Looker events

This page describes the events that Looker generates and how to view them.

Viewing events

Looker events are visible in the System Activity Event and Event Attribute Explores. You must be a Looker admin or have the see_system_activity permission to view the Event and Event Attribute Explores.

If you have enabled the System Activity Model Labs feature, you will see the list of System Activity Explores, including the Event and Event Attribute Explores, at the bottom of your Explore menu.

The Event Explore includes the Event view, which includes categories, created dates and times, and names of each event created.

The Event Attribute Explore includes both the Event view and the Event Attribute view. The Event Attribute view shows the name and value of each attribute related to an individual event.

Common event attributes

Each Looker-generated event includes a set of data about the event. These common attributes are:

Attribute Name Description
id Unique numeric identifier of the event
user_id Unique numeric ID of the user who triggered the event
name Name of the specific event that occurred, for example, create_dashboard
created Date and time, in UTC, that the event was created
category High-level category associated with the event, for example, dashboard
sudo_user_id Unique numeric ID of the actual user who is impersonating the user indicated by user_id
is_looker_employee Whether the user identified by user_id is a Looker employee
is_admin Whether the user identified by user_id is a Looker admin
is_api_call Whether the event was caused by an API call

List of event types

The following table lists several events that can be generated by a Looker server.

This list includes the name of the event, the action or situation that can trigger the generation of the event, and a list of attributes associated with each event.

