• Log inStart now

NrAuditEvent: Query account audit logs

As an additional security measure for using and managing New Relic, you can use the NrAuditEvent event to view audit logs that show changes in your New Relic organization.

What is the NrAuditEvent?

The NrAuditEvent is created to record some important types of configuration changes you and your users make in your New Relic organization. Data gathered includes the type of account change, what actor made the change, a human-readable description of the action taken, and a timestamp for the change. Reported information includes:

  • Users added or deleted
  • User permission changes
  • Account changes made via API
  • Synthetic monitor changes
  • Dashboard deletion
  • Workload configuration changes

To see all the attributes reported by this event, see NrAuditEvent.

To be notified about these types of changes, you can use alerts.

Caveats and details on using NrAuditEvent

All New Relic accounts can query up to 13 months of account changes.

If your New Relic organization and accounts were created using the Partnership API, NrAuditEvent won't return information about creating or editing accounts.

Audit logging is different than configuring audit mode for an APM agent. APM audit mode records information about all data being transmitted from your app.

Example queries

Here are some examples of querying the NrAuditEvent using NRQL.

Note that the query builder in the UI can only query one account at a time. If you have the right permissions, you can run cross-account queries with NerdGraph.

General account changes

Changes made by specific users

Changes made using the API

Copyright © 2023 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.