Looker events

This page describes the events that Looker generates and how to view them.

Viewing events

Looker events are visible in the System Activity Event and Event Attribute Explores. You must be a Looker admin or have the see_system_activity permission to view the Event and Event Attribute Explores.

If you have enabled the System Activity Model Labs feature, you will see the list of System Activity Explores, including the Event and Event Attribute Explores, at the bottom of your Explore menu.

The Event Explore includes the Event view, which includes categories, created dates and times, and names of each event created.

The Event Attribute Explore includes both the Event view and the Event Attribute view. The Event Attribute view shows the name and value of each attribute related to an individual event.

Common event attributes

Each Looker-generated event includes a set of data about the event. These common attributes are:

Attribute Name Description
id Unique numeric identifier of the event
user_id Unique numeric ID of the user who triggered the event
name Name of the specific event that occurred, for example, create_dashboard
created Date and time, in UTC, that the event was created
category High-level category associated with the event, for example, dashboard
sudo_user_id Unique numeric ID of the actual user who is impersonating the user indicated by user_id
is_looker_employee Whether the user identified by user_id is a Looker employee
is_admin Whether the user identified by user_id is a Looker admin
is_api_call Whether the event was caused by an API call

List of event types

The table below lists several events that can be generated by a Looker server.

This list includes the name of the event, the action or situation that can trigger the generation of the event, and a list of attributes associated with each event.