Event Type Trigger Attributes
account_manually_unlocked A login lockout was removed for a user.
  • key: key of the user
  • user_id: ID of the user
    		•
    acquire_cookieless_embed_session A cookieless embed session was initiated. none
    activate_oauth_client_app_user A user was activated on an OAuth app client, usually by accepting the terms and permissions of the app.
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the activated user
    		•
    add_external_email_to_scheduled_task An email outside the organization domain was added to a scheduled task.
  • scheduled_task_id: ID of the scheduled task
  • external email: email that was added
    		•
    add_group_group A group was added as a member of another group.
  • parent_group_id: ID of the parent group
  • adding_group_id: ID of the added group
  • deleting_group_id: ID of the deleted group
    		•
    add_group_user A user was added to a group.
  • group_id: ID of the group
  • user_id: ID of the user
    		•
    add_user_to_scheduled_task A user was added to a scheduled task.
  • scheduled_task_id: ID of the scheduled task
  • user_id: ID of the added user
    		•
    alert_options_v0 A user selected the alert button on a dashboard tile.
  • duration: the time it took Looker to load the alert options for the dashboard tile, in seconds
  • success: whether Looker successfully loaded alert options for the dashboard tile
    		•
    async_query_execution A query was sent to a database (not retrieved from Looker cache).
  • eager_poll: Whether the query was initiated with eager polling. Eager polling is when Looker keeps the connection to the database open while the query runs, rather than waiting for the database to notify Looker that the query is complete. It improves performance for fast queries.
    		•
    copy_dashboard A dashboard was copied.
  • dashboard_id: ID of the dashboard
  • folder_id: ID of the destination folder
    		•
    create_alert A user created an alert.
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to create the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was created by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully created
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query
    		•
    create_color_collection A custom color collection was created.
  • collection_id: ID of the color connection
    		•
    create_connection A user created a connection.
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • dialect: database dialect used in the connection
  • name: name of the connection
    		•
    create_dashboard A new dashboard object was created.
  • dashboard_id: ID of the dashboard
    		•
    create_dashboard_element A dashboard tile was created on a dashboard.
  • dashboard_element_id: ID of the dashboard tile
    		•
    create_dashboard_filter A dashboard filter was created on a dashboard.
  • dashboard_filter_id: ID of the dashboard filter
    • create_dashboard_layout A dashboard layout was created.
  • dashboard_layout_id: ID of the dashboard layout
    		•
    create_dashboard_render_task A new task was created to render a dashboard to a document or an image.
  • render_task_id: ID of the render task
  • dashboard_id: ID of the dashboard to be rendered
  • lookml_dashboard: whether the dashboard is a LookML dashboard
  • target_type: resulting format of the rendered dashboard
    		•
    create_embed_token_url An embed URL was created.
  • prefix: The prefix of the URL
    		•
    create_embed_user An embedded user was created.
  • user_id: ID of the user
    		•
    create_git_deploy_key A deploy key was created for a LookML project.
  • project_id: ID of the project
    		•
    create_group A group was created.
  • group_id: ID of the group
    		•
    create_homepage_item A new curated homepage item was created.
  • has_title: whether the item has a title
  • has_text: whether the item has text
  • has_link: whether the item has a link
  • has_image: whether the item has an image
    		•
    create_homepage_section A new curated homepage section was created.
  • homepage_section_id: ID of the curated section
    		•
    create_look_prefetch A prefetch for a Look was created with the specified information.
  • look_id: ID of the Look that had a prefetch created
    		•
    create_look A Look was created or deleted.
  • look_id: ID of the Look
    		•
    create_look_render_task A new task was created to render a Look to an image.
  • render_task_id: ID of the render task
  • look_id: ID of the Look to be rendered
  • format: resulting image format
    		•
    create_oidc_test_config An OpenID Connect test configuration was created.
  • has_error: Whether the test configuration has any errors
    		•
    create_project A LookML project was created.
  • project_id: ID of the project
    		•
    create_project_file A new file was created in a project.
  • project: name of the project
  • file: the name of the newly created file
  • file_type: the type of file created (model, view, etc)
    • create_query_render_task A new task was created to render an existing query to an image.
  • render_task_id: ID of the render task
  • query_id: ID of the query to be rendered
  • format: resulting image format
    		•
    create_query A query was created.
  • query_id: ID of the new query
    		•
    create_role A new role was created.
  • role_id: ID of the new role
  • permission_set_id: ID of the role's permission set
  • model_set_id: ID of the role's model set
    		•
    create_saml_test_config A SAML test configuration was created.
  • has_error: whether the SAML config has an error
    		•
    create_scheduled_plan_destination A scheduled plan destination was created.
  • scheduled_plan_destination_id: ID of the created plan
    		•
    create_sso_url A signed embed URL was created.
