This page describes the events that Looker generates and how to view them.
Viewing events
Looker events are visible in the System Activity and i__looker
Event and Event Attribute Explores. You must be a Looker admin or have the see_system_activity
permission to view the Event and Event Attribute Explores.
If you have enabled the System Activity Model Labs feature, you will see the list of System Activity Explores, including the Event and Event Attribute Explores, at the bottom of your Explore menu.
To view the Event and Event Attribute Explores using i__looker
, access them using one of the following URLs:
https://<instance_name.looker.com>/explore/i__looker/event
https://<instance_name.looker.com>/explore/i__looker/event_attribute
The Event Explore includes the Event
view, which includes categories, created dates and times, and names of each event created:
(The above image is from the System Activity Explore; the i__looker
Explore contains a subset of these fields.)
The Event
view is useful for seeing lists or counts of events when you don’t need the associated attribute data.
The Event Attribute Explore includes both the Event
view and the Event Attribute
view. The Event Attribute
view shows the name and value of each attribute related to an individual event.
To view a list of events and their attribute values, use the Event Attributes Explore, and select the required fields from the Events
and Event Attribute
views. For example, the image below shows the time recent events were created, the event category they are in, the event name, the attribute names associated with each event, and the attribute values:
Common event attributes
Each Looker-generated event includes a set of data about the event. These common attributes are:
Attribute Name | Description |
---|---|
id |
Unique numeric identifier of the event |
user_id |
Unique numeric ID of the user who triggered the event |
name |
Name of the specific event that occurred, for example, create_dashboard |
created |
Date and time, in UTC, that the event was created |
category |
High-level category associated with the event, for example, dashboard |
sudo_user_id |
Unique numeric ID of the actual user who is impersonating the user indicated by user_id |
is_looker_employee |
Whether the user identified by user_id is a Looker employee |
is_admin |
Whether the user identified by user_id is a Looker admin |
is_api_call |
Whether the event was caused by an API call |
List of event types
The table below lists several events that can be generated by a Looker server.
This list includes the name of the event, the action or situation that can trigger the generation of the event, and a list of attributes associated with each event.
Event Type | Trigger | Attributes |
---|---|---|
add_external_email_to_scheduled_task |
An email outside the organization domain was added to a scheduled task. | scheduled_task_id : ID of the scheduled taskexternal email : email that was added |
add_group_group |
A group was added as a member of another group. | parent_group_id : ID of the parent group adding_group_id : ID of the added group deleting_group_id : ID of the deleted group |
add_group_user |
A user was added to a group. | group_id : ID of the group user_id : ID of the user |
add_user_to_scheduled_task |
A user was added to a scheduled task. | scheduled_task_id : ID of the scheduled taskuser_id : ID of the added user |
create_dashboard_render_task |
A new task was created to render a dashboard to a document or an image. | render_task_id : ID of the render task dashboard_id : ID of the dashboard to be rendered lookml_dashboard : whether the dashboard is a LookML dashboard target_type : resulting format of the rendered dashboard |
create_homepage_item |
A new curated homepage item was created. | has_title : whether the item has a title has_text : whether the item has text has_link : whether the item has a link has_image : whether the item has an image |
create_homepage_section |
A new curated homepage section was created. | homepage_section_id : ID of the curated section |
create_look_prefetch |
A prefetch for a Look was created with the specified information. | look_id : ID of the Look that had a prefetch created |
create_look |
A Look was created or deleted. | look_id : ID of the Look |
create_look_render_task |
A new task was created to render a Look to an image. | render_task_id : ID of the render task look_id : ID of the Look to be rendered format : resulting image format |
create_query_render_task |
A new task was created to render an existing query to an image. | render_task_id : ID of the render task query_id : ID of the query to be rendered format : resulting image format |
create_query |
A query was created. | query_id : ID of the new query |
create_role |
A new role was created. | role_id : ID of the new rolepermission_set_id : ID of the role’s permission setmodel_set_id : ID of the role’s model set |
create_saml_test_config |
A SAML test configuration was created. | has_error : whether the SAML config has an error |
create_scheduled_plan_destination |
A scheduled plan destination was created. | scheduled_plan_destination_id : ID of the created plan |
create_sql_query |
A SQL Runner query was created. | query_id : ID of the new query |
create_upload |
A CSV file for user-defined table generation/load was uploaded. | upload_id : ID of the uploaded data |
create_user_access_filter |
An access filter was created for the specified user. | for_user_id : ID of the user whose access filters were created |
