Skip to main content

Administrating MarkLogic Server

Audit Log Content

The information included in an audit log depends on the type of event. All audit log entries include basic information such as the event type, user, success, and roles assigned to the user. Audit log entries may include the following space-separated fields:

Log Entry Field	Description	Example
Timestamp	Contains the date and time the auditable action occurred.	`2012-03-26 10:55:53.735`
Event	The name of the event that triggered the log entry. The possible auditable events are listed in Auditable Events.	`event=amp-usage`
Function	The function that was being executed during the event.	`function=http://marklogic.com/xdmp/admin:read-config-file`
Expression	The query expression that triggered this audit event.	`expr=cts:element-value-query(xs:QName("info:status"), ("active", "unloading"), ("unstemmed","lang=en"), 1)`
Type	The type of task inside the MarkLogic server that generated the specific event.	`type=node-update`
URI	The document URI involved in the event.	`uri=/queries/5523898374388210414.txt`
Database	The database that was accessed during the event.	`database=Security`
Outcome	This indicates the success or failure of the action that triggered the audit event.	`success=true`
User	The user that performed the action.	`user=infostudio-admin`
Roles	The roles assigned to the user performing the action.	`roles=cpf-restart,infostudio-user`

In this section: