Looker events
This page describes the events that Looker generates and how to view them.
Viewing events
Looker events are visible in theSystem ActivityEvent andEvent Attribute Explores. You must be a Looker admin or have thesee_system_activity permission to view theEvent andEvent Attribute Explores.
If you have enabled theSystem Activity ModelLabs feature, you will see the list of System Activity Explores, including theEvent andEvent Attribute Explores, at the bottom of your Explore menu.
TheEvent Explore includes theEvent view, which includes categories, created dates and times, and names of each event created.
TheEvent Attribute Explore includes both theEvent view and theEvent Attribute view. TheEvent Attribute view shows the name and value of each attribute related to an individual event.
Common event attributes
Each Looker-generated event includes a set of data about the event. These common attributes are:
| Attribute name | Description |
|---|---|
id | Unique numeric identifier of the event |
user_id | Unique numeric ID of the user who triggered the event |
name | Name of the specific event that occurred, for example,create_dashboard |
created | Date and time, in UTC, that the event was created |
category | High-level category associated with the event, for example,dashboard |
sudo_user_id | Unique numeric ID of the actual user who is impersonating the user indicated byuser_id |
is_looker_employee | Whether the user identified byuser_id is a Looker employee |
is_admin | Whether the user identified byuser_id is a Looker admin |
is_api_call | Whether the event was caused by an API call |
List of event types
The following table lists several events that can be generated by a Looker server.
This list includes the name of the event, the action or situation that can trigger the generation of the event, and a list of attributes associated with each event.
| Event type | Trigger | Attributes |
|---|---|---|
accept_integration_hub_legal_agreement | A user accepted the legal agreement for a custom Action Hub server. | none |
account_manually_unlocked | A login lockout was removed for a user. | key: key of the useruser_id: ID of the user |
acquire_cookieless_embed_session | A cookieless embed session was initiated. | none |
activate_oauth_client_app_user | A user was activated on an OAuth app client, usually by accepting the terms and permissions of the app. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the activated user |
add_external_email_to_scheduled_task | An email outside the organization domain was added to a scheduled task. | scheduled_task_id: ID of the scheduled taskexternal email: email that was added |
add_group_group | A group was added as a member of another group. | parent_group_id: ID of the parent groupadding_group_id: ID of the added groupdeleting_group_id: ID of the deleted group |
add_group_user | A user was added to a group. | group_id: ID of the groupuser_id: ID of the user |
add_user_to_scheduled_task | A user was added to a scheduled task. | scheduled_task_id: ID of the scheduled taskuser_id: ID of the added user |
alert_options_v0 | A user selected the alert button on a dashboard tile. | duration: time taken for Looker to load the alert options for the dashboard tile, in secondssuccess: whether Looker successfully loaded alert options for the dashboard tile |
async_query_execution | A query was sent to a database (not retrieved from Looker cache). | eager_poll: Whether the query was initiated with eager polling. Eager polling is when Looker keeps the connection to the database open while the query runs, rather than waiting for the database to notify Looker that the query is complete. It improves performance for fast queries. |
copy_dashboard | A dashboard was copied. | dashboard_id: ID of the dashboardfolder_id: ID of the destination folder |
copy_look | A Look was copied. | look_id: ID of the Lookfolder_id: ID of the destination folder |
create_agent | A Conversational Analytics user created a data agent. | none |
create_alert | A user created an alert. | alert_id: ID of the alertchannel_destinations: number of Slack channels that this alert will post incron: cron string that defines when the alert is checkedduration: time taken for Looker to create the alert, in secondsemail_destinations: number of email addresses that this alert will send toembed_user: whether this alert was created by an embedded userfollowable: whether this alert is followablepublic: whether this alert is publicsuccess whether this alert was successfully createdtotal_destinations: total number of destinations, including Slack channels and email addresses, that this alert will send tovis_type: visualization type of the alert's query |
create_color_collection | A custom color collection was created. | collection_id: ID of the color connection |
create_connection | A user created a connection. | connection_id: numeric ID of the connectiondatabase: name of the database used in the connectiondialect: database dialect used in the connectionname: name of the connection |
create_content_metadata_access | A user applied content access settings for a board, Look, dashboard, or folder. | content_metadata_id: ID of the content metadatagroup_id: ID of the group that the settings apply touser_id: ID of the user that the settings apply topermission_type: type of content access (view or edit)content_type: type of the content (board, Look, dashboard, or folder)send_boards_notification_email: whether an email notification should be sent to groups and users who can access a board |
create_conversation | A Conversational Analytics user created a new conversation. | none |
create_conversation_message | A Conversational Analytics user asked a question in a conversation. | count: number of messages in a conversation |
create_dashboard | A new dashboard object was created. | dashboard_id: ID of the dashboard |
create_dashboard_element | A dashboard tile was created on a dashboard. | dashboard_element_id: ID of the dashboard tile |
create_dashboard_element_render_task | A new task was created to render a dashboard tile to an image. | render_task_id: ID of the render taskdashboard_element_id: ID of the dashboard tile to be renderedformat: resulting format of the rendered dashboard tile |
create_dashboard_filter | A dashboard filter was created on a dashboard. | dashboard_filter_id: ID of the dashboard filter |
create_dashboard_layout | A dashboard layout was created. | dashboard_layout_id: ID of the dashboard layout |
create_dashboard_render_task | A new task was created to render a dashboard to a document or an image. | render_task_id: ID of the render taskdashboard_id: ID of the dashboard to be renderedlookml_dashboard: whether the dashboard is a LookML dashboardtarget_type: resulting format of the rendered dashboard |
create_embed_token_url | An embed URL was created. | prefix: prefix of the URL |
create_embed_user | An embedded user was created. | user_id: ID of the user |
create_external_oauth_application | An external OAuth application was created. | oauth_application_id: ID of the OAuth applicationname: name of the OAuth applicationdialect_name: name of the database dialect for the OAuth application |
create_favorite_content | A user marked a Look or dashboard as a favorite. | content_favorite_id: unique ID for the favorite object |
create_git_branch | A Git branch was created on a LookML project. | project_id: ID of the projectsuccessful: whether the branch creation was successful |
create_git_deploy_key | A Git deploy key was created on a LookML project. | project_id: ID of the project |
create_group | A group was created. | group_id: ID of the group |
create_homepage_item | A new curated homepage item was created. | has_title: whether the item has a titlehas_text: whether the item has texthas_link: whether the item has a linkhas_image: whether the item has an image |
create_homepage_section | A new curated homepage section was created. | homepage_section_id: ID of the curated section |
create_look_prefetch | A prefetch for a Look was created with the specified information. | look_id: ID of the Look that had a prefetch created |
create_look | A Look was created or deleted. | look_id: ID of the Look |
create_look_render_task | A new task was created to render a Look to an image. | render_task_id: ID of the render tasklook_id: ID of the Look to be renderedformat: resulting image format |
create_lookml_model | A LookML model was created. | lookml_model_id: ID of the LookML modelname: name of the LookML modelproject_name: name of the projectunlimited_db_connections: whether the model has unlimited database connectionsallowed_db_connection_names: list of database connection names that are allowed to be used in the model |
create_merge_query | A merged query was created. | merge_query_id: ID of the merge query |
create_oauth_application_user_state | A user state was created for an external OAuth application. | oauth_application_id: ID of the OAuth applicationuser_id: ID of the user |
create_oidc_test_config | An OpenID Connect test configuration was created. | has_error: Whether the test configuration has any errors |
create_project | A new LookML project was created. | project_id: name of the projectcreation_type: How the project was created: |
create_project_file | A new file was created in a project. | project: name of the projectfile: name of the newly created filefile_type: type of file created (model, view, etc) |
create_query_render_task | A new task was created to render an existing query to an image. | render_task_id: ID of the render taskquery_id: ID of the query to be renderedformat: resulting image format |
create_query | A query was created. | query_id: ID of the new query |
create_role | A new role was created. | role_id: ID of the new rolepermission_set_id: ID of the role's permission setmodel_set_id: ID of the role's model set |
create_saml_test_config | A SAML test configuration was created. | has_error: whether the SAML config has an error |
create_scheduled_plan_destination | A scheduled plan destination was created. | id: ID of the created plan |
create_sso_url | A signed embed URL was created. | secret_id: ID of the embed secret for this instancenonce: Nonce value for this URL |
create_ssh_server | An SSH server was created. | ssh_server_id: ID of the SSH server |
create_ssh_tunnel | An SSH tunnel was created. | ssh_server_id: ID of the SSH server |
create_sql_interface_query | A SQL Interface query was created. | query_id: ID of the new query |
create_sql_query | A SQL Runner query was created. | query_id: ID of the new query |
create_support_access_allowlist | A set of email addresses was added to the support access allowlist. | none |
create_theme | A theme was created. | id: ID of the theme |
create_upload | A CSV file for user-defined table generation/load was uploaded. | upload_id: ID of the uploaded data |
create_user_access_filter | An access filter was created for the specified user. | for_user_id: ID of the user whose access filters were created |
create_user_attribute | A user attribute was created. | label: Human-friendly label of the user attributename: name of the user attributeuser_attribute_id: ID of the user attribute |
create_user_credentials_api | (Legacy) API login information was created for the specified user. This is forAPI Users used for theold query API. | for_user_id: ID of the user whose API credentials were created |
create_user_credentials_api3 | API 3 login information was created for the specified user. This is for the newer API keys that can be added for any user. | for_user_id: ID of the user whose API 3 credentials were created |
create_user_credentials_email | Email/password login information was created for the specified user. | for_user_id: ID of the user whose email credentials were created |
create_user_credentials_email_password_reset | A password reset token was created. | for_user_id: ID of the user whose password reset token was created |
create_user_credentials_totp | Two-factor login information was created for the specified user. | for_user_id: ID of the user whose TOTP credentials were created |
create_user | A user was created with the specified information. | user_id: ID of the user whose account was createdreason: (optional) method used to create the user account. Ifreason is missing, an admin created the user account. Otherwise, the account was automatically created as a result of a user action likelogin,license_setup,marketplace_setup, orself_created.type: (optional) credentials type for this user, especially if the user was auto-created at login |
