# Use Immuta Audit

**Requirement**: Immuta permission global `AUDIT` or domain-specific `Audit Activity`

### Applying filters to find audit events <a href="#applying-filters" id="applying-filters"></a>

You can filter the audit page in several ways and use multiple filters at once to find the type of audit events you are interested in. To filter the audit page,

1. Click <i class="fa-chart-line">:chart-line:</i> **Insights** in the navigation menu and select **Audit**.
2. Click **Filters**, and select the **filter** you want from the options.

<details>

<summary>Example search</summary>

If you are looking for a specific audit event, use the [UAM schema reference guide](https://documentation.immuta.com/SaaS/govern/detect-your-data/audit/reference-guides/index/uam-schema) to determine the audit log you want. Use the example JSON to determine the correct filter.

For example, if you are looking for a data source deleted event, you would find the JSON for the `DatasourceDeleted` event on the reference page:

<pre class="language-json"><code class="lang-json">{
"id": "1403b675-70f6-4833-ab4c-a7486c63f494",
"<a data-footnote-ref href="#user-content-fn-1">action</a>": "DELETE",
"<a data-footnote-ref href="#user-content-fn-2">actionStatus</a>": "SUCCESS",
"actor": {
    "<a data-footnote-ref href="#user-content-fn-3">name</a>": "Taylor Smith",
    "id": "taylor@immuta.com",
    "identityProvider": "bim",
    "profileId": "1",
    "<a data-footnote-ref href="#user-content-fn-3">type</a>": "USER_ACTOR"
},
"tenantId": "your-immuta-tenant.com",
"<a data-footnote-ref href="#user-content-fn-4">targetType</a>": "DATASOURCE",
"targets": [
    {
        "type": "DATASOURCE",
        "id": "93",
        "<a data-footnote-ref href="#user-content-fn-5">name</a>": "Audit",
        "<a data-footnote-ref href="#user-content-fn-6">technology</a>": "POSTGRESQL"
    }
],
"relatedResources": [],
"auditPayload": {
    "type": "DatasourceDeletedAuditPayload",
    "version": 1,
    "datasourceId": "93",
    "name": "Audit",
    "technology": "POSTGRESQL"
},
"eventTimestamp": "2024-02-22T14:20:42.379Z",
"receivedTimestamp": "2024-02-22T14:20:42.392Z"
}
</code></pre>

To find an event like this in the UI, you would then use the following filters:

* Target Type - Data Source
* Action - Delete
* Outcome - Success

</details>

To remove the filters, click the **delete (X)** icon.

*Note: For a more responsive experience, Immuta limits the number of auto-suggested filter values to 100 of the most active values. The total item count for each filter type still reflects the number of events in the dashboard time range.*

### Setting a time range <a href="#setting-a-time-range" id="setting-a-time-range"></a>

By default, the time range for the audit page is 24 hours. To select a different time range,

1. Click the **date range**.
2. Select the **time range** you want from the options, choose to **enter a custom date range**, or choose to **enter a custom time range** in hours.

*Note this will revert back to the default when you log out.*

### Manually sync new events <a href="#manually-sync-new-events" id="manually-sync-new-events"></a>

Audit events from Snowflake and Databricks Unity Catalog are ingested on a configurable schedule; however, users can manually pull in audit events from these integrations at any time by completing the following steps.

1. Click <i class="fa-chart-line">:chart-line:</i> **Insights** in the navigation menu and select **Audit**.
2. Click **Load Audit Events**.

The ingestion job may take time to finish, but will complete in the background. Once it is complete, the new audit events will populate on the events page.

[^1]: This aligns with the Action filter.

[^2]: This aligns with the Outcome filter.

[^3]: This aligns with the Actor Name filter.

[^4]: This aligns with the Target Type filter.

[^5]: This aligns with the Target Name filter.

[^6]: This aligns with the Data Platform filter.