Event Type Trigger Attributes
add_external_email_to_scheduled_task An email outside the organization domain was added to a scheduled task.
  • scheduled_task_id: ID of the scheduled task
  • external email: email that was added
    		•
    add_group_group A group was added as a member of another group.
  • parent_group_id: ID of the parent group
  • adding_group_id: ID of the added group
  • deleting_group_id: ID of the deleted group
    		•
    add_group_user A user was added to a group.
  • group_id: ID of the group
  • user_id: ID of the user
    		•
    add_user_to_scheduled_task A user was added to a scheduled task.
  • scheduled_task_id: ID of the scheduled task
  • user_id: ID of the added user
    		•
    alert_options_v0 A user selected the alert button on a dashboard tile.
  • duration: the time it took Looker to load the alert options for the dashboard tile, in seconds
  • success: whether Looker successfully loaded alert options for the dashboard tile
    		•
    async_query_execution A query was sent to a database (not retrieved from Looker cache).
  • eager_poll: Whether the query was initiated with eager polling. Eager polling is when Looker keeps the connection to the database open while the query runs, rather than waiting for the database to notify Looker that the query is complete. It improves performance for fast queries.
    		•
    create_alert A user created an alert.
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to create the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was created by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully created
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query
    		•
    create_connection A user created a connection.
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • dialect: database dialect used in the connection
  • name: name of the connection
    		•
    create_dashboard_element A dashboard tile was created on a dashboard.
  • dashboard_element_id: ID of the dashboard tile
    		•
    create_dashboard_render_task A new task was created to render a dashboard to a document or an image.
  • render_task_id: ID of the render task
  • dashboard_id: ID of the dashboard to be rendered
  • lookml_dashboard: whether the dashboard is a LookML dashboard
  • target_type: resulting format of the rendered dashboard
    		•
    create_homepage_item A new curated homepage item was created.
  • has_title: whether the item has a title
  • has_text: whether the item has text
  • has_link: whether the item has a link
  • has_image: whether the item has an image
    		•
    create_homepage_section A new curated homepage section was created.
  • homepage_section_id: ID of the curated section
    		•
    create_look_prefetch A prefetch for a Look was created with the specified information.
  • look_id: ID of the Look that had a prefetch created
    		•
    create_look A Look was created or deleted.
  • look_id: ID of the Look
    		•
    create_look_render_task A new task was created to render a Look to an image.
  • render_task_id: ID of the render task
  • look_id: ID of the Look to be rendered
  • format: resulting image format
    		•
    create_project_file A new file was created in a project.
  • project: name of the project
  • file: the name of the newly created file
  • file_type: the type of file created (model, view, etc)
    		•
    create_query_render_task A new task was created to render an existing query to an image.
  • render_task_id: ID of the render task
  • query_id: ID of the query to be rendered
  • format: resulting image format
    		•
    create_query A query was created.
  • query_id: ID of the new query
    		•
    create_role A new role was created.
  • role_id: ID of the new role
  • permission_set_id: ID of the role's permission set
  • model_set_id: ID of the role's model set
    		•
    create_saml_test_config A SAML test configuration was created.
  • has_error: whether the SAML config has an error
    		•
    create_scheduled_plan_destination A scheduled plan destination was created. scheduled_plan_destination_id: ID of the created plan
    create_sql_query A SQL Runner query was created.
  • query_id: ID of the new query
    		•
    create_upload A CSV file for user-defined table generation/load was uploaded.
  • upload_id: ID of the uploaded data
    		•
    create_user_access_filter An access filter was created for the specified user.
  • for_user_id: ID of the user whose access filters were created
    		•
    create_user_credentials_api (Legacy) API login information was created for the specified user. This is for API Users used for the old query API.
  • for_user_id: ID of the user whose API credentials were created
    		•
    create_user_credentials_api3 API 3 login information was created for the specified user. This is for the newer API keys that can be added for any user.
  • for_user_id: ID of the user whose API 3 credentials were created
    		•
    create_user_credentials_email Email/password login information was created for the specified user.
  • for_user_id: ID of the user whose email credentials were created
    		•
    create_user_credentials_email_password_reset A password reset token was created.
  • for_user_id: ID of the user whose password reset token was created
    		•
    create_user_credentials_totp Two-factor login information was created for the specified user.
  • for_user_id: ID of the user whose TOTP credentials were created
    		•
    create_user A user was created with the specified information.
  • user_id: ID of the user whose account was created