dashboard.next.rendered | A dashboard was rendered as a PDF. | dashboard_id: ID of the dashboardload_session_id: unique hash ID of the load sessioncache_count: number of dashboard queries that were pulled from cachequery_count: number of dashboard queries that were run on the databasettr: time to run the dashboard, in milliseconds |
dashboard.run.data_received | A dashboard received query results for one of its tiles. | load_session_id: unique hash ID of the dashboard load sessionrun_session_id: unique hash ID of the dashboard run sessionquery_task_id: ID of the query task that was run asynchronously for this dashboard |
dashboard.run.data_rendered | A dashboard rendered a visualization for one of its tiles. | load_session_id: unique hash ID of the dashboard load sessionrun_session_id: unique hash ID of the dashboard run sessionquery_task_id: ID of the query task that was run asynchronously for this dashboardvis_type: visualization type of the dashboard tile. |
dashboard.run.start | A dashboard was run. | cache_run: whether the user selectedClear cache and refreshload_session_id: unique hash ID of the load sessionrun_session_id: unique hash ID of the run session |
datagroup_trigger_changed | A datagroup trigger was changed. | runtime: total time to run the triggerconnection_id: ID of the connectionconnection_name: name of the connectiondialect: dialect of the connectionname: name of the datagroup |
deactivate_oauth_client_app_user | A user was deactived from an OAuth app client. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the deactivated user |
delete_alert | An alert was deleted from a dashboard tile. | duration: time taken for Looker to delete the alert, in secondssuccess: whether Looker successfully deleted the alert |
delete_color_collection | A custom color collection was deleted. | id: ID of the color collection |
delete_connection | A connection was deleted. | connection_id: numeric ID of the connectiondatabase: name of the database used in the connectionname: name of the connection |
delete_connection_override | A connection override was deleted. | connection_id: numeric ID of the connectiondatabase: name of the database used in the connectionname: name of the connectioncontext: context of connection override |
delete_content_metadata_access | A user removed content access settings for a board, Look, dashboard, or folder. | content_metadata_id: ID of the content metadatagroup_id: ID of the group that the settings apply touser_id: ID of the user that the settings apply topermission_type: type of content access (view or edit)content_type: type of the content (board, Look, dashboard, or folder)send_boards_notification_email: whether an email notification should be sent to groups and users who can access a board |
delete_conversation | A Conversational Analytics user deleted a conversation. | none |
delete_conversation_message | A Conversational Analytics user deleted the most recent question-answer pair. | none |
delete_cookieless_embed_session | A cookieless embed session was deleted. | session_reference_token: Reference token of the deleted session |
delete_dashboard | A dashboard was permanently deleted. | dashboard_id: ID of the deleted dashboard |
delete_dashboard_element | A dashboard tile was deleted from a dashboard. | dashboard_element_id: ID of the dashboard tile |
delete_dashboard_filter | A dashboard filter was deleted from a dashboard. | dashboard_filter_id: ID of the dashboard filter |
delete_dashboard_layout | A dashboard layout was deleted. | dashboard_layout_id: ID of the dashboard layout |
delete_favorite_content | A user unmarked a Look or dashboard as a favorite. | content_favorite_id: unique ID for the favorite object |
delete_folder | A folder was removed. | none |
delete_git_branch | A Git branch was deleted on a LookML project. | project_id: ID of the projectsuccessful: whether the branch delete was successfulerror_code: error code returned by the deletion process |
delete_group | A group was deleted. | group_id: ID of the group |
delete_group_from_group | A group was deleted as a member of another group. | parent_group_id: ID of the parent groupadding_group_id: ID of the added groupdeleting_group_id: ID of the deleted group |
delete_group_user | A user was removed from a group. | group_id: ID of the groupuser_id: ID of the user who was removed from the group |
delete_homepage_item | A homepage item was deleted. | homepage_item_id: ID of the deleted homepage item |
delete_homepage_section | A homepage section was deleted. | homepage_section_id: ID of the deleted homepage section |
delete_integration_hub | A custom Action Hub server was deleted. | integration_hub_id: ID of the Action Hub |
delete_look | A Look was deleted. | look_id: ID of the deleted Look |
delete_lookml_model | A LookML model was deleted. | lookml_model_id: ID of the LookML modelname: name of the LookML modelproject_name: name of the projectunlimited_db_connections: whether the model has unlimiteddatabase connectionsallowed_db_connection_names: list of database connection namesthat are allowed to be used in the model |
delete_mobile_device_registration | A mobile device registration was deleted. | none |
delete_model_set | A model set was deleted. | model_set_id: ID of the deleted model set |
delete_oauth_client_app | An OAuth app client was deleted. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the user who made the request |
delete_oidc_test_config | An OpenID Connect test configuration was deleted. | none |
delete_permission_set | A permission set was deleted. | permission_set_id: ID of the deleted permission set |
delete_project | A LookML project was deleted. | project_id: name of the project |
delete_project_file | A file was deleted in a project. | project: name of the projectfile: name of the deleted filefile_type: type of file deleted (model, view, etc) |
delete_repository_credential | A Git repository credential was deleted. | root_project_ID: ID of the repositoryremote_url: URL of the repositorycredential_id: ID of the deleted credentialexisted: whether the credential existed |
