Audit Export GraphQL Reference Guide

Public preview: This feature is available to all accounts.

Use these audit export configuration commands to manage exporting your audit logs to S3 and ADLS Gen2. To configure an audit export see the Export to S3 or Export to ADLS guides.

Disable a configuration

To disable a configuration, use the disableExportConfiguration mutation:

mutation {
  disableExportConfiguration(
    id: "<export configuration ID>"
  )
  {
    id
  }
}

"data": {
  "disableExportConfiguration": {
    "id": "<export configuration ID>"
  }
}

Enable a configuration

To enable a disabled configuration, use the enableExportConfiguration mutation:

mutation {
  enableExportConfiguration(
    id: "<export configuration ID>"
  )
  {
    id
  }
}

"data": {
  "enableExportConfiguration": {
    "id": "<export configuration ID>"
  }
}

Delete a configuration

To delete a configuration, use the deleteExportConfiguration mutation:

mutation {
  deleteExportConfiguration(
    id: "<export configuration ID>"
  )
  {
    id
  }
}

"data": {
  "deleteExportConfiguration": {
    "id": "<export configuration ID>"
  }
}

Update a configuration

To update an existing configuration, use the mutation for your specific export configuration:

Export to S3 with access key: updateS3AccessKeyExportConfiguration
Export to S3 with assumed role: updateS3AssumedRoleExportConfiguration
Export to ADLS: updateAdlsSasTokenExportConfiguration

Update the configuration to make small changes, i.e., to rotate the token, rather than deleting the existing one and creating a new one.

mutation {
    updateAdlsSasTokenExportConfiguration(
        data: {
            id: "<export configuration ID>"
            interval: EVERY_2_HOURS
            storageAccount: "your-adls-storage-account",
            fileSystem: "audit-output",
            path: "immuta-audit",
            sasToken: "your-sas-token"
        } 
     ) 
     {
       id
       interval
       enabled
       endpointConfiguration {
            __typename
            ... on AdlsSasTokenEndpointConfiguration {
                storageAccount
                path
                fileSystem
            }
        }
    }
}

{
    "data": {
        "updateAdlsSasTokenExportConfiguration": {
            "id": "<export configuration ID>",
            "interval": "EVERY_12_HOURS",
            "enabled": true,
            "endpointConfiguration": {
                "storageAccount": "your-adls-storage-account",
                "fileSystem": "audit-output",
                "path": "immuta-audit"
            }
        }
    }
}

PreviousStarburst (Trino) Query Audit Logs NextUnknown Users in Audit Logs

Last updated 7 months ago

Was this helpful?