  • reason: (optional) method used to create the user account. If reason is missing, an admin created the user account. Otherwise, the account was automatically created as a result of a user action like login, license_setup, marketplace_setup, or self_created.
  • type: (optional) credentials type for this user, especially if the user was auto-created at login
    		•
    dashboard.next.rendered A dashboard was rendered as a PDF.
  • dashboard_id: ID of the dashboard
  • load_session_id: unique hash ID of the load session
  • cache_count: number of dashboard queries that were pulled from cache
  • query_count: number of dashboard queries that were run on the database
  • ttr: time to run the dashboard, in milliseconds
    		•
    dashboard.run.data_received A dashboard received query results for one of its tiles.
  • load_session_id: unique hash ID of the dashboard load session
  • run_session_id: unique hash ID of the dashboard run session
  • query_task_id: ID of the query task that was run asynchronously for this dashboard
    		•
    dashboard.run.data_rendered A dashboard rendered a visualization for one of its tiles.
  • load_session_id: unique hash ID of the dashboard load session
  • run_session_id: unique hash ID of the dashboard run session
  • query_task_id: ID of the query task that was run asynchronously for this dashboard
  • vis_type: visualization type of the dashboard tile.
    		•
    dashboard.run.start A dashboard was run.
  • cache_run: whether the user selected Clear cache and refresh
  • load_session_id: unique hash ID of the load session
  • run_session_id: unique hash ID of the run session
    		•
    datagroup_trigger_changed A datagroup trigger was changed.
  • runtime: total time to run the trigger
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • name: name of the datagroup
    		•
    delete_alert An alert was deleted from a dashboard tile.
  • duration: the time it took Looker to delete the alert, in seconds
  • success: whether Looker successfully deleted the alert
    		•
    delete_connection A user deleted a connection.
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • name: name of the connection
    		•
    delete_dashboard_element A dashboard tile was deleted from a dashboard.
  • dashboard_element_id: ID of the dashboard tile
    		•
    delete_group_from_group A group was deleted as a member of another group.
  • parent_group_id: ID of the parent group
  • adding_group_id: ID of the added group
  • deleting_group_id: ID of the deleted group
    		•
    delete_group_user A user was removed from a group.
  • group_id: ID of the group
  • user_id: ID of the user who was removed from the group
    		•
    delete_homepage_item A homepage item was deleted.
  • homepage_item_id: ID of the deleted homepage item
    		•
    delete_homepage_section A homepage section was deleted.
  • homepage_section_id: ID of the deleted homepage section
    		•
    delete_look A Look was deleted.
  • look_id: ID of the deleted Look
    		•
    delete_model_set A model set was deleted.
  • model_set_id: ID of the deleted model set
    		•
    delete_permission_set A permission set was deleted.
  • permission_set_id: ID of the deleted permission set
    		•
    delete_project_file A file was deleted in a project.
  • project: name of the project
  • file: the name of the deleted file
  • file_type: the type of file deleted (model, view, etc)
    		•
    delete_role A role was deleted.
  • role_id: ID of the deleted role
    		•
    delete_saml_test_config A SAML test configuration was deleted. none
    delete_scheduled_plan_destination A scheduled plan destination was deleted. scheduled_plan_destination_id: ID of the deleted scheduled plan
    delete_space A folder was removed. none
    delete_upload An uploaded table with a specific ID was dropped.
  • upload_id: ID of the table
    		•
    delete_user_access_filter An access filter for the specified user was deleted.
  • for_user_id: ID of the user whose access filters were deleted
    		•
    delete_user_credentials_api (Legacy) API login information for the specified user was deleted. This is for API Users used for the old query API.
  • for_user_id: ID of the user whose API credentials were deleted
    		•
    delete_user_credentials_api3 API 3 login information for the specified user was deleted. This is for the newer API keys that can be added for any user.
  • for_user_id: ID of the user whose API 3 credentials were deleted
    		•
    delete_user_credentials_email Email/password login information for the specified user was deleted.
  • for_user_id: ID of the user whose email credentials were deleted
    		•
    delete_user_credentials_embed Embed login information for the specified user was deleted.
  • for_user_id: ID of the user whose Embed credentials were deleted
    		•
    delete_user_credentials_google Google authentication login information for the specified user was deleted.
  • for_user_id: ID of the user whose Google credentials were deleted
    		•
    delete_user_credentials_ldap LDAP login information for the specified user was deleted.
  • for_user_id: ID of the user whose LDAP credentials were deleted
    		•
    delete_user_credentials_looker_openid Looker OpenID login information for the specified user was deleted. Used by Looker analysts.
  • for_user_id: ID of the user whose Looker OpenID credentials were deleted
    		•
    delete_user_credentials_saml SAML authentication login information for the specified user was deleted.
  • for_user_id: ID of the user whose SAML credentials were deleted
    		•
