As an additional security measure for using and managing New Relic, you can use the
NrAuditEvent event to view audit logs that show changes in your New Relic organization.
What is the
NrAuditEvent is created to record some important types of configuration changes you and your users make in your New Relic organization. Data gathered includes the type of account change, what actor made the change, a human-readable description of the action taken, and a timestamp for the change. Reported information includes:
- Users added or deleted
- User permission changes
- Account changes made via API
- Synthetic monitor changes
- Dashboard deletion
- Workload configuration changes
To see all the attributes reported by this event, see
To be notified about these types of changes, you can use alerts.
Caveats and details on using
All New Relic accounts can query up to 13 months of account changes.
If your New Relic organization and accounts were created using the Partnership API,
NrAuditEvent won't return information about creating or editing accounts.
Audit logging is different than configuring audit mode for an agent. APM audit mode records information about all data being transmitted from your app.
Here are some examples of querying the
NrAuditEvent using NRQL.
Note that the query builder in the UI can only query one account at a time. If you have the right permissions, you can run cross-account queries with NerdGraph.