementary-cloud" user_email="john.doe@example.com" ``` ## Disabling Log Streaming