  • secret_id: ID of the embed secret for this instance
  • nonce: Nonce value for this URL
    		•
    create_sql_query A SQL Runner query was created.
  • query_id: ID of the new query
    		•
    create_upload A CSV file for user-defined table generation/load was uploaded.
  • upload_id: ID of the uploaded data
    		•
    create_user_access_filter An access filter was created for the specified user.
  • for_user_id: ID of the user whose access filters were created
    		•
    create_user_attribute A user attribute was created.
  • label: Human-friendly label of the user attribute
  • name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
    		•
    create_user_credentials_api (Legacy) API login information was created for the specified user. This is for API Users used for the old query API.
  • for_user_id: ID of the user whose API credentials were created
    		•
    create_user_credentials_api3 API 3 login information was created for the specified user. This is for the newer API keys that can be added for any user.
  • for_user_id: ID of the user whose API 3 credentials were created
    		•
    create_user_credentials_email Email/password login information was created for the specified user.
  • for_user_id: ID of the user whose email credentials were created
    		•
    create_user_credentials_email_password_reset A password reset token was created.
  • for_user_id: ID of the user whose password reset token was created
    		•
    create_user_credentials_totp Two-factor login information was created for the specified user.
  • for_user_id: ID of the user whose TOTP credentials were created
    		•
    create_user A user was created with the specified information.
  • user_id: ID of the user whose account was created
  • reason: (optional) method used to create the user account. If reason is missing, an admin created the user account. Otherwise, the account was automatically created as a result of a user action like login, license_setup, marketplace_setup, or self_created.
  • type: (optional) credentials type for this user, especially if the user was auto-created at login
    		•
    dashboard.next.rendered A dashboard was rendered as a PDF.
  • dashboard_id: ID of the dashboard
  • load_session_id: unique hash ID of the load session
  • cache_count: number of dashboard queries that were pulled from cache
  • query_count: number of dashboard queries that were run on the database
  • ttr: time to run the dashboard, in milliseconds
    		•
    dashboard.run.data_received A dashboard received query results for one of its tiles.
  • load_session_id: unique hash ID of the dashboard load session
  • run_session_id: unique hash ID of the dashboard run session
  • query_task_id: ID of the query task that was run asynchronously for this dashboard
    		•
    dashboard.run.data_rendered A dashboard rendered a visualization for one of its tiles.
  • load_session_id: unique hash ID of the dashboard load session
  • run_session_id: unique hash ID of the dashboard run session
  • query_task_id: ID of the query task that was run asynchronously for this dashboard
  • vis_type: visualization type of the dashboard tile.
    		•
    dashboard.run.start A dashboard was run.
  • cache_run: whether the user selected Clear cache and refresh
  • load_session_id: unique hash ID of the load session
  • run_session_id: unique hash ID of the run session
    		•
    datagroup_trigger_changed A datagroup trigger was changed.
  • runtime: total time to run the trigger
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • name: name of the datagroup
    		•
    deactivate_oauth_client_app_user A user was deactived from an OAuth app client.
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the deactivated user
    		•
    delete_alert An alert was deleted from a dashboard tile.
  • duration: the time it took Looker to delete the alert, in seconds
  • success: whether Looker successfully deleted the alert
    		•
    delete_color_collection A custom color collection was deleted.
  • id: ID of the color collection
    		•
    delete_connection A user deleted a connection.
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • name: name of the connection
    		•
    delete_cookieless_embed_session A cookieless embed session was deleted.
  • session_reference_token: Reference token of the deleted session
    		•
    delete_dashboard A dashboard was permanently deleted.
  • dashboard_id: ID of the deleted dashboard
    		•
    delete_dashboard_element A dashboard tile was deleted from a dashboard.
  • dashboard_element_id: ID of the dashboard tile
    • delete_dashboard_filter A dashboard filter was deleted from a dashboard.
  • dashboard_filter_id: ID of the dashboard filter
    • delete_dashboard_layout A dashboard layout was deleted.
  • dashboard_layout_id: ID of the dashboard layout
    		•
    delete_group A group was deleted.
  • group_id: ID of the group
    		•
    delete_group_from_group A group was deleted as a member of another group.
  • parent_group_id: ID of the parent group
  • adding_group_id: ID of the added group
  • deleting_group_id: ID of the deleted group
    		•
    delete_group_user A user was removed from a group.
  • group_id: ID of the group
  • user_id: ID of the user who was removed from the group
    		•
    delete_homepage_item A homepage item was deleted.
  • homepage_item_id: ID of the deleted homepage item
    		•
    delete_homepage_section A homepage section was deleted.
  • homepage_section_id: ID of the deleted homepage section
    		•
    delete_look A Look was deleted.
  • look_id: ID of the deleted Look
    		•
    delete_model_set A model set was deleted.
  • model_set_id: ID of the deleted model set
    		•
    delete_oauth_client_app An OAuth app client was deleted.
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    		•