create_user_credentials_api |
(Legacy) API login information was created for the specified user. This is for API Users used for the old query API. |
for_user_id : ID of the user whose API credentials were created |
create_user_credentials_api3 |
API 3 login information was created for the specified user. This is for the newer API keys that can be added for any user. | for_user_id : ID of the user whose API 3 credentials were created |
create_user_credentials_email |
Email/password login information was created for the specified user. | for_user_id : ID of the user whose email credentials were created |
create_user_credentials_email_password_reset |
A password reset token was created. | for_user_id : ID of the user whose password reset token was created |
create_user_credentials_totp |
Two-factor login information was created for the specified user. | for_user_id : ID of the user whose TOTP credentials were created |
create_user |
A user was created with the specified information. | user_id : ID of the user whose account was createdreason : (optional) method used to create the user account. If reason is missing, an admin created the user account. Otherwise, the account was automatically created as a result of a user action like login , license_setup , marketplace_setup , or self_created . type : (optional) credentials type for this user, especially if the user was auto-created at login |
datagroup_trigger_changed |
A datagroup trigger was changed. | runtime : total time to run the triggerconnection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionname : name of the datagroup |
delete_group_from_group |
A group was deleted as a member of another group. | parent_group_id : ID of the parent group adding_group_id : ID of the added group deleting_group_id : ID of the deleted group |
delete_group_user |
A user was removed from a group. | group_id : ID of the group user_id : ID of the user who was removed from the group |
delete_homepage_item |
A homepage item was deleted. | homepage_item_id : ID of the deleted homepage item |
delete_homepage_section |
A homepage section was deleted. | homepage_section_id : ID of the deleted homepage section |
delete_look |
A Look was deleted. | look_id : ID of the deleted Look |
delete_model_set |
A model set was deleted. | model_set_id : ID of the deleted model set |
delete_permission_set |
A permission set was deleted. | permission_set_id : ID of the deleted permission set |
delete_role |
A role was deleted. | role_id : ID of the deleted role |
delete_saml_test_config |
A SAML test configuration was deleted. | none |
delete_scheduled_plan_destination |
A scheduled plan destination was deleted. | scheduled_plan_destination_id : ID of the deleted scheduled plan |
delete_space |
A folder was removed. | none |
delete_upload |
An uploaded table with a specific ID was dropped. | upload_id : ID of the table |
delete_user_access_filter |
An access filter for the specified user was deleted. | for_user_id : ID of the user whose access filters were deleted |
delete_user_credentials_api |
(Legacy) API login information for the specified user was deleted. This is for API Users used for the old query API. |
for_user_id : ID of the user whose API credentials were deleted |
delete_user_credentials_api3 |
API 3 login information for the specified user was deleted. This is for the newer API keys that can be added for any user. | for_user_id : ID of the user whose API 3 credentials were deleted |
delete_user_credentials_email |
Email/password login information for the specified user was deleted. | for_user_id : ID of the user whose email credentials were deleted |
delete_user_credentials_embed |
Embed login information for the specified user was deleted. | for_user_id : ID of the user whose Embed credentials were deleted |
delete_user_credentials_google |
Google authentication login information for the specified user was deleted. | for_user_id : ID of the user whose Google credentials were deleted |
delete_user_credentials_ldap |
LDAP login information for the specified user was deleted. | for_user_id : ID of the user whose LDAP credentials were deleted |
delete_user_credentials_looker_openid |
Looker OpenID login information for the specified user was deleted. Used by Looker analysts. | for_user_id : ID of the user whose Looker OpenID credentials were deleted |
delete_user_credentials_saml |
SAML authentication login information for the specified user was deleted. | for_user_id : ID of the user whose SAML credentials were deleted |
delete_user_credentials_totp |
Two-factor login information for the specified user was deleted. | for_user_id : ID of the user whose TOTP credentials were deleted |
delete_user_session |
A web login session for the specified user was deleted. | for_user_id : ID of the user whose session was deleted |
delete_user |
A user was deleted. | user_id : ID of the user whose account was deleted |
disable_user |
A user account was disabled. | user_id : ID of the user whose account was disabled |
enable_user |
A user account was enabled. | user_id : ID of the user whose account was enabled |
enter_sudo |
A user entered sudo (impersonation) as another user in the UI. |
target_user_id : ID of the target user session_id : ID of the Looker session |
exit_sudo |
A user exited sudo (impersonation) as another user in the UI. |
target_user_id : ID of the target user session_id : ID of the Looker session |