delete_role | A role was deleted. | role_id: ID of the deleted role |
delete_saml_test_config | A SAML test configuration was deleted. | none |
delete_scheduled_plan | A scheduled plan was deleted. | id: ID of the deleted scheduled plan |
delete_scheduled_plan_destination | A scheduled plan destination was deleted. | id: ID of the deleted scheduled plan destination |
delete_ssh_server | An SSH server was deleted. | ssh_server_id: ID of the SSH server |
delete_ssh_tunnel | An SSH tunnel was deleted. | ssh_server_id: ID of the SSH server |
delete_space | A folder was removed. | none |
delete_support_access_allowlist | A set of email addresses was removed from the support access allowlist. | none |
delete_theme | A theme was deleted. | id: ID of the theme |
delete_upload | An uploaded table with a specific ID was dropped. | upload_id: ID of the table |
delete_user_access_filter | An access filter for the specified user was deleted. | for_user_id: ID of the user whose access filters were deleted |
delete_user_attribute | A user attribute was deleted. | user_attribute_id: ID of the user attribute |
delete_user_attribute_group_value | A user attribute value was removed from a group. | group_id: ID of the groupuser_attribute_name: name of the user attributeuser_attribute_id: ID of the user attribute |
delete_user_attribute_user_value | A user attribute value was deleted for a user. | user_attribute_name: name of the user attributeuser_attribute_id: ID of the user attributeuser_id: ID of the user |
delete_user_credentials_api | (Legacy) API login information for the specified user was deleted. This is forAPI Users used for theold query API. | for_user_id: ID of the user whose API credentials were deleted |
delete_user_credentials_api3 | API 3 login information for the specified user was deleted. This is for the newer API keys that can be added for any user. | for_user_id: ID of the user whose API 3 credentials were deleted |
delete_user_credentials_email | Email/password login information for the specified user was deleted. | for_user_id: ID of the user whose email credentials were deleted |
delete_user_credentials_embed | Embed login information for the specified user was deleted. | for_user_id: ID of the user whose Embed credentials were deleted |
delete_user_credentials_google | Google authentication login information for the specified user was deleted. | for_user_id: ID of the user whose Google credentials were deleted |
delete_user_credentials_ldap | LDAP login information for the specified user was deleted. | for_user_id: ID of the user whose LDAP credentials were deleted |
delete_user_credentials_looker_openid | Looker OpenID login information for the specified user was deleted. Used by Looker analysts. | for_user_id: ID of the user whose Looker OpenID credentials were deleted |
delete_user_credentials_saml | SAML authentication login information for the specified user was deleted. | for_user_id: ID of the user whose SAML credentials were deleted |
delete_user_credentials_totp | Two-factor login information for the specified user was deleted. | for_user_id: ID of the user whose TOTP credentials were deleted |
delete_user_session | A web login session for the specified user was deleted. | for_user_id: ID of the user whose session was deleted |
delete_user | A user was deleted. | user_id: ID of the user whose account was deleted |
deploy_to_production | A user's dev branch was deployed to production. | project_id: ID of the projectsuccess: Whether or not the deploy was successful |
deploy_ref_to_production | A Git branch or reference was deployed to production. | project: ID of the projectused_branch: Branch that was deployed to productionused_ref: Reference that was deployed to productionsuccessful: Whether or not the deploy was successful |
detect_alert_drift | Before running analert, Looker checks to see if the underlying dashboard tile has changed. | alert_condition_base_query_id: query ID of the dashboard tile. Usually matchesdashboard_element_query_idalert_condition_condition_query_id: query ID of the alert conditionalert_condition_id: ID of the alert condition. Usually matches thealert_idalert_id: unique ID of the alertdashboard_element_id: dashboard element ID of the underlying dashboard tiledashboard_element_query_id: query ID of the dashboard tiledashboard_type: type of dashboard (user defined dashboard or LookML dashboard)suspected_reason: change to the dashboard element. If no changes are detected, the value will beno_driftsync_classification: A detailed list of all changes made to the dashboard elementsync_type: Whether the change to the dashboard element is likely to cause disruption to the alert. If no changes are detected, the value will be null |
digest_email_send | A message was added to the digest email feed. This event does not trigger email delivery. | success: Whether the message was successfully added to the feedmessage: message that was added to the feed |
disable_oidc_config | OpenID Connect authentication was disabled for the instance. | none |
disable_saml_config | SAML authentication was disabled for the instance. | none |
disable_user | A user account was disabled. | user_id: ID of the user whose account was disabled |
embed_cookieless_v2 | Cookieless embed was toggled on or off. | embed_cookieless_v2: whether cookieless embed was enabled or disabled |
enable_oidc_config | OpenID Connect authentication was enabled for the instance. | none |
enable_saml_config | SAML authentication was enabled for the instance. | none |
enable_user | A user account was enabled. | user_id: ID of the user whose account was enabled |
enter_sudo | A user enteredsudo (impersonation) as another user in the UI. | target_user_id: ID of the target usersession_id: ID of the Looker session |
exit_sudo | A user exitedsudo (impersonation) as another user in the UI. | target_user_id: ID of the target usersession_id: ID of the Looker session |
export_query | A user downloaded a file in a format other than PNG or PDF | dialect: Database dialect of the queryexport_format: format of the download (CSV, JSON, etc)history_id: History ID of the queryquery_params: Query parameters that describe the querysource: source from which the download originated (API, drill modal, etc) |