    delete_oidc_test_config An OpenID Connect test configuration was deleted. none
    delete_permission_set A permission set was deleted.
  • permission_set_id: ID of the deleted permission set
    		•
    delete_project_file A file was deleted in a project.
  • project: name of the project
  • file: the name of the deleted file
  • file_type: the type of file deleted (model, view, etc)
    		•
    delete_repository_credential The remote credentials for a LookML project were deleted.
  • root_project_id: ID of the project
  • remote_url: URL of the remote repository
  • credential_id: ID of the deleted credentials
    		•
    delete_role A role was deleted.
  • role_id: ID of the deleted role
    		•
    delete_saml_test_config A SAML test configuration was deleted. none
    delete_scheduled_plan_destination A scheduled plan destination was deleted. scheduled_plan_destination_id: ID of the deleted scheduled plan
    delete_space A folder was removed. none
    delete_upload An uploaded table with a specific ID was dropped.
  • upload_id: ID of the table
    		•
    delete_user_access_filter An access filter for the specified user was deleted.
  • for_user_id: ID of the user whose access filters were deleted
    		•
    delete_user_attribute A user attribute was deleted.
  • user_attribute_id: ID of the user attribute
    		•
    delete_user_attribute_group_value A user attribute value was removed from a group.
  • group_id: ID of the group
  • user_attribute_name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
    		•
    delete_user_attribute_user_value A user attribute value was deleted for a user.
  • user_attribute_name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
  • user_id: ID of the user
    		•
    delete_user_credentials_api (Legacy) API login information for the specified user was deleted. This is for API Users used for the old query API.
  • for_user_id: ID of the user whose API credentials were deleted
    		•
    delete_user_credentials_api3 API 3 login information for the specified user was deleted. This is for the newer API keys that can be added for any user.
  • for_user_id: ID of the user whose API 3 credentials were deleted
    		•
    delete_user_credentials_email Email/password login information for the specified user was deleted.
  • for_user_id: ID of the user whose email credentials were deleted
    		•
    delete_user_credentials_embed Embed login information for the specified user was deleted.
  • for_user_id: ID of the user whose Embed credentials were deleted
    		•
    delete_user_credentials_google Google authentication login information for the specified user was deleted.
  • for_user_id: ID of the user whose Google credentials were deleted
    		•
    delete_user_credentials_ldap LDAP login information for the specified user was deleted.
  • for_user_id: ID of the user whose LDAP credentials were deleted
    		•
    delete_user_credentials_looker_openid Looker OpenID login information for the specified user was deleted. Used by Looker analysts.
  • for_user_id: ID of the user whose Looker OpenID credentials were deleted
    		•
    delete_user_credentials_saml SAML authentication login information for the specified user was deleted.
  • for_user_id: ID of the user whose SAML credentials were deleted
    		•
    delete_user_credentials_totp Two-factor login information for the specified user was deleted.
  • for_user_id: ID of the user whose TOTP credentials were deleted
    • delete_user_session A web login session for the specified user was deleted.
  • for_user_id: ID of the user whose session was deleted
    		•
    delete_user A user was deleted.
  • user_id: ID of the user whose account was deleted
    		•
    deploy_to_production A user's dev branch was deployed to production.
  • project_id: ID of the project
  • success: Whether or not the deploy was successful
    		•
    deploy_ref_to_production A Git branch or reference was deployed to production.
  • project: ID of the project
  • used_branch: Branch that was deployed to production
  • used_ref: Reference that was deployed to production
  • successful: Whether or not the deploy was successful
    		•
    detect_alert_drift Before running an alert, Looker checks to see if the underlying dashboard tile has changed.
  • alert_condition_base_query_id: The query ID of the dashboard tile. Usually matches dashboard_element_query_id
  • alert_condition_condition_query_id: The query ID of the alert condition
  • alert_condition_id: The ID of the alert condition. Usually matches the alert_id
  • alert_id: The unique ID of the alert
  • dashboard_element_id: The dashboard element ID of the underlying dashboard tile
  • dashboard_element_query_id: The query ID of the dashboard tile
  • dashboard_type: The type of dashboard (user defined dashboard or LookML dashboard)
  • suspected_reason: The change to the dashboard element. If no changes are detected, the value will be no_drift
  • sync_classification: A detailed list of all changes made to the dashboard element
  • sync_type: Whether the change to the dashboard element is likely to cause disruption to the alert. If no changes are detected, the value will be null
    		•
    disable_oidc_config OpenID Connect authentication was disabled for the instance. none
    disable_saml_config SAML authentication was disabled for the instance. none
    disable_user A user account was disabled.
  • user_id: ID of the user whose account was disabled
    		•
    embed_cookieless_v2 Cookieless embed was toggled on or off.
  • embed_cookieless_v2: whether cookieless embed was enabled or disabled
    		•
    enable_oidc_config OpenID Connect authentication was enabled for the instance. none
    enable_saml_config SAML authentication was enabled for the instance. none

