Skip to main content

Documentation Index

Fetch the complete documentation index at: https://wb-21fd5541-docs-2661.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Use W&B audit logs to track user activity within your organization and to conform to your enterprise governance requirements. This page is for organization-level admins who need to access, fetch, and analyze audit log data across W&B deployment types. Audit logs are available in JSON format. Refer to Audit log schema. How you access audit logs depends on your W&B platform deployment type:
W&B Platform deployment typeAudit logs access mechanism
Dedicated Cloud
  • Instance-level BYOB: Synced to instance-level bucket (BYOB) every 10 minutes. Also available with the API.
  • Default instance-level storage: Available only with the API.
Multi-tenant CloudAvailable for Enterprise plans only. Available only with the API.
Self-ManagedSynced to instance-level bucket every 10 minutes. Also available with the API.
After you fetch audit logs, you can analyze them with tools like Pandas, Amazon Redshift, Google BigQuery, or Microsoft Fabric. Some audit log analysis tools don’t support JSON. Refer to the documentation for your analysis tool for guidelines and requirements to transform the JSON-formatted audit logs before analysis. For more details about the format of the logs, see Audit log schema and Actions.

Audit log retention

The following recommendations help you retain audit logs to meet your organization’s governance and compliance obligations:
  • If you must retain audit logs for a specific period of time, W&B recommends periodically transferring logs to long-term storage, either with storage buckets or the Audit Logging API.
  • If you are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), you must retain audit logs for a minimum of 6 years in an environment where no internal or external actor can delete or modify them before the end of the mandatory retention period. For HIPAA-compliant Dedicated Cloud instances with BYOB, you must configure guardrails for your managed storage, including any long-term retention storage.

Audit log schema

Use this schema to interpret the fields returned in each audit log entry. The following table shows all keys that can appear in an audit log entry, ordered alphabetically. Depending on the action and the circumstances, a specific log entry may include only a subset of the possible fields.
KeyDefinition
actionThe action of the event.
actor_emailThe email address of the user that initiated the action, if applicable.
actor_ipThe IP address of the user that initiated the action.
actor_user_idThe ID of the logged-in user who performed the action, if applicable.
artifact_assetThe artifact ID associated with the action, if applicable.
artifact_digestThe artifact digest associated with the action, if applicable.
artifact_qualified_nameThe full name of the artifact associated with the action, if applicable.
artifact_sequence_assetThe artifact sequence ID associated with the action, if applicable.
cli_versionThe version of the Python SDK that initiated the action, if applicable.
entity_assetThe entity or team ID associated with the action, if applicable.
entity_nameThe entity or team name associated with the action, if applicable.
project_assetThe project associated with the action, if applicable.
project_nameThe name of the project associated with the action, if applicable.
report_assetThe report ID associated with the action, if applicable.
report_nameThe name of the report associated with the action, if applicable.
response_codeThe HTTP response code for the action, if applicable.
timestampThe time of the event in RFC3339 format. For example, 2023-01-23T12:34:56Z represents January 23, 2023 at 12:34:56 UTC.
user_assetThe user asset the action impacts (rather than the user performing the action), if applicable.
user_emailThe email address of the user the action impacts (rather than the email address of the user performing the action), if applicable.

Personally identifiable information (PII)

Personally identifiable information (PII), such as email addresses and the names of projects, teams, and reports, is available only with the API endpoint option:

Before you begin

Before you fetch audit logs, confirm that you meet the following prerequisites for your deployment type:
  • Organization-level admins can fetch audit logs. If you receive a 403 error, ensure that you or your service account has adequate permission.
  • Multi-tenant Cloud: If you’re a member of multiple Multi-tenant Cloud organizations, you must configure the Default API organization, which determines where audit logging API calls are routed. Otherwise, you receive the following error: 
    user is associated with multiple organizations but no valid org ID found in user info
    To specify your default API organization:
    1. Click your profile image, then click User Settings.
    2. For Default API organization, select an organization.
    This doesn’t apply to a service account, which can be a member of only one Multi-tenant Cloud organization.