fetch_and_parse_saml_idp_metadata | The given URL was fetched and parsed as a SAML IdP metadata document, and the result was returned. | none |
fetch_dashboard | A dashboard's properties were retrieved. | dashboard_id: ID of the dashboard |
fetch_integration_form | The form for an Action was retrieved. | none |
fetch_remote_data_action_form | A data action requested further information from a user before completing. | none |
find_and_replace | The find and replace function of the Content Validator was used. | replace_type: type of replacement.field,view,model, orexploreerror_count: number of errors, if anylook_ids: IDs of Looks that were successfully updated, if any |
follow_alert | A user followed an alert. | alert_id: ID of the alertchannel_destinations: number of Slack channels that this alert will post incron: cron string that defines when the alert is checkedduration: time taken for Looker to follow the alert, in secondsemail_destinations: number of email addresses that this alert will send toembed_user: whether this alert was followed by an embedded userfollowable: whether this alert is followablepublic: whether this alert is publicsuccess whether this alert was successfully followedtotal_destinations: total number of destinations, including Slack channels and email addresses, that this alert will send tovis_type: visualization type of the alert's query |
force_password_reset_at_next_login_for_all_users | All users with passwords were forced to reset their passwords upon their next login. | none |
generate_tokens_for_cookieless_session | API and navigation tokens for a cookieless embed session were generated. | none |
generating_mail_dashboard | A dashboard was rendered as an email. | source_url: source URL of the dashboarditems: number of dashboard elements rendered |
generating_pdf | A dashboard was rendered as a PDF. | source_url: source URL of the dashboarditems: number of dashboard elements rendered |
get_agent | A Conversational Analytics user navigated directly to a data agent. | none |
get_alerts_v0 | A user selected the alert button on a tile, and Looker computed the number of alerts already on that tile. | duration: time taken for Looker to compute the number of alerts on the tile, in secondscount: number of alerts on the tilesuccess: whether Looker successfully computed the number of alerts on the tile |
get_conversation | A Conversational Analytics user opened an existing conversation. | none |
get_egress_ip_addresses | The egress IP addresses for the instance were retrieved. | none |
get_folder_children | The list of subfolders for a folder was retrieved. | folder_id: ID of the folderchildren_count: number of children in the folderelapsed_seconds: time taken in seconds to retrieve the children |
get_integration | Information about an Action was retrieved. | integration_type: type of integration |
get_mobile_settings | The mobile settings for the instance were retrieved. | none |
get_oauth_client_app | The settings for an OAuth app client were returned. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the user who made the request |
get_scheduled_plans | A list of scheduled plans for all content in a folder was retrieved. | folder_id: ID of the folderscheduled_plan_count: number of scheduled plans in the folderelapsed_seconds: time taken in seconds to retrieve the scheduled plans |
get_support_access_allowlist | The list of email addresses in the support access allowlist was retrieved. | none |
import_lookml_dashboard | A user-defined dashboard has been created from a LookML dashboard. | lookml_dashboard_id: ID of the LookML dashboardspace_id: ID of the space where the user-defined dashboard was created |
integration_disabled | An Action was disabled. | integration_name: name of the integration |
integration_enabled | An Action was enabled. | integration_name: name of the integration |
invalidate_oauth_client_app_tokens | All sessions, access tokens and refresh tokens for this app were deleted. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the user who made the request |
kill_query | A query was stopped from running. | query_task_id: ID of the query task |
list_oauth_client_apps | A list of applications registered to use OAuth2 login with this Looker instance was returned. | ip: IP address of the requestuser_id: ID of the user who made the request |
lock_all | A lockfile was created on a LookML project. | project_id: ID of the projectsuccessful: Whether or not the lockfile was created successfully |
login | A user logged in to the UI or API. | type: type of authentication systemldap: whether the login occurred through the LDAP protocolip: IP address of the requestuser_id: ID of the user who logged in |
login_failure | A user's login attempt to the UI or API failed. | type: type of authentication systemip: IP address of the requestuser_id_offered: user identifier string that the user offered in the attempt (as appropriate for the different auth systems)msg: details string about the attempt processing |
login_user | An API session was transformed to impersonate a user. This is often used when a service account is configured to enable API calls on behalf of users without needing to provision API credentials for individual users. | target_user_id: ID of the target usertoken_id: ID of the session token for this API session |
lookml_dashboard_metadata_saved | Looker performed a periodic check on the state of LookML dashboards on the instance. | added_dashboard_count: number of LookML dashboards that were created since the last checkdeleted_dashboard_count: number of LookML dashboards that were deleted since the last checkupdated_dashboard_count: number of LookML dashboards that were updated since the last check |
mail_opened | An email was opened. | mail_type:password reset orscheduled task, for examplerecipient: hash of the recipient's email addressbuild_time: time at which the MailJob was createdlook_id: ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null |
mail_sent | An email was sent by the mailer. | mail_type:password reset orscheduled task, for examplerecipient: hash of the recipient's email addresslook_id: ID of the Look (if a Look email is scheduled); otherwise, nulldashboard_id: ID of the dashboard (if a dashboard email is scheduled); otherwise, nullscheduled_task_id: ID of the scheduled task (if a task email is scheduled); otherwise, null |
move_dashboard | A dashboard was moved to another folder. | dashboard_id: ID of the dashboardfolder_id: ID of the destination folder |
move_folder | A folder was moved or renamed. | origin_space_id: ID of the original parent folderdestination_space_id: ID of the new parent folder |
move_look | A Look was moved to another folder. | look_id: ID of the Lookfolder_id: ID of the destination folder |
move_space | A folder was moved or renamed. | origin_space_id: ID of the original parentdestination_space_id: ID of the new parent |
new_folder | A folder was created. | has_parent: whether the folder has a parent folder |
new_model_set | A model set was created. | model_set_id: ID of the new model setmodels: JSON object containing the models |
new_permission_set | A permission set was created. | permission_set_id: ID of the new permission setpermissions: JSON object containing the permissions |
new_space | A folder was added. | has_parent: whether the folder has a parent folder |
oauth_client_app_user_authentication | An application attempted to authenticate to the Looker instance. | oauth_client_app_guid : unique ID that the app identifies itself withtype: type of authentication that the app used. Most oftenapiuser_id: Looker user ID that the app authenticated as |
parse_saml_idp_metadata | The given XML was parsed as a SAML IdP metadata document, and the result was returned. | none |
password_last_changed | The last time a user changed their login password. | none |
password_expired_reset | A user reset their login password after it expired. | none |
password_near_expiry_reset | A user reset their login password when it was set to expire within the next 1 to 14 days. | none |
perform_data_action | A data action was initiated. | none |
purge_artifacts | A Looker-built extension purged its artifacts. | none |
redirect_query | A new query was mapped to an existing query. | look_id: ID of the Look for this querymodel: name of the model for this queryview: name of the view for this query |
register_mobile_device | A mobile device was registered to the instance. | none |
register_oauth_client_app | An OAuth app client was created. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the user who made the request |
render_scheduled_dashboard | A scheduled dashboard was rendered. | target_uri: URI of the dashboard to be renderedtype: rendered file type |
render_scheduled_look | A scheduled Look was rendered. | target_uri: URI of the Look to be renderedtype: rendered file typedimensions: dimensionsof the rendered image |
render_timeout_for_scheduled_dashboard | A timeout occurred while a scheduled dashboard was being rendered. | target_uri: URI of the dashboard that was renderedtype: rendered file type |
render_timeout_for_scheduled_look | A timeout occurred while a scheduled Look was being rendered. | target_uri: URI of the Look that was renderedtype: rendered file typedimensions: dimensions of the rendered image |
reset_password | An admin triggered a password reset for a user. | none |
reset_to_production | A LookML project was reset to its production status. | project_id: ID of the projectsuccess: Whether or not the reset was successful |
reset_to_remote | A LookML project was reset to its remote status. | project_id: ID of the projectsuccess: Whether or not the reset was successful |
run_alert | An alert's condition was checked. | alert_id: ID of the alertcondition_met: whetherthe alert's conditions were metcron: cron string that defineswhen the alert is checkedelapsed_time: total amount of timetaken for Looker to check the alert condition, in seconds.This includes query runtime and initializationembed_user: whetherthis alert was created by an embedded userfollowable: whetherthis alert is followableinit_duration: time taken forLooker to initialize the alert condition check, insecondspublic: whether this alert is publicruntime:time taken for Looker to run the alert's query, insecondssuccess whether this alert condition was successfullycheckedvis_type: visualization type of the alert's query |
run_inline_query_v2 | An inline query was run. | query_id: ID of the query |
run_query | A query was completed through the Query Manager. | model: model usedview: view in modelquery: query string stored in the history entryhistory_id: ID of the history entryruntime: runtime up to completion, error, or killstatus:completed,killed, orerroruri_length: length of the query string passed inquerydialect: dialect of the database for this querydashboard_id: ID of the UDD dashboard or the name of theLookML dashboardlook_id: ID of the Look for this query |
run_query_task | A saved query was run asynchronously. | query_task_id: ID of the query task to run asynchronously |
run_scheduled_task | A scheduled task was run. | scheduled_task_id: ID of the scheduled tasksent: whether the results were sent (published) |
run_sql_query | A SQL query was run from SQL Runner. | slug: slug of the queryuser_id: user who ran the querylast_runtime: how long the query took the last time itexecutedrun_count: how many times the query has been executeddialect: dialect of the query |
save_content_metadata | A user moved a board, Look, dashboard, or folder. | content_metadata_id: ID of the content metadatacontent_type: type of the content (board, Look, dashboard, orfolder)inherits: whether the content inherits access levels from aparent |
save_content_metadata_access | A user changed content access settings for a board, Look, dashboard, orfolder. | content_metadata_id: ID of the content metadatagroup_id: ID of the group that the settings apply touser_id: ID of the user that the settings apply topermission_type: type of content access (view or edit)content_type: type of the content (board, Look, dashboard, orfolder) |
save_look | A Look was saved. | look_id: ID of the Lookvis_type: vis type of the querykeep_exploring: user did not immediately view the new Look |
save_project_file | A file was saved in a project. | project: name of the projectfile: name of the saved filefile_type: type of file saved (model, view, etc.) |
scheduler_deliver | The scheduler delivered a scheduled job. | dashboard_id: numeric ID of the dashboard. Null if scheduledcontent is not a user-defined dashboard.enabled: whether this schedule is enabled.lookml_dashboard_id: textual ID of the LookML dashboard. Nullif the scheduled content is not a LookML dashboard.scheduled_job_tracking_id: tracking ID for the scheduledjob.backlog_when_dequeued: number of schedules in the schedulerqueue when this schedule ran.backlog_when_enqueued: number of schedules in the schedulerqueue when this schedule entered the queue.crontab: frequency at which the schedule should be checked.Presented in cron format.destination_count: number of destinations that this scheduleshould be sent to.started_at: time at which the schedule job startedseconds_in_queue: number of seconds that this schedule spentin the queue.completed_at: time at which the schedule was sentlook_id: numeric ID of the Look. Null if scheduled content isnot a Look.scheduled_plan_id: numeric ID of this scheduled plan.user_id: numeric ID of the user who created this schedule.format: data format that the scheduled content should be sentin.destination_types: a list of destination types that thisschedule should be sent to.status: status of this schedule jobrequire_no_results: whether this schedule requires that noresults are returned in order to send.run_once: whether this scheduled job was triggered by a userselectingRun once orTest on the scheduler modal.require_change: whether this schedule requires that resultschanged from the last run in order to send.require_results: whether this schedule requires that resultsare returned in order to send.timezone: timezone of this schedule'scrontabfrequency. |
scheduler_execute | The scheduler checked whether a scheduled job should be run. | dashboard_id: numeric ID of the dashboard. Null if scheduledcontent is not a user-defined dashboard.enabled: whether this schedule is enabled.lookml_dashboard_id: textual ID of the LookML dashboard. Nullif the scheduled content is not a LookML dashboard.scheduled_job_tracking_id: tracking ID for the scheduledjob. Null if no scheduled job was created during this check.should_deliver: whether a scheduled job should be run duringthis check. For example, if the scheduled content is a Look, and the scheduleis set to run only if there are results, then the scheduled job may not becreated during each check.crontab: frequency at which the schedule should be checked.Presented in cron format.destination_count: number of destinations that this scheduleshould be sent to.started_at: time at which the scheduler check startedcompleted_at: time at which the scheduler check completedlook_id: numeric ID of the Look. Null if scheduled content isnot a Look.scheduled_plan_id: numeric ID of this scheduled plan.user_id: numeric ID of the user that created this schedule.format: data format that the scheduled content should be sentin.destination_types: a list of destination types that thisschedule should be sent to.status: status of this schedule checkrequire_no_results: whether this schedule requires that noresults are returned in order to send.run_once: whether this scheduled job was triggered by a userselectingRun once orTest on the scheduler modal.require_change: whether this schedule requires that resultschanged from the last run in order to send.require_results: whether this schedule requires that resultsare returned in order to send.timezone: timezone of this schedule'scrontabfrequency. |
search_agents | A Conversational Analytics user selected theAgents tab or loadedtheManage agents page. | none |
search_alerts | A user searched for Alerts. | none |
search_conversations | A Conversational Analytics user loaded theRecent page of recentconversations. | none |
search_looks | A user searched for Looks. | folder_id: ID of the folder that the search was performed in(if applicable)look_count: number of Looks returned by the searchelapsed_seconds: time in seconds that it took to perform thesearch |
search_scheduled_plans | A user searched for scheduled plans was. | all_users: whether the search included results for allusersuser_id: ID of the user who initiated the searchlimit: maximum number of results returnedoffset: number of results skipped in searchsorts: fields sorted by in the searchname: scheduled plan name used in the searchuser_first_name: first name of the user who created thescheduled planuser_last_name: last name of the user who created thescheduled planrecipient: recipient of the scheduled plandestination_type: destination type of the scheduled plandelivery_format: delivery format of the scheduled plan |
send_user_credentials_email_password_reset | A password reset token was sent to a user. | for_user_id: ID of the user |
send_test_welcome_email | A test of the custom welcome email was sent. | none |
session_config_updated | An admin updated the Sessions settings. | none |
set_default_color_collection | The global default color collection was set. | collection_id: ID of the default color collection |
set_default_theme | The global default theme was set. | name: name of the default theme |
set_legacy_feature_#{id}_to_#{val} | The legacy feature#{id} was set to#{val} bya user. | legacy_feature_id: ID of the legacy feature being altered |
set_setting | An admin updated theGeneral settings. | user_id: ID of the user who updated the settingssettings: settings that were updated |
set_smtp_settings | An admin updated the SMTP settings. | success: whether the SMTP settings were successfully updated |
set_user_attribute_group_values | User attribute values were updated across a set of groups. | user_attribute_name: name of the user attributeuser_attribute_id: ID of the user attribute |
set_user_attribute_user_value | A user attribute value was updated for a user. | user_attribute_name: name of the user attributeuser_attribute_id: ID of the user attributeuser_id: ID of the user |
start_pdt_build | A PDT was built. | source: whether the PDT build was triggered by the PDTregenerator or a queryworkspace: whether the PDT was built in dev or produser_id: ID of the user who built the PDT |