    | enable_user | A user account was enabled. |

  • user_id: ID of the user whose account was enabled
    • | | enter_sudo | A user entered sudo (impersonation) as another user in the UI. |
  • target_user_id: ID of the target user
  • session_id: ID of the Looker session
    • | | exit_sudo | A user exited sudo (impersonation) as another user in the UI. |
  • target_user_id: ID of the target user
  • session_id: ID of the Looker session
    • | | export_query | A user downloaded a file in a format other than PNG or PDF |
  • dialect: Database dialect of the query
  • export_format: The format of the download (CSV, JSON, etc)
  • history_id: History ID of the query
  • query_params: Query parameters that describe the query
  • source: The source from which the download originated (API, drill modal, etc)
    • | | fetch_and_parse_saml_idp_metadata | The given URL was fetched and parsed as a SAML IdP metadata document, and the result was returned. | none | | fetch_dashboard | A dashboard's properties were retrieved. |
  • dashboard_id: ID of the dashboard
    • | | find_and_replace | The find and replace function of the Content Validator was used. |
  • replace_type: type of replacement. field, view, model, or explore
  • error_count: number of errors, if any
  • look_ids: IDs of Looks that were successfully updated, if any
    • | | follow_alert | A user followed an alert. |
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to follow the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was followed by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully followed
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query
    • | | force_password_reset_at_next_login_for_all_users | All users with passwords were forced to reset their passwords upon their next login. | none | | generate_tokens_for_cookieless_session | API and navigation tokens for a cookieless embed session were generated. | none | | generating_mail_dashboard | A dashboard was rendered as an email. |
  • source_url: source URL of the dashboard
  • items: number of dashboard elements rendered
    • | | generating_pdf | A dashboard was rendered as a PDF. |
  • source_url: source URL of the dashboard
  • items: number of dashboard elements rendered
    • | | get_alerts_v0 | A user selected the alert button on a tile, and Looker computed the number of alerts already on that tile. |
  • duration: the time it took Looker to compute the number of alerts on the tile, in seconds
  • count: the number of alerts on the tile
  • success: whether Looker successfully computed the number of alerts on the tile
    • | | get_oauth_client_app | The settings for an OAuth app client were returned. |
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    • | | import_lookml_dashboard | A user-defined dashboard has been created from a LookML dashboard. |
  • lookml_dashboard_id: ID of the LookML dashboard
  • space_id: ID of the space where the user-defined dashboard was created
    • | | invalidate_oauth_client_app_tokens | All sessions, access tokens and refresh tokens for this app were deleted. |
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    • | | lint | A user validated LookML on a project.|
  • project_id: ID of the project
  • dev_mode: Whether the user was in Development Mode
  • workspace: ID of the workspace
  • errors: The number of LookML errors returned
  • total_runtime The total time in seconds that it took to validate the LookML
  • model_object_build_runtime: The time in seconds that the LookML validator spent building model objects
  • backend_runtime: The time in seconds that the LookML validator spent running backend processes
  • looker_lang_runtime: The time in seconds thaat the LookML validator spent checking for errors
  • aragonite: Whether New LookML Runtime was used during validation
  • project_digest: A hash value computed from the current state of the project
  • source: The process that initiated the validation
  • cached_explores: The number of cached explores that were validated
  • total_explores: The total number of explores that were validated
    • | | list_oauth_client_apps | A list of applications registered to use OAuth2 login with this Looker instance was returned. |
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    • | | login | A user logged in to the UI or API. |
  • type: type of authentication system
  • ldap: whether the login occurred via the LDAP protocol
  • ip: IP address of the request
  • user_id: ID of the user who logged in
    • | | login_failure | A user's login attempt to the UI or API failed. |
  • type: type of authentication system
  • ip: IP address of the request
  • user_id_offered: user identifier string that the user offered in the attempt (as appropriate for the different auth systems)
  • msg: details string about the attempt processing
    • | | login_user | An API session was transformed to impersonate a user. This is often used when a service account is configured to enable API calls on behalf of users without needing to provision API credentials for individual users. |
  • target_user_id: ID of the target user
  • token_id: ID of the session token for this API session
    • | | lookml_dashboard_metadata_saved | Looker performed a periodic check on the state of LookML dashboards on the instance. |
  • added_dashboard_count: the number of LookML dashboards that were created since the last check
  • deleted_dashboard_count: the number of LookML dashboards that were deleted since the last check
  • updated_dashboard_count: the number of LookML dashboards that were updated since the last check
    • | | mail_opened | An email was opened. |
  • mail_type: password reset or scheduled task, for example
  • recipient: hash of the recipient's email address
  • build_time: time at which the MailJob was created
  • look_id: ID of the Look (if a Look email is scheduled); otherwise, null
  • dashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, null
  • scheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null
    • | | mail_sent | An email was sent by the mailer. |
  • mail_type: password reset or scheduled task, for example
  • recipient: hash of the recipient's email address
  • look_id: ID of the Look (if a Look email is scheduled); otherwise, null
  • dashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, null
  • scheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null
    • | | move_dashboard | A dashboard was moved to another folder. |
  • dashboard_id: ID of the dashboard
  • folder_id: ID of the destination folder
