Unknown Users in Audit Logs
Unity Catalog native query audit brings in audit information for all tables and data sources, so some audit logs are created from activity by users not registered in Immuta. These audit records will appear in Immuta, providing valuable information of activity, with the username Unknown. This can be seen on the audit page or in user and data activity dashboards.
While the Immuta user is unknown, the user's Databricks Unity Catalog username can be found within the audit log. To view the user's data platform username:
- Navigate to the event page.
- Select View JSON.
- The username can be found in the
To improve your future audit records, ensure these users are properly registered and can be named in the logs: