Skip to main content

Audit logs

Use audit logs to track and understand activity within your team. Audit logs sync to your bucket store every 10 minutes. Optionally, download your audit logs and view them with your preferred tool, such as Pandas, BigQuery, and more.


This feature is currently in Private Preview.

Audit log schemaโ€‹

The following table lists all the different keys that might be present in your audit logs. Each log contains only the assets relevant to the corresponding action, and others are omitted from the log.

timestampTime stamp in RFC3339 format. For example: 2023-01-23T12:34:56Z, represents 12:34:56 UTC time on Jan 23, 2023.
actionWhat action did the user take.
actor_user_idIf present, ID of the logged-in user who performed the action.
response_codeHttp response code for the action.
artifact_assetIf present, action was taken on this artifact id
artifact_sequence_assetIf present, action was taken on this artifact sequence id
entity_assetIf present, action was taken on this entity or team id.
project_assetIf present, action was taken on this project id.
report_assetIf present, action was taken on this report id.
user_assetIf present, action was taken on this user asset.
cli_versionIf the action is taken via python SDK, this will contain the version
actor_ipIP address of the logged-in user.
actor_emailif present, action was taken on this actor email.
artifact_digestif present, action was taken on this artifact digest.
artifact_qualified_nameif present, action was taken on this artifact.
entity_nameif present, action was taken on this entity or team name.
project_nameif present, action was taken on this project name.
report_nameif present, action was taken on this report name.
user_emailif present, action was taken on this user email.

Personally identifiable information (PII) like email ids, project, team and report names are returned only by the endpoint, and can be turned off as described below.

View audit logsโ€‹

To view the audit logs for your W&B server instance, follow these steps:

  1. Admin users can go to <wandb-server-url>/admin/audit_logs
  2. Pass in the following URL parameters:
    • numDays : logs will be fetch starting from today - numdays to most recent; defaults to 0
    • anonymize : if set to true, remove any PII; defaults to false

Note that only W&B server admins are allowed to request this information. If you are not an admin you will an authentication error. The response contains new-line separated JSON objects. Objects will have fields described in the schema.

All historical audit logs are stored in the storage bucket that backs your W&B Server installation. One file is uploaded per day. The files contain new-line separated JSON objects. These logs have the same format as the ones returned by the end points, except that they do not contain any PII for security reasons.

To view your historical audit logs, complete the following steps:

  1. Navigate to your /wandb-audit-logs directory in your bucket.
  2. Download the files for the period you are interested in.


The following table describes possible actions that can be recorded by W&B:

artifact:createArtifact is created.
artifact:deleteArtifact is deleted.
artifact:readArtifact is read.
project:deleteProject is deleted.
project:readProject is read.
report:readReport is read.
run:deleteRun is deleted.
run:delete_manyRuns are deleted in batch.
run:update_manyRuns are updated in batch.
run:stopRun is stopped.
run:undelete_manyRuns are brought back from trash in batch.
run:updateRun is updated.
sweep:create_agentSweep agent is created.
team:invite_userUser is invited to team.
team:create_service_accountService account is created for the team.
team:createTeam is created.
team:uninviteUser or service account is uninvited from team.
team:deleteTeam is deleted.
user:createUser is created.
user:delete_api_keyAPI key for the user is deleted.
user:deactivateUser is deactivated.
user:create_api_keyAPI key for the user is created.
user:permanently_deleteUser is permanently deleted.
user:reactivateUser is reactivated.
user:updateUser is updated.
user:readUser profile is read.
user:loginUser logs in.
user:initiate_loginUser initiates log in.
user:logoutUser logs out.
Was this page helpful?๐Ÿ‘๐Ÿ‘Ž