    • | | move_space | A folder was moved or renamed. |
  • origin_space_id: ID of the original parent
  • destination_space_id: ID of the new parent
    • | | new_model_set | A model set was created. |
  • model_set_id: ID of the new model set
  • models: JSON object containing the models
    • | | new_permission_set | A permission set was created. |
  • permission_set_id: ID of the new permission set
  • permissions: JSON object containing the permissions
    • | | new_space | A folder was added. |
  • has_parent: whether the folder has a parent folder
    • | | oauth_client_app_user_authentication | An application attempted to authenticate to the Looker instance. |
  • oauth_client_app_guid : the unique ID that the app identifies itself with
  • type: the type of authentication that the app used. Most often api
  • user_id: the Looker user ID that the app authenticated as
    • | | parse_saml_idp_metadata | The given XML was parsed as a SAML IdP metadata document, and the result was returned. | none | | pdt_build | A PDT was rebuilt. |
  • temporary: table generated a temporary table
  • runtime: total time to build the table
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • status: build_ready, build_complete, build_aborted, build_canceled, build_error, or nil
  • source: regenerator or query
  • dev_mode: whether the PDT was built for a user in Development Mode | | pdt_regen | A PDT regen was executed on a connection. |
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • status: skipped_pending_cron, skipped_invalid_connection, skipped_unwritable_schema, success, error_in_regen, or nil
  • runtime: total time to regen all PDTs on the connection
  • checked_count: number of PDTs checked
  • built_count: number of PDTs built
  • canceled_count: number of PDT regens canceled (query killed)
  • failed_count: number of PDT regens that failed for an unknown reason | | redirect_query | A new query was mapped to an existing query. |
  • look_id: ID of the Look for this query
  • model: name of the model for this query
  • view: name of the view for this query | | register_oauth_client_app | An OAuth app client was created. |
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    • | | render_scheduled_dashboard | A scheduled dashboard was rendered. |
  • target_uri: URI of the dashboard to be rendered
  • type: rendered file type | | render_scheduled_look | A scheduled Look was rendered. |
  • target_uri: URI of the Look to be rendered
  • type: rendered file type
  • dimensions: dimensions of the rendered image | | render_timeout_for_scheduled_dashboard | A timeout occurred while a scheduled dashboard was being rendered. |
  • target_uri: URI of the dashboard that was rendered
  • type: rendered file type | | render_timeout_for_scheduled_look | A timeout occurred while a scheduled Look was being rendered. |
  • target_uri: URI of the Look that was rendered
  • type: rendered file type
  • dimensions: dimensions of the rendered image | | reset_password | An admin triggered a password reset for a user. | none | | reset_to_production | A LookML project was reset to its production status.|
  • project_id: ID of the project
  • success: Whether or not the reset was successful
    • | | reset_to_remote | A LookML project was reset to its remote status.|
  • project_id: ID of the project
  • success: Whether or not the reset was successful
    • | | run_alert | An alert's condition was checked. |
  • alert_id: ID of the alert
  • condition_met: whether the alert's conditions were met
  • cron: the cron string that defines when the alert is checked
  • elapsed_time: the total amount of time it took for Looker to check the alert condition, in seconds. This includes query runtime and initialization
  • embed_user: whether this alert was created by an embedded user
  • followable: whether this alert is followable
  • init_duration: the time it took Looker to initialize the alert condition check, in seconds
  • public: whether this alert is public
  • runtime: the time it took for Looker to run the alert's query, in seconds
  • success whether this alert condition was successfully checked
  • vis_type: the visualization type of the alert's query| | run_query | A query was completed through the Query Manager. |
  • model: model used
  • view: view in model
  • query: query string stored in the history entry
  • history_id: ID of the history entry
  • runtime: runtime up to completion, error, or kill
  • status: completed, killed, or error
  • uri_length: length of the query string passed in query
  • dialect: dialect of the database for this query
  • dashboard_id: ID of the UDD dashboard or the name of the LookML dashboard
  • look_id: ID of the Look for this query | | run_query_task | A saved query was run asynchronously. |
  • query_task_id: ID of the query task to run asynchronously | | run_scheduled_task | A scheduled task was run. |
  • scheduled_task_id: ID of the scheduled task
  • sent: whether the results were sent (published) | | run_sql_query | A SQL query was run from SQL Runner. |
  • slug: slug of the query
  • user_id: user who ran the query
  • last_runtime: how long the query took the last time it executed
  • run_count: how many times the query has been executed
  • dialect: dialect of the query| | save_look | A Look was saved. |
  • look_id: ID of the Look
  • vis_type: vis type of the query
  • keep_exploring: user did not immediately view the new Look | | save_project_file | A file was saved in a project. |
  • project: name of the project
  • file: the name of the saved file
  • file_type: the type of file saved (model, view, etc) | | scheduler_deliver | The scheduler delivered a scheduled job. |
    • dashboard_id: the numeric ID of the dashboard. Null if scheduled content is not a user-defined dashboard.
    • enabled: whether this schedule is enabled.
    • lookml_dashboard_id: the textual ID of the LookML dashboard. Null if the scheduled content is not a LookML dashboard.
    • scheduled_job_tracking_id: the tracking ID for the scheduled job.
    • backlog_when_dequeued: the number of schedules in the scheduler queue when this schedule ran.
    • backlog_when_enqueued: the number of schedules in the scheduler queue when this schedule entered the queue.
    • crontab: the frequency at which the schedule should be checked. Presented in cron format.
    • destination_count: the number of destinations that this schedule should be sent to.
    • started_at: the time at which the schedule job started
    • seconds_in_queue: the number of seconds that this schedule spent in the queue.
