Grant Access to Data in Audit Indexes
This feature is in Beta. To participate, contact your Sumo Logic account executive.
Sumo Logic has added new role capabilities that allow you to grant access to the following audit indexes:
- Search Audit Index. Contains logs on search usage and activities for your account, and is stored in the
sumologic_search_usage_per_querypartition. - Data Volume Index. Contains logs that provide visibility in ingest volume, and is stored in the
sumologic_volume_indexpartition. - Audit Event Index. Contains JSON logs on account activities, both actions initiated by users and actions initiated by Sumo Logic. User event logs ares stored in the
sumologic_audit_eventspartition. Sumo Logic event logs are stored in thesumologic_system_eventspartition. - Audit Index. Contains account activity logs from Sumo Logic's older logging framework, and is stored in the
sumologic_auditpartition.
With this change, role search filters will no longer be applied to audit indexes. Log Monitors use the view audit index capability of their creator.
The table below describes the role capabilities required to access audit indexes.
| Role Capability | Description |
|---|---|
| Search Audit Index | Grants access to all of the data in the Search Audit Index. |
| Data Volume Index | Grants access to all of the data in the Data Volume Index and to system action events in the Audit Event Index. (System action events are events resulting from Sumo Logic actions.) |
| Audit Event Index | Grants access to all of the user action events in the Audit Event Index, and all the data in the Audit Index. (User action events are events resulting from user actions.) |