A newer version of this documentation is available.

View Latest

Audit File Details

    Couchbase Server captures audit details in specified audit fields.

    Audit Fields

    The table below lists frequently used audit fields, with corresponding descriptions. Note that different event-types generate different field-subsets.

    Field Type Description



    The unique identifier for the event. For example, 20480, 8192, 28672.



    The name of the event. For example, "login success", "User was deleted", "A N1QL UPSERT statement was executed".



    A description for the event. For example, "Unsuccessful attempt to login to couchbase cluster", "Node was removed from the cluster", "Bucket was created".



    Whether the event is filterable. Can be true or false.



    Contains key-value pairs that are mandatory for all events. These include the "timestamp" for the event (for example, "2020-01-29T08:02:07.476-08:00": see http://www.w3.org/TR/NOTE-datetime), and the "user".