    • completed_at: the time at which the schedule was sent
    • look_id: the numeric ID of the Look. Null if scheduled content is not a Look.
    • scheduled_plan_id: the numeric ID of this scheduled plan.
    • user_id: the numeric ID of the user who created this schedule.
    • format: the data format that the scheduled content should be sent in.
    • destination_types: a list of destination types that this schedule should be sent to.
    • status: the status of this schedule job
    • require_no_results: whether this schedule requires that no results are returned in order to send.
    • run_once: whether this scheduled job was triggered by a user selecting Run once or Test on the scheduler modal.
    • require_change: whether this schedule requires that results changed from the last run in order to send.
    • require_results: whether this schedule requires that results are returned in order to send.
    • timezone: the timezone of this schedule's crontab frequency.
    | | scheduler_execute | The scheduler checked whether a scheduled job should be run. |
    • dashboard_id: the numeric ID of the dashboard. Null if scheduled content is not a user-defined dashboard.
    • enabled: whether this schedule is enabled.
    • lookml_dashboard_id: the textual ID of the LookML dashboard. Null if the scheduled content is not a LookML dashboard.
    • scheduled_job_tracking_id: the tracking ID for the scheduled job. Null if no scheduled job was created during this check.
    • should_deliver: whether a scheduled job should be run during this check. For example, if the scheduled content is a Look, and the schedule is set to run only if there are results, then the scheduled job may not be created during each check.
    • crontab: the frequency at which the schedule should be checked. Presented in cron format.
    • destination_count: the number of destinations that this schedule should be sent to.
    • started_at: the time at which the scheduler check started
    • completed_at: the time at which the scheduler check completed
    • look_id: the numeric ID of the Look. Null if scheduled content is not a Look.
    • scheduled_plan_id: the numeric ID of this scheduled plan.
    • user_id: the numeric ID of the user that created this schedule.
    • format: the data format that the scheduled content should be sent in.
    • destination_types: a list of destination types that this schedule should be sent to.
    • status: the status of this schedule check
    • require_no_results: whether this schedule requires that no results are returned in order to send.
    • run_once: whether this scheduled job was triggered by a user selecting Run once or Test on the scheduler modal.
    • require_change: whether this schedule requires that results changed from the last run in order to send.
    • require_results: whether this schedule requires that results are returned in order to send.
    • timezone: the timezone of this schedule's crontab frequency.
    | | send_user_credentials_email_password_reset | A password reset token was sent to a user.|
  • for_user_id: ID of the user
    • | | set_default_color_collection | The global default color collection was set. |
  • collection_id: ID of the default color collection
    • | | set_legacy_feature_#{id}_to_#{val} | The legacy feature #{id} was set to #{val} by a user. |
  • legacy_feature_id: ID of the legacy feature being altered | | set_user_attribute_group_values | User attribute values were updated across a set of groups. |
  • user_attribute_name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
    • | | set_user_attribute_user_value | A user attribute value was updated for a user.|
  • user_attribute_name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
  • user_id: ID of the user
    • | | sso_embed_secret_created | The embed secret for the Looker instance was set. |
  • secret_id: ID of the embed secret
    • | | sso_embed_secret_deleted | The embed secret for the Looker instance was deleted. |
  • secret_id: ID of the embed secret
    • | | support_access_disabled | Looker Support auth access was turned off or toggled by an admin or a privileged developer. |
  • support_access_open: false
  • support_access_open_until: time at which the toggle was set to nil
    • | | support_access_enabled | Looker Support auth access was turned on or toggled by an admin or a privileged developer. |
  • support_access_open: true
  • support_access_open_until: time at which the toggle was automatically set to false
    • | | sync_lookml_dashboard | All user-defined dashboards linked to a LookML dashboard were updated to reflect changes to the LookML dashboard.|
  • lookml_dashboard_id: ID of the LookML dashboard
  • dashboards_synced_count: The number of user-defined dashboards that were updated
    • | | tag_ref | A tag was created for a user's most recent commit.|
  • project: ID of the project
  • success: whether the tag creation was successful
    • | | test_ldap_config_auth | The connection authentication settings for an LDAP configuration were tested. |
  • success: whether the test was successful | | test_ldap_config_connection | The connection settings for an LDAP configuration were tested. |
  • success: whether the test was successful | | test_user_auth | The user authentication settings for an LDAP configuration were tested. |
  • success: whether the test was successful | | test_user_info | The user authentication settings for an LDAP configuration were tested without the user being authenticated. |
  • success: whether the test was successful | | track_content_view | A user viewed a Look or dashboard. |
  • content_id: ID of the Look or dashboard
  • content_type: the type of content viewed, most commonly dashboards-next or looks | | unchanged_oauth_client_app | Looker periodically checks the status of connectors such as Connected Sheets. |
  • app_client_guid: the unique ID of the connector
  • app_display_name: the user-friendly name of the connector
  • app_enabled: whether the connector is enabled | | unfollow_alert | A user unfollowed an alert. |
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to unfollow the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was unfollowed by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully unfollowed
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query| | update_color_collection | A user updated a color collection. |
  • id: ID of the color collection
    • | | update_connection | A user updated a connection. |
