https://community.databricks.com/t5/administration-architecture/serverless-workspace-observability/m-p/132046#M4045 <P>I’m setting up <STRONG>observability for a Databricks <EM>serverless</EM> workspace</STRONG> on AWS and need some guidance.<BR />I know we can configure <STRONG>audit logs</STRONG> for S3 delivery, but I’m unsure if that alone is sufficient.</P><P>For a complete observability setup especially when integrating with CloudWatch, Splunk, or Kibana</P><UL><LI><P>Do we only need to enable <STRONG>audit-log delivery to S3</STRONG>, or</P></LI><LI><P>Are there <STRONG>other logs&nbsp;</STRONG>that should also be routed to S3 for best practices?</P></LI></UL><P>If anyone has implemented observability in a serverless Databricks workspace, I’d love to hear what log sources you included and any reference docs or patterns you followed.</P> Mon, 15 Sep 2025 20:01:19 GMT APJESK 2025-09-15T20:01:19Z https://community.databricks.com/t5/administration-architecture/serverless-workspace-observability/m-p/132046#M4045 <P>I’m setting up <STRONG>observability for a Databricks <EM>serverless</EM> workspace</STRONG> on AWS and need some guidance.<BR />I know we can configure <STRONG>audit logs</STRONG> for S3 delivery, but I’m unsure if that alone is sufficient.</P><P>For a complete observability setup especially when integrating with CloudWatch, Splunk, or Kibana</P><UL><LI><P>Do we only need to enable <STRONG>audit-log delivery to S3</STRONG>, or</P></LI><LI><P>Are there <STRONG>other logs&nbsp;</STRONG>that should also be routed to S3 for best practices?</P></LI></UL><P>If anyone has implemented observability in a serverless Databricks workspace, I’d love to hear what log sources you included and any reference docs or patterns you followed.</P> Mon, 15 Sep 2025 20:01:19 GMT https://community.databricks.com/t5/administration-architecture/serverless-workspace-observability/m-p/132046#M4045 APJESK 2025-09-15T20:01:19Z https://community.databricks.com/t5/administration-architecture/serverless-workspace-observability/m-p/132430#M4067 <P>Hey&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/170854">@APJESK</a>&nbsp;- thanks for reaching out!&nbsp;</P> <DIV class="RJPOee EIJn2"> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB"><SPAN data-huuid="12364198788019133179"><SPAN data-huuid="12364198788019133179">For comprehensive observability in a Databricks serverless workspace on AWS, particularly when integrating with tools like CloudWatch, Splunk, or Kibana, enabling audit log delivery to S3 is a crucial first step, but it is not the only log source to consider. As you noted, it is a good idea to</SPAN></SPAN><SPAN>&nbsp;not rely solely on audit logs—external cloud logs help detect issues Databricks can’t see alone.</SPAN></DIV> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB">&nbsp;</DIV> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB"><SPAN data-huuid="12364198788019133179">Logs you can route to S3:</SPAN></DIV> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB"><STRONG style="color: #1b3139; font-family: inherit;">- Databricks Audit Logs (you've got these):</STRONG><SPAN>&nbsp;Enable delivery to S3 to capture detailed platform-level activity (user actions, resources, permissions).</SPAN></DIV> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB"><STRONG style="color: #1b3139; font-family: inherit;">- AWS Cloud-Native Logs:</STRONG><SPAN> Include CloudTrail, S3 access logs, and VPC flow logs for visibility into cloud-level actions like authentication, data access, and network traffic.</SPAN></DIV> <DIV class="rPeykc" data-hveid="CAQQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIBBAB"><STRONG style="color: #1b3139; font-family: inherit;">- Job, Pipeline, and Query Logs:</STRONG><SPAN> Monitor Databricks event logs (for jobs, pipelines, and SQL warehouse activity) using system tables or metrics endpoints for operational health and anomaly detection.</SPAN></DIV> </DIV> <DIV class="RJPOee EIJn2"> <DIV class="rPeykc" data-hveid="CEIQAQ" data-ved="2ahUKEwjS1da-quKPAxXhElkFHWMFNd4Qo_EKegQIQhAB"> <P>So, it is best practice to aggregate and monitor all these log types for comprehensive security and operational insight. You can integrate logs into SIEM or monitoring systems (CloudWatch, Splunk, Kibana) using ETL pipelines or native AWS integrations.</P> <P>You can find more information in the docs for&nbsp;<A href="https://docs.databricks.com/aws/en/lakehouse-architecture/operational-excellence/best-practices#use-native-and-external-tools-for-platform-monitoring" target="_self">Operational Excellence</A>.</P> <P>I hope this is helpful!</P> <P>Sarah</P> </DIV> </DIV> Thu, 18 Sep 2025 12:50:17 GMT https://community.databricks.com/t5/administration-architecture/serverless-workspace-observability/m-p/132430#M4067 sarahbhord 2025-09-18T12:50:17Z