New Relic Synthetics lets you see a 13-month history of Synthetics audit events.
Feature description
When you take specific actions in New Relic Synthetics like creating or editing a monitor, an Insights event NrAuditEvent is generated. This event includes details about the action taken and which user took that action. This data is stored for 13 months. This historical data may be helpful if you'd like to investigate how a problem with your account was created and who made that change.
Synthetics changes tracked include:
- Monitors
- Creation
- Edits (including location change, mute/unmute, and enable/disable)
- Script creation, edits, validation (including secure credentials used)
- Deletion
- Monitor downtimes
- Creation
- Edits
- Deletion
- Secure credentials
- Creation
- Edits
- Views
- Deletion
- Private locations
- Creation
- Edits (including clearing queues)
- Deletion
For details on how to query this data, see Query details.
Query details
To query changes, go to New Relic Insights and make NRQL queries of the NrAuditEvent event and its associated attributes. For an introduction to using the NrAuditEvent event, see Query account audit logs.
Supported actionIdentifier events currently include:
- Monitors
synthetics_monitor.createsynthetics_monitor.updatesynthetics_monitor.create_scriptsynthetics_monitor.update_scriptsynthetics_monitor.validate_scriptsynthetics_monitor.delete
- Monitor downtimes
synthetics_monitor_downtime.createsynthetics_monitor_downtime.updatesynthetics_monitor_downtime.delete
- Secure credentials
synthetics_secure_credential.createsynthetics_secure_credential.updatesynthetics_secure_credential.viewsynthetics_secure_credential.delete
- Private locations
synthetics_private_location.createsynthetics_private_location.updatesynthetics_private_location.delete
How the change was made:
-
The
actorAPIKeyattribute indicates if the change was made via the API or by a user via the UI. When this value is null, it's a user update; when not null, it's an API update.
For examples of Synthetics audit log queries, see:
- The example use case.
- The Synthetics-specific examples in Audit query examples.
Example use case: Finding changes made by a user
Here's an example of using the Synthetics audit log to solve a common problem:
You are a manager at a company that uses New Relic Synthetics. A new employee has been playing with your company's Synthetics accounts to learn how Synthetics works. Unfortunately, this employee was accidentally given full access to the production Synthetics accounts, instead of the pre-production account.
You want to determine what Synthetics monitors this employee created, deleted, and updated, so that you will know which monitors need to be fixed. Instead of having to review every monitor in the account, you open New Relic Insights and run the following NRQL query of the NrAuditEvent event:
SELECT count(*) FROM NrAuditEvent WHERE actionIdentifier = 'synthetics_monitor.update_script' AND actorEmail = 'EMPLOYEE_EMAIL' FACET actionIdentifier, description SINCE 1 week ago LIMIT 1000
The query will return all the Synthetics monitors that the employee has updated, deleted, created, disable, or muted. One by one, you and the employee review the list and update the edited monitors.