    delete_user_credentials_totp Two-factor login information for the specified user was deleted.
  • for_user_id: ID of the user whose TOTP credentials were deleted
    		•
    delete_user_session A web login session for the specified user was deleted.
  • for_user_id: ID of the user whose session was deleted
    		•
    delete_user A user was deleted.
  • user_id: ID of the user whose account was deleted
    		•
    detect_alert_drift Before running an alert, Looker checks to see if the underlying dashboard tile has changed.
  • alert_condition_base_query_id: The query ID of the dashboard tile. Usually matches dashboard_element_query_id
  • alert_condition_condition_query_id: The query ID of the alert condition
  • alert_condition_id: The ID of the alert condition. Usually matches the alert_id
  • alert_id: The unique ID of the alert
  • dashboard_element_id: The dashboard element ID of the underlying dashboard tile
  • dashboard_element_query_id: The query ID of the dashboard tile
  • dashboard_type: The type of dashboard (user defined dashboard or LookML dashboard)
  • suspected_reason: The change to the dashboard element. If no changes are detected, the value will be no_drift
  • sync_classification: A detailed list of all changes made to the dashboard element
  • sync_type: Whether the change to the dashboard element is likely to cause disruption to the alert. If no changes are detected, the value will be null
    		•
    disable_user A user account was disabled.
  • user_id: ID of the user whose account was disabled
    		•
    enable_user A user account was enabled.
  • user_id: ID of the user whose account was enabled
    		•
    enter_sudo A user entered sudo (impersonation) as another user in the UI.
  • target_user_id: ID of the target user
  • session_id: ID of the Looker session
    		•
    exit_sudo A user exited sudo (impersonation) as another user in the UI.
  • target_user_id: ID of the target user
  • session_id: ID of the Looker session
    		•
    export_query A user downloaded a file in a format other than PNG or PDF
  • dialect: Database dialect of the query
  • export_format: The format of the download (CSV, JSON, etc)
  • history_id: History ID of the query
  • query_params: Query parameters that describe the query
  • source: The source from which the download originated (API, drill modal, etc)
    		•
    fetch_and_parse_saml_idp_metadata The given URL was fetched and parsed as a SAML IdP metadata document, and the result was returned. none
    find_and_replace The find and replace function of the Content Validator was used.
  • replace_type: type of replacement. field, view, model, or explore
  • error_count: number of errors, if any
  • look_ids: IDs of Looks that were successfully updated, if any
    		•
    follow_alert A user followed an alert.
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to follow the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was followed by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully followed
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query
    		•
    generating_mail_dashboard A dashboard was rendered as an email.
  • source_url: source URL of the dashboard
  • items: number of dashboard elements rendered
    		•
    generating_pdf A dashboard was rendered as a PDF.
  • source_url: source URL of the dashboard
  • items: number of dashboard elements rendered
    		•
    get_alerts_v0 A user selected the alert button on a tile, and Looker computed the number of alerts already on that tile.
  • duration: the time it took Looker to compute the number of alerts on the tile, in seconds
  • count: the number of alerts on the tile
  • success: whether Looker successfully computed the number of alerts on the tile
    		•
    login A user logged in to the UI or API.
  • type: type of authentication system
  • ldap: whether the login occurred via the LDAP protocol
  • ip: IP address of the request
  • user_id: ID of the user who logged in
    		•
    login_failure A user's login attempt to the UI or API failed.
  • type: type of authentication system
  • ip: IP address of the request
  • user_id_offered: user identifier string that the user offered in the attempt (as appropriate for the different auth systems)
  • msg: details string about the attempt processing
    		•
    login_user An API session was transformed to impersonate a user. This is often used when a service account is configured to enable API calls on behalf of users without needing to provision API credentials for individual users.
  • target_user_id: ID of the target user
  • token_id: ID of the session token for this API session
    		•
    lookml_dashboard_metadata_saved Looker performed a periodic check on the state of LookML dashboards on the instance.
  • added_dashboard_count: the number of LookML dashboards that were created since the last check
  • deleted_dashboard_count: the number of LookML dashboards that were deleted since the last check
  • updated_dashboard_count: the number of LookML dashboards that were updated since the last check
    		•
    mail_opened An email was opened.
  • mail_type: password reset or scheduled task, for example
  • recipient: hash of the recipient's email address
  • build_time: time at which the MailJob was created
  • look_id: ID of the Look (if a Look email is scheduled); otherwise, null
  • dashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, null
  • scheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null
    		•
    mail_sent An email was sent by the mailer.
  • mail_type: password reset or scheduled task, for example
  • recipient: hash of the recipient's email address
  • look_id: ID of the Look (if a Look email is scheduled); otherwise, null
  • dashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, null
  • scheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null
    		•
    move_space A folder was moved or renamed.
  • origin_space_id: ID of the original parent
  • destination_space_id: ID of the new parent
    		•
    new_model_set A model set was created.
  • model_set_id: ID of the new model set
  • models: JSON object containing the models
    		•
    new_permission_set A permission set was created.
  • permission_set_id: ID of the new permission set
  • permissions: JSON object containing the permissions
    		•
    new_space A folder was added.
  • has_parent: whether the folder has a parent folder
    		•
    oauth_client_app_user_authentication An application attempted to authenticate to the Looker instance.
  • oauth_client_app_guid : the unique ID that the app identifies itself with
  • type: the type of authentication that the app used. Most often api
  • user_id: the Looker user ID that the app authenticated as
    		•
    parse_saml_idp_metadata The given XML was parsed as a SAML IdP metadata document, and the result was returned. none
    pdt_build A PDT was rebuilt.
  • temporary: table generated a temporary table
  • runtime: total time to build the table
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • status: build_ready, build_complete, build_aborted, build_canceled, build_error, or nil
  • source: regenerator or query
  • dev_mode: whether the PDT was built for a user in Development Mode
    		•
    pdt_regen A PDT regen was executed on a connection.
  • connection_id: ID of the connection
  • connection_name: name of the connection
  • dialect: dialect of the connection
  • status: skipped_pending_cron, skipped_invalid_connection, skipped_unwritable_schema, success, error_in_regen, or nil
  • runtime: total time to regen all PDTs on the connection
  • checked_count: number of PDTs checked
  • built_count: number of PDTs built
  • canceled_count: number of PDT regens canceled (query killed)
  • failed_count: number of PDT regens that failed for an unknown reason
    		•
    redirect_query A new query was mapped to an existing query.
  • look_id: ID of the Look for this query
  • model: name of the model for this query
  • view: name of the view for this query
    		•
    render_scheduled_dashboard A scheduled dashboard was rendered.
  • target_uri: URI of the dashboard to be rendered
  • type: rendered file type
    		•
    render_scheduled_look A scheduled Look was rendered.
  • target_uri: URI of the Look to be rendered
  • type: rendered file type
  • dimensions: dimensions of the rendered image
    		•
    render_timeout_for_scheduled_dashboard A timeout occurred while a scheduled dashboard was being rendered.
  • target_uri: URI of the dashboard that was rendered
  • type: rendered file type
    		•
    render_timeout_for_scheduled_look A timeout occurred while a scheduled Look was being rendered.
  • target_uri: URI of the Look that was rendered
  • type: rendered file type
  • dimensions: dimensions of the rendered image
    		•
    run_alert An alert's condition was checked.
  • alert_id: ID of the alert
  • condition_met: whether the alert's conditions were met
  • cron: the cron string that defines when the alert is checked
  • elapsed_time: the total amount of time it took for Looker to check the alert condition, in seconds. This includes query runtime and initialization
  • embed_user: whether this alert was created by an embedded user
  • followable: whether this alert is followable
  • init_duration: the time it took Looker to initialize the alert condition check, in seconds
  • public: whether this alert is public
  • runtime: the time it took for Looker to run the alert's query, in seconds
  • success whether this alert condition was successfully checked
  • vis_type: the visualization type of the alert's query
    		•
    run_query A query was completed through the Query Manager.
  • model: model used
  • view: view in model
  • query: query string stored in the history entry
  • history_id: ID of the history entry
  • runtime: runtime up to completion, error, or kill
  • status: completed, killed, or error
  • uri_length: length of the query string passed in query
  • dialect: dialect of the database for this query
  • dashboard_id: ID of the UDD dashboard or the name of the LookML dashboard
  • look_id: ID of the Look for this query
    		•
    run_query_task A saved query was run asynchronously.
  • query_task_id: ID of the query task to run asynchronously
    		•
    run_scheduled_task A scheduled task was run.
  • scheduled_task_id: ID of the scheduled task
  • sent: whether the results were sent (published)
    		•
    run_sql_query A SQL query was run from SQL Runner.
  • slug: slug of the query
  • user_id: user who ran the query
  • last_runtime: how long the query took the last time it executed
  • run_count: how many times the query has been executed
  • dialect: dialect of the query
    		•
    save_look A Look was saved.
  • look_id: ID of the Look
  • vis_type: vis type of the query
  • keep_exploring: user did not immediately view the new Look
    		•
    save_project_file A file was saved in a project.
  • project: name of the project
  • file: the name of the saved file
  • file_type: the type of file saved (model, view, etc)
    		•
    scheduler_deliver The scheduler delivered a scheduled job.
    • dashboard_id: the numeric ID of the dashboard. Null if scheduled content is not a user-defined dashboard.