Fetch audit logs

To retrieve audit logs from the W&B Audit Logging API, follow these steps. After you complete this procedure, you have a set of newline-separated JSON objects you can analyze using your preferred tooling.
  1. Determine the correct API endpoint for your instance: In the following steps, replace [API-ENDPOINT] with your API endpoint.
  2. Optional: Construct query parameters to append to the endpoint. In the following steps, replace [PARAMETERS] with the resulting string.
    • anonymize: If the URL includes the parameter anonymize=true, W&B removes any PII. Otherwise, PII is included. Refer to Exclude PII when fetching audit logs. Not supported for Multi-tenant Cloud, where all fields are included, including PII.
    • Configure the date window of logs to fetch with a combination of numDays and startDate. Each parameter is optional, and they interact.
      • If neither parameter is included, only today’s logs are fetched.
      • numDays: An integer that indicates the number of days backward from startDate to fetch logs. If you omit it or set it to 0, logs are fetched for startDate only. On Multi-tenant Cloud, you can fetch a maximum of 7 days of audit logs, even if you set numDays to a larger value.
      • startDate: Optional. Use startDate=YYYY-MM-DD to set the newest calendar day in the range. If you omit it or set it to today, the range ends today and numDays counts backward from that day.
        • Supported in Multi-tenant Cloud only with an Enterprise license.
        • Supported in Dedicated Cloud and Self-Managed v0.80.0 and above.
  3. Construct the fully qualified endpoint URL in the format [API-ENDPOINT]?[PARAMETERS].
  4. Execute an HTTP GET request on the fully qualified API endpoint with a web browser or a tool like Postman, HTTPie, or cURL.
The API response contains newline-separated JSON objects. Objects include the fields described in the schema, just like when audit logs are synced to an instance-level bucket. In those cases, the audit logs are located in the /wandb-audit-logs directory in your bucket.

Use basic authentication

You must authenticate each request to the audit logs API. To use basic authentication with your API key to access the audit logs API, set the HTTP request’s Authorization header to the string Basic followed by a space, then the base64-encoded string in the format [USERNAME]:[API-KEY]. In other words, replace the username and API key with your values separated with a : character, then base64-encode the result. For example, to authorize as demo:p@55w0rd, set the header to Authorization: Basic ZGVtbzpwQDU1dzByZA==.

Exclude PII when fetching audit logs

For Self-Managed and Dedicated Cloud, a W&B organization or instance admin can exclude PII when fetching audit logs. For Multi-tenant Cloud, the API endpoint always returns relevant fields for audit logs, including PII. This isn’t configurable. To exclude PII, pass the anonymize=true URL parameter. For example, to get audit logs for user activity within the last week and exclude PII, if your W&B instance URL is https://mycompany.wandb.io, use an API endpoint like: 
https://mycompany.wandb.io/admin/audit_logs?anonymize=true&[ADDITIONAL-PARAMETERS].

Actions

Each audit log entry records one of the following actions. Use this reference to interpret the action field in a log entry. The following table describes possible actions that W&B can record, sorted alphabetically.
ActionDefinition
artifact:createArtifact is created.
artifact:deleteArtifact is deleted.
artifact:readArtifact is read.
project:deleteProject is deleted.
project:readProject is read.
report:readReport is read. 1
run:delete_manyBatch of runs is deleted.
run:deleteRun is deleted.
run:stopRun is stopped.
run:undelete_manyBatch of runs is restored from trash.
run:update_manyBatch of runs is updated.
run:updateRun is updated.
sweep:create_agentSweep agent is created.
team:create_service_accountService account is created for the team.
team:createTeam is created.
team:deleteTeam is deleted.
team:invite_userUser is invited to team.
team:uninviteUser or service account is uninvited from team.
user:create_api_keyAPI key for the user or service account is created. 1
user:createUser is created. 1
user:deactivateUser is deactivated. 1
user:delete_api_keyAPI key for the user or service account is deleted. 1
user:initiate_loginUser initiates log in. 1
user:loginUser logs in. 1
user:logoutUser logs out. 1
user:permanently_deleteUser is permanently deleted. 1
user:reactivateUser is reactivated. 1
user:readUser profile is read. 1
user:updateUser is updated. 1
1: On Multi-tenant Cloud, audit logs are not collected for:
  • Open or Public projects.
  • The report:read action.
  • User actions that aren’t tied to a specific organization.