A newer version of this documentation is available.

View Latest

Audit File Details

Couchbase Server captures audit details in specified audit fields.

Audit Fields

The table below lists frequently used audit fields, with corresponding descriptions. Note that different event-types generate different field-subsets.

Field Type Description

"id"

Integer

The unique identifier for the event. For example, 20480, 8192, 28672.

"name"

String

The name of the event. For example, "login success", "User was deleted", "A N1QL UPSERT statement was executed".

"description"

String

A description for the event. For example, "Unsuccessful attempt to login to couchbase cluster", "Node was removed from the cluster", "Bucket was created".

"filtering_permitted"

Boolean

Whether the event is filterable. Can be true or false.

"mandatory_fields"

Object

Contains key-value pairs that are mandatory for all events. These include the "timestamp" for the event (for example, "2020-01-29T08:02:07.476-08:00": see http://www.w3.org/TR/NOTE-datetime), and the "user".