    • enabled: whether this schedule is enabled.
    • lookml_dashboard_id: the textual ID of the LookML dashboard. Null if the scheduled content is not a LookML dashboard.
    • scheduled_job_tracking_id: the tracking ID for the scheduled job.
    • backlog_when_dequeued: the number of schedules in the scheduler queue when this schedule ran.
    • backlog_when_enqueued: the number of schedules in the scheduler queue when this schedule entered the queue.
    • crontab: the frequency at which the schedule should be checked. Presented in cron format.
    • destination_count: the number of destinations that this schedule should be sent to.
    • started_at: the time at which the schedule job started
    • seconds_in_queue: the number of seconds that this schedule spent in the queue.
    • completed_at: the time at which the schedule was sent
    • look_id: the numeric ID of the Look. Null if scheduled content is not a Look.
    • scheduled_plan_id: the numeric ID of this scheduled plan.
    • user_id: the numeric ID of the user who created this schedule.
    • format: the data format that the scheduled content should be sent in.
    • destination_types: a list of destination types that this schedule should be sent to.
    • status: the status of this schedule job
    • require_no_results: whether this schedule requires that no results are returned in order to send.
    • run_once: whether this scheduled job was triggered by a user selecting Run once or Test on the scheduler modal.
    • require_change: whether this schedule requires that results changed from the last run in order to send.
    • require_results: whether this schedule requires that results are returned in order to send.
    • timezone: the timezone of this schedule's crontab frequency.
    scheduler_execute The scheduler checked whether a scheduled job should be run.
    • dashboard_id: the numeric ID of the dashboard. Null if scheduled content is not a user-defined dashboard.
    • enabled: whether this schedule is enabled.
    • lookml_dashboard_id: the textual ID of the LookML dashboard. Null if the scheduled content is not a LookML dashboard.
    • scheduled_job_tracking_id: the tracking ID for the scheduled job. Null if no scheduled job was created during this check.
    • should_deliver: whether a scheduled job should be run during this check. For example, if the scheduled content is a Look, and the schedule is set to run only if there are results, then the scheduled job may not be created during each check.
    • crontab: the frequency at which the schedule should be checked. Presented in cron format.
    • destination_count: the number of destinations that this schedule should be sent to.
    • started_at: the time at which the scheduler check started
    • completed_at: the time at which the scheduler check completed
    • look_id: the numeric ID of the Look. Null if scheduled content is not a Look.
    • scheduled_plan_id: the numeric ID of this scheduled plan.
    • user_id: the numeric ID of the user that created this schedule.
    • format: the data format that the scheduled content should be sent in.
    • destination_types: a list of destination types that this schedule should be sent to.
    • status: the status of this schedule check
    • require_no_results: whether this schedule requires that no results are returned in order to send.
    • run_once: whether this scheduled job was triggered by a user selecting Run once or Test on the scheduler modal.
    • require_change: whether this schedule requires that results changed from the last run in order to send.
    • require_results: whether this schedule requires that results are returned in order to send.
    • timezone: the timezone of this schedule's crontab frequency.
    set_legacy_feature_#{id}_to_#{val} The legacy feature #{id} was set to #{val} by a user.
  • legacy_feature_id: ID of the legacy feature being altered
    		•
    support_access_disabled Looker Support auth access was turned off or toggled by an admin or a privileged developer.
  • support_access_open: false
  • support_access_open_until: time at which the toggle was set to nil
    		•
    support_access_enabled Looker Support auth access was turned on or toggled by an admin or a privileged developer.
  • support_access_open: true
  • support_access_open_until: time at which the toggle was automatically set to false
    		•
    test_ldap_config_auth The connection authentication settings for an LDAP configuration were tested.
  • success: whether the test was successful
    		•
    test_ldap_config_connection The connection settings for an LDAP configuration were tested.
  • success: whether the test was successful
    		•
    test_user_auth The user authentication settings for an LDAP configuration were tested.
  • success: whether the test was successful
    		•
    test_user_info The user authentication settings for an LDAP configuration were tested without the user being authenticated.
  • success: whether the test was successful
    		•
    track_content_view A user viewed a Look or dashboard.
  • content_id: ID of the Look or dashboard
  • content_type: the type of content viewed, most commonly dashboards-next or looks
    		•
    unchanged_oauth_client_app Looker periodically checks the status of connectors such as Connected Sheets.
  • app_client_guid: the unique ID of the connector
  • app_display_name: the user-friendly name of the connector
  • app_enabled: whether the connector is enabled
    		•
    unfollow_alert A user unfollowed an alert.
  • alert_id: ID of the alert