fetch_and_parse_saml_idp_metadata |
The given URL was fetched and parsed as a SAML IdP metadata document, and the result was returned. | none |
find_and_replace |
The find and replace function of the Content Validator was used. | replace_type : type of replacement. field , view , model , or explore error_count : number of errors, if anylook_ids : IDs of Looks that were successfully updated, if any |
generating_mail_dashboard |
A dashboard was rendered as an email. | source_url : source URL of the dashboarditems : number of dashboard elements rendered |
generating_pdf |
A dashboard was rendered as a PDF. | source_url : source URL of the dashboarditems : number of dashboard elements rendered |
login |
A user logged in to the UI or API. | type : type of authentication system ldap : whether the login occurred via the LDAP protocol ip : IP address of the request user_id : ID of the user who logged in |
login_failure |
A user’s login attempt to the UI or API failed. | type : type of authentication system ip : IP address of the request user_id_offered : user identifier string that the user offered in the attempt (as appropriate for the different auth systems) msg : details string about the attempt processing |
login_user |
An API session was transformed to impersonate a user. This is often used when a service account is configured to enable API calls on behalf of users without needing to provision API credentials for individual users. | target_user_id : ID of the target user token_id : ID of the session token for this API session |
mail_opened |
An email was opened. | mail_type : password reset or scheduled task , for example recipient : hash of the recipient’s email addressbuild_time : time at which the MailJob was createdlook_id : ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id : ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id : ID of the scheduled task (if a task email is scheduled); otherwise, null |
mail_sent |
An email was sent by the mailer. | mail_type : password reset or scheduled task , for example recipient : hash of the recipient’s email addresslook_id : ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id : ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id : ID of the scheduled task (if a task email is scheduled); otherwise, null |
move_space |
A folder was moved or renamed. | origin_space_id : ID of the original parentdestination_space_id : ID of the new parent |
new_model_set |
A model set was created. | model_set_id : ID of the new model setmodels : JSON object containing the models |
new_permission_set |
A permission set was created. | permission_set_id : ID of the new permission setpermissions : JSON object containing the permissions |
new_space |
A folder was added. | has_parent : whether the folder has a parent folder |
parse_saml_idp_metadata |
The given XML was parsed as a SAML IdP metadata document, and the result was returned. | none |
pdt_build |
A PDT was rebuilt. | temporary : table generated a temporary table runtime : total time to build the tableconnection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionstatus : build_ready , build_complete , build_aborted , build_canceled , build_error , or nilsource : regenerator or query dev_mode : whether the PDT was built for a user in Development Mode |
pdt_regen |
A PDT regen was executed on a connection. | connection_id : ID of the connectionconnection_name : name of the connectiondialect : dialect of the connectionstatus : skipped_pending_cron , skipped_invalid_connection , skipped_unwritable_schema , success , error_in_regen , or nilruntime : total time to regen all PDTs on the connectionchecked_count : number of PDTs checkedbuilt_count : number of PDTs builtcanceled_count : number of PDT regens canceled (query killed)failed_count : number of PDT regens that failed for an unknown reason |
render_scheduled_dashboard |
A scheduled dashboard was rendered. | target_uri : URI of the dashboard to be renderedtype : rendered file type |
render_scheduled_look |
A scheduled Look was rendered. | target_uri : URI of the Look to be renderedtype : rendered file typedimensions : dimensions of the rendered image |
render_timeout_for_scheduled_dashboard |
A timeout occurred while a scheduled dashboard was being rendered. | target_uri : URI of the dashboard that was renderedtype : rendered file type |
render_timeout_for_scheduled_look |
A timeout occurred while a scheduled Look was being rendered. | target_uri : URI of the Look that was renderedtype : rendered file typedimensions : dimensions of the rendered image |
run_query |
A query was completed through the Query Manager. | model : model usedview : view in modelquery : query string stored in the history entryhistory_id : ID of the history entryruntime : runtime up to completion, error, or killstatus : completed , killed , or error uri_length : length of the query string passed in query dialect : dialect of the database for this querydashboard_id : ID of the UDD dashboard or the name of the LookML dashboardlook_id : ID of the Look for this query |
run_query_task |
A saved query was run asynchronously. | query_task_id : ID of the query task to run asynchronously |
run_scheduled_task |
A scheduled task was run. | scheduled_task_id : ID of the scheduled tasksent : whether the results were sent (published) |
run_sql_query |
A SQL query was run from SQL Runner. | slug : slug of the queryuser_id : user who ran the query last_runtime : how long the query took the last time it executedrun_count : how many times the query has been executeddialect : dialect of the query |
