- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2026 09:43 PM
’m trying to build a UC usage/refresh tracking table for every workspace. For each workspace, I want to know how many times a UC table was refreshed or accessed each month. To do this, I’m reading the Databricks audit logs and I need to extract only the correct full table name from the request_params field.
Sample Output Table (What I’m Trying to Build):
Just to show what I’m aiming for:
| workspace_id | workspace_name | month (event date) | full_table_name | Refresh_count (count of distinct event date) |
12345 | ws-prod | 2026-01-01 | main.sales.orders | 14 |
12345 | ws-prod | 2026-01-01 | main.marketing.accounts | 6 |
67890 | ws-dev | 2026-01-01 | main.hr.employee_master | 10 |
While parsing request_params, I’m seeing multiple different structures depending on the event type:
- table_full_name
- full_name_arg
- securables (array with type and full_name)
- separate fields like catalog, schema, and table
Because of this inconsistency, I’m not sure which one is the correct or recommended field to extract the full table name from. My goal is to capture a clean and reliable <catalog>.<schema>.<table> value for each refresh/access event.
My question:
What is the right or best‑practice approach to handle these different structures in request_params and determine which field should be treated as the authoritative full table name?
I want to avoid extracting the wrong name or parsing unnecessary fields, and I’d like to follow whatever Databricks considers the standard going forward.
Any guidance or recommendations would be appreciated.