  • channel_destinations: the number of Slack channels that this alert will post in
  • cron: the cron string that defines when the alert is checked
  • duration: the time it took for Looker to unfollow the alert, in seconds
  • email_destinations: the number of email addresses that this alert will send to
  • embed_user: whether this alert was unfollowed by an embedded user
  • followable: whether this alert is followable
  • public: whether this alert is public
  • success whether this alert was successfully unfollowed
  • total_destinations: the total number of destinations, including Slack channels and email addresses, that this alert will send to
  • vis_type: the visualization type of the alert's query
    		•
    update_connection A user updated a connection.
  • connection_id: numeric ID of the connection
  • database: name of the database used in the connection
  • name: name of the connection
    		•
    update_embed_config The Embed configuration was updated.
  • old_value: previous auth enabled setting
  • new_value: new auth enabled setting
  • action: whether auth was enabled or disabled
  • domain_whitelist_count: count of allowlist domains
    		•
    update_google_config The Google auth settings were updated.
  • action: enabled, disabled, or modified
    		•
    update_homepage_item A curated homepage item was updated.
  • homepage_item_id: ID of the updated homepage item
  • has_title: whether the item has a title
  • has_text: whether the item has text
  • has_link: whether the item has a URL
  • has_image: whether the item has an image
    		•
    update_homepage_section A curated homepage section (title) was updated.
  • homepage_item_id: ID of the updated homepage item
    		•
    update_ldap_config The LDAP auth settings were updated.
  • action: enabled, disabled, or modified
    		•
    update_model_set The models in a model set were changed.
  • model_set_id: ID of the updated model set
  • old_models: JSON object containing the old models
    		•
    update_oidc_config The OpenID Connect auth settings were updated.
  • action: enabled, disabled, or modified
    		•
    update_permission_set The permissions in a permission set were changed.
  • permission_set_id: ID of the updated permission set
  • old_permissions: JSON object containing the old permissions
  • new_permissions: JSON object containing the new permissions
    		•
    update_role_groups All groups for a role were set, and all existing group associations from that role were removed.
  • role_id: ID of the role
  • group_ids: IDs of groups to set for the role
    		•
    update_role_users The set of users with a given role was edited.
  • role_id: ID of the role
  • old_user_ids: JSON object containing the old users with the role
  • new_user_ids: JSON object containing the new users with the role
    		•
    update_role A role was updated.
  • role_id: ID of the role
  • old_permission_set_id: ID of the role's old permission set
  • old_model_set_id: ID of the role's old model set
  • new_permission_set_id: ID of the role's new permission set
  • new_model_set_id: ID of the role's new model set
    		•
    update_saml_config The SAML auth settings were updated.
  • action: enabled, disabled, or modified
    		•
    update_scheduled_plan_destination A scheduled plan destination was updated. scheduled_plan_destination_id: ID of the updated plan
    update_space A folder was updated.
  • space_id: ID of the updated folder
    		•
    update_totp_config The two-factor auth settings were updated.
  • action: enabled, disabled, or modified
    		•
    update_upload The upload table definition was updated and the DB table was created/loaded.
  • upload_id: ID of the uploaded data that was imported to the database
    		•
    update_user A user's information was updated.
  • user_id: ID of the modified user
    		•
    update_user_access_filter An access filter was updated for the specified user.
  • for_user_id: ID of the user whose access filters were updated
    		•
    update_user_credentials_email Email/password login information was updated for the specified user.
  • for_user_id: ID of the user whose email credentials were updated
    		•
    update_user_facts_chunk Looker updated the User Facts table in the User explore. The table is updated hourly.
  • chunk_number: ID of the chunk of users about whom Looker computed user facts
  • elapsed_seconds: number of seconds Looker took to compute user facts
  • facts_created: number of fact entries created
  • facts_deleted: number of fact entries deleted
  • users_processed: number of users processed in this chunk
    		•
    update_whitelabel_configuration The private label configuration was updated. none
    upload_file The contents of file were uploaded to Looker for user-defined table generation and load.
  • upload_id: ID of the upload that has the custom file attached to it for later import
    		•
    user_permission_elevation A change occurred that caused a user's permissions to be increased in some way.
  • user_id: ID of the user whose permissions changed
  • embed_user: whether this was an Embed user
  • added_permissions: list or permissions that were added
  • old_permissions: list of permissions before the change
  • new_permissions: list of permissions after the change
  • cause: name of the event that caused the change, or unknown if the change can't be attributed to a specific event
  • cause_event_id: ID of the event that caused the change
    		•
    user_roles_updated A user's roles were edited.
  • user_id: ID of the modified user
  • role_ids: JSON object containing the user's roles
    		•