Databricks Community

dbx-soundar · ‎07-16-2025

Please share the attributes related to the audit logs

How is the audit logs can be utilized by cyber security team?

What are the insights into the audit logs and how we can maintain the compliance?

What are the non-compliance items can be identified from the audit logs and how to address?

What is ServiceName and ActionName from the logs?

Walter_C · ‎07-16-2025

The audit logs will only get the information of the events and actions being performed by users, service principals in the workspace, so there is no compliance actions being tracked itself.

The Service name is a subgroup of items you want to check, so for example if you want to check job related events, there is service name called Jobs, same for Account events, etc, while the action name is the actual event you want to track, if you want to check users logins, if a job was deleted, if a table was created in UC.

dbx-soundar · ‎07-16-2025

Thanks Walter for the response.

I have one final query.

Is the format style for the logs follows any format style like CamelCase, Kebab-Case and Snake_case?

The format style followied to create the catalog/schema/table should be in sync with the databricks generated logs which will help to parse the logs consistently.

Appreciate your response to close this discussion.

Databricks Community

Databricks Audit Logs Analysis

Join Us as a Local Community Builder!

Databricks Community Champion - August 2025 - Benjamin Stringer

🚀 Weekly Delta (27 August - 3 September): A Look Back at This Week’s Top Community Highlights!

What's new in Databricks: July - August 2025

How to use Lakebase as a transactional data layer for Databricks Apps

🌟 Community Spark of the Week | Aug 22 – Aug 28 🌟