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • name: name of the connection| | update_dashboard | The properties of a dashboard were updated. |
  • dashboard_id: ID of the dashboard
    • | | update_dashboard_element | A dashboard element was updated.|
  • dashboard_element_id: ID of the dashboard element
    • | | update_dashboard_filter | A dashboard filter was updated. |
  • dashboard_filter_id: ID of the dashboard filter
    • | | update_dashboard_layout | A dashboard layout was updated. |
  • dashboard_layout_id: ID of the dashboard layout
    • | | update_dashboard_layout_component | A dashboard layout component was updated. |
  • dashboard_layout_component_id: ID of the dashboard layout component
    • | | update_embed_config | The Embed configuration was updated. |
  • old_value: previous auth enabled setting
  • new_value: new auth enabled setting
  • action: whether auth was enabled or disabled
  • domain_whitelist_count: count of allowlist domains | | update_google_config | The Google auth settings were updated. |
  • action: enabled, disabled, or modified | | update_group | A group was updated. |
  • group_id: ID of the group
    • | | update_homepage_item | A curated homepage item was updated. |
  • homepage_item_id: ID of the updated homepage item
  • has_title: whether the item has a title
  • has_text: whether the item has text
  • has_link: whether the item has a URL
  • has_image: whether the item has an image| | update_homepage_section | A curated homepage section (title) was updated. |
  • homepage_item_id: ID of the updated homepage item | | update_ldap_config | The LDAP auth settings were updated. |
  • action: enabled, disabled, or modified | | update_model_set | The models in a model set were changed. |
  • model_set_id: ID of the updated model set
  • old_models: JSON object containing the old models | | update_oidc_config | The OpenID Connect auth settings were updated. |
  • action: enabled, disabled, or modified | | update_oauth_client_app | An OAuth app client was updated. |
  • app_client_guid: ID of the app
  • app_display_name: User-friendly display name of the app
  • ip: IP address of the request
  • user_id: ID of the user who made the request
    • | | update_password_config | The password configuration settings were updated. | none | | update_permission_set | The permissions in a permission set were changed. |
  • permission_set_id: ID of the updated permission set
  • old_permissions: JSON object containing the old permissions
  • new_permissions: JSON object containing the new permissions | | update_project | A LookML project's settings were updated. |
  • project_id: ID of the project
    • | | update_repository_credential | The remote credentials for a LookML project were updated. |
  • root_project_id: ID of the project
  • remote_url: URL of the remote repository
    • | | update_role_groups | All groups for a role were set, and all existing group associations from that role were removed. |
  • role_id: ID of the role
  • group_ids: IDs of groups to set for the role | | update_role_users | The set of users with a given role was edited. |
  • role_id: ID of the role
  • old_user_ids: JSON object containing the old users with the role
  • new_user_ids: JSON object containing the new users with the role | | update_role | A role was updated. |
  • role_id: ID of the role
  • old_permission_set_id: ID of the role's old permission set
  • old_model_set_id: ID of the role's old model set
  • new_permission_set_id: ID of the role's new permission set
  • new_model_set_id: ID of the role's new model set | | update_saml_config | The SAML auth settings were updated. |
  • action: enabled, disabled, or modified | | update_scheduled_plan_destination | A scheduled plan destination was updated. | scheduled_plan_destination_id: ID of the updated plan | | update_space | A folder was updated. |
  • space_id: ID of the updated folder | | update_totp_config | The two-factor auth settings were updated. |
  • action: enabled, disabled, or modified | | update_upload | The upload table definition was updated and the DB table was created/loaded. |
  • upload_id: ID of the uploaded data that was imported to the database | | update_user | A user's information was updated. |
  • user_id: ID of the modified user | | update_user_access_filter | An access filter was updated for the specified user. |
  • for_user_id: ID of the user whose access filters were updated | | update_user_attribute | The definition of a user attribute was updated. |
  • label: Human-friendly label of the user attribute
  • name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
    • | | update_user_attribute_group_value | A user attribute value was set at the group level. |
  • group_id: ID of the group
  • user_attribute_name: The name of the user attribute
  • user_attribute_id: ID of the user attribute
    • | | update_user_credentials_email | Email/password login information was updated for the specified user. |
  • for_user_id: ID of the user whose email credentials were updated | | update_user_facts_chunk | Looker updated the User Facts table in the User explore. The table is updated hourly. |
  • chunk_number: ID of the chunk of users about whom Looker computed user facts
  • elapsed_seconds: number of seconds Looker took to compute user facts
  • facts_created: number of fact entries created
  • facts_deleted: number of fact entries deleted
  • users_processed: number of users processed in this chunk | | update_whitelabel_configuration | The private label configuration was updated. | none | | upload_file | The contents of file were uploaded to Looker for user-defined table generation and load. |
  • upload_id: ID of the upload that has the custom file attached to it for later import | | user_permission_elevation | A change occurred that caused a user's permissions to be increased in some way. |
  • user_id: ID of the user whose permissions changed
  • embed_user: whether this was an Embed user
  • added_permissions: list or permissions that were added
  • old_permissions: list of permissions before the change
  • new_permissions: list of permissions after the change
  • cause: name of the event that caused the change, or unknown if the change can't be attributed to a specific event
  • cause_event_id: ID of the event that caused the change | | user_roles_updated | A user's roles were edited. |
  • user_id: ID of the modified user
  • role_ids: JSON object containing the user's roles | | wipeout_user_emails | All email addresses were changed for a disabled user. |
  • user_id: ID of the user
    • |