This page shows you how to use Cloud Logging to view audit logs that your App Hub operations write. App Hub generates audit logs for the following operations:
- Admin activity: Operations that modify the configuration or metadata of a resource.
- Data access: Operations that read configuration, metadata, or user-provided data.
For a complete list of all audited operations from App Hub and their corresponding permissions, see App Hub audit logs.
View App Hub audit logs
To view audit logs from App Hub, do the following:
-
In the Google Cloud console, go to the Logs Explorer page:
If you use the search bar to find this page, then select the result whose subheading is Logging.
From the project picker of the Google Cloud console, select the App Hub host project or management project.
In the Query field, enter the following query to see all App Hub audit logs:
protoPayload.serviceName="apphub.googleapis.com"Click Run query.
The Query results pane shows the latest audit logs for App Hub. The next section of this page lists sample queries that you can use in the Logs Explorer.
For more information about how to build queries, see Build and save queries by using the Logging query language.
Sample queries for App Hub
Use the following queries to find specific audit log events for common App Hub scenarios.
| Query description | Expression |
|---|---|
| Find out who created or deleted an application |
|
| Review the registration of services to an application |
protoPayload.serviceName="apphub.googleapis.com" protoPayload.methodName="google.cloud.apphub.v1.AppHub.CreateService" resource.labels.application_id="APPLICATION_ID" Replace APPLICATION_ID with the ID of your application. |
| Monitor changes to service project attachments |
|
What's next
- Learn more about enabling Data Access audit logs
- Review App Hub audit logs
- Build and save queries by using the Logging query language