save_look |
A Look was saved. | look_id : ID of the Lookvis_type : vis type of the querykeep_exploring: user did not immediately view the new Look |
set_legacy_feature_#{id}_to_#{val} |
The legacy feature #{id} was set to #{val} by a user. |
legacy_feature_id : ID of the legacy feature being altered |
support_access_disabled |
Looker Support auth access was turned off or toggled by an admin or a privileged developer. | support_access_open : falsesupport_access_open_until : time at which the toggle was set to nil |
support_access_enabled |
Looker Support auth access was turned on or toggled by an admin or a privileged developer. | support_access_open : truesupport_access_open_until : time at which the toggle was automatically set to false |
test_ldap_config_auth |
The connection authentication settings for an LDAP configuration were tested. | success : whether the test was successful |
test_ldap_config_connection |
The connection settings for an LDAP configuration were tested. | success : whether the test was successful |
test_user_auth |
The user authentication settings for an LDAP configuration were tested. | success : whether the test was successful |
test_user_info |
The user authentication settings for an LDAP configuration were tested without the user being authenticated. | success : whether the test was successful |
update_embed_config |
The Embed configuration was updated. | old_value : previous auth enabled setting new_value : new auth enabled setting action : whether auth was enabled or disabled domain_whitelist_count : count of allowlist domains |
update_google_config |
The Google auth settings were updated. | action : enabled , disabled , or modified |
update_homepage_item |
A curated homepage item was updated. | homepage_item_id : ID of the updated homepage itemhas_title : whether the item has a title has_text : whether the item has text has_link : whether the item has a URL has_image : whether the item has an image |
update_homepage_section |
A curated homepage section (title) was updated. | homepage_item_id : ID of the updated homepage item |
update_ldap_config |
The LDAP auth settings were updated. | action : enabled , disabled , or modified |
update_model_set |
The models in a model set were changed. | model_set_id : ID of the updated model set old_models : JSON object containing the old models |
update_oidc_config |
The OpenID Connect auth settings were updated. | action : enabled , disabled , or modified |
update_permission_set |
The permissions in a permission set were changed. | permission_set_id : ID of the updated permission set old_permissions : JSON object containing the old permissions new_permissions : JSON object containing the new permissions |
update_role_groups |
All groups for a role were set, and all existing group associations from that role were removed. | role_id : ID of the role group_ids : IDs of groups to set for the role |
update_role_users |
The set of users with a given role was edited. | role_id : ID of the role old_user_ids : JSON object containing the old users with the role new_user_ids : JSON object containing the new users with the role |
update_role |
A role was updated. | role_id : ID of the role old_permission_set_id : ID of the role’s old permission set old_model_set_id : ID of the role’s old model set new_permission_set_id : ID of the role’s new permission setnew_model_set_id : ID of the role’s new model set |
update_saml_config |
The SAML auth settings were updated. | action : enabled , disabled , or modified |
update_scheduled_plan_destination |
A scheduled plan destination was updated. | scheduled_plan_destination_id : ID of the updated plan |
update_space |
A folder was updated. | space_id : ID of the updated folder |
update_totp_config |
The two-factor auth settings were updated. | action : enabled , disabled , or modified |
update_upload |
The upload table definition was updated and the DB table was created/loaded. | upload_id : ID of the uploaded data that was imported to the database |
update_user |
A user’s information was updated. | user_id : ID of the modified user |
update_user_access_filter |
An access filter was updated for the specified user. | for_user_id : ID of the user whose access filters were updated |
update_user_credentials_email |
Email/password login information was updated for the specified user. | for_user_id : ID of the user whose email credentials were updated |
update_whitelabel_configuration |
The whitelabel configuration was updated. | none |
upload_file |
The contents of file were uploaded to Looker for user-defined table generation and load. | upload_id : ID of the upload that has the custom file attached to it for later import |
user_permission_elevation |
A change occurred that caused a user’s permissions to be increased in some way. | user_id : ID of the user whose permissions changed embed_user : whether this was an Embed user added_permissions : list or permissions that were added old_permissions : list of permissions before the change new_permissions : list of permissions after the change cause : name of the event that caused the change, or unknown if the change can’t be attributed to a specific event cause_event_id : ID of the event that caused the change |
user_roles_updated |
A user’s roles were edited. | user_id : ID of the modified userrole_ids : JSON object containing the user’s roles |