support_access_disabled | Looker Support auth access was turned off or toggled byan admin or a privileged developer. | support_access_open: falsesupport_access_open_until: time at which the toggle was set tonil |
support_access_enabled | Looker Support auth access was turned on or toggled byan admin or a privileged developer. | support_access_open: truesupport_access_open_until: time at which the toggle wasautomatically set to false |
sync_lookml_dashboard | All user-defined dashboards linked to a LookML dashboard were updated toreflect changes to the LookML dashboard. | lookml_dashboard_id: ID of the LookML dashboarddashboards_synced_count: number of user-defined dashboards thatwere updated |
test_connection | A connection was tested. | dialect: dialect of the connectionconnection_id: ID of the connectionname: name of the connectiondatabase: name of the databasetests: tests that were run |
test_connection_config | A connection configuration was tested. | dialect: dialect of the connectionconnection_id: ID of the connectionname: name of the connectiondatabase: name of the database |
tag_ref | A tag was created for a user's most recent commit. | project: ID of the projectsuccess: whether the tag creation was successful |
test_integration | The settings for an integration were tested. | none |
test_ldap_config_auth | The connection authentication settings for an LDAP configuration weretested. | success: whether the test was successful |
test_ldap_config_connection | The connection settings for an LDAP configuration were tested. | success: whether the test was successful |
test_user_auth | The user authentication settings for an LDAP configuration were tested. | success: whether the test was successful |
test_user_info | The user authentication settings for an LDAP configuration were testedwithout the user being authenticated. | success: whether the test was successful |
track_content_view | A user viewed a Look or dashboard. | content_id: ID of the Look or dashboardcontent_type: type of content viewed, most commonlydashboards-next orlooks |
unchanged_oauth_client_app | Looker periodically checks the status of connectors suchasConnected Sheets. | app_client_guid: unique ID of the connectorapp_display_name: user-friendly name of the connectorapp_enabled: whether the connector is enabled |
unfollow_alert | A user unfollowed an alert. | alert_id: ID of the alertchannel_destinations: number of Slack channels that thisalert will post incron: cron string that defines when the alert is checkedduration: time taken for Looker to unfollowthe alert, in secondsemail_destinations: number of email addresses that thisalert will send toembed_user: whether this alert was unfollowed by an embeddeduserfollowable: whether this alert is followablepublic: whether this alert is publicsuccess whether this alert was successfully unfollowedtotal_destinations: total number of destinations, includingSlack channels and email addresses, that this alert will send tovis_type: visualization type of the alert's query |
update_agent | A Conversational Analytics user edited a data agent. | none |
update_artifacts | A Looker-built extension updated its artifacts. | none |
update_cloud_storage | The Cloud Storage configuration was updated. | none |
update_color_collection | A user updated a color collection. | id: ID of the color collection |
update_conversation | A Conversational Analytics user set the title for a conversation. | none |
update_custom_welcome_email | The custom welcome email was updated. | enabled: whether the custom welcome email is enabledcontent: HTML content of the welcome email |
update_connection | A user updated a connection. | connection_id: numeric ID of the connectiondatabase: name of the database used in the connectionname: name of the connection |
update_dashboard | The properties of a dashboard were updated. | dashboard_id: ID of the dashboard |
update_dashboard_element | A dashboard element was updated. | dashboard_element_id: ID of the dashboard element |
update_dashboard_filter | A dashboard filter was updated. | dashboard_filter_id: ID of the dashboard filter |
update_dashboard_layout | A dashboard layout was updated. | dashboard_layout_id: ID of the dashboard layout |
update_dashboard_layout_component | A dashboard layout component was updated. | dashboard_layout_component_id: ID of the dashboard layoutcomponent |
update_embed_config | The Embed configuration was updated. | old_value: previous auth enabled settingnew_value: new auth enabled settingaction: whether auth was enabled or disableddomain_whitelist_count: count of allowlist domains |
update_datagroup | The properties of a datagroup were updated. | datagroup_id: ID of the datagroupname: name of the datagroupmodel_name: name of the modelstale_before: time before which the datagroup is consideredstale |
update_digest_emails_enabled | The email digest settings were updated. | enabled: whether email digests are enabled |
update_external_oauth_application | An external OAuth application was updated. | oauth_application_id: ID of the OAuth applicationname: name of the OAuth applicationdialect_name: name of the database dialect for the OAuthapplication |
update_folder | A folder was updated. | folder_id: ID of the updated folder |
update_git_branch | A Git branch was updated on a LookML project. | project_id: ID of the projectsuccessful: whether the branch update was successful |
update_google_config | The Google auth settings were updated. | action:enabled,disabled, ormodified |
update_group | A group was updated. | group_id: ID of the group |
update_homepage_item | A curated homepage item was updated. | homepage_item_id: ID of the updated homepage itemhas_title: whether the item has a titlehas_text: whether the item has texthas_link: whether the item has a URLhas_image: whether the item has an image |
update_homepage_section | A curated homepage section (title) was updated. | homepage_item_id: ID of the updated homepage item |
update_integration | The definition for an Action was updated. | none |
update_integration_hub | The definition for a custom Action Hub server was updated. | integration_hub_id: ID of the Action Hub |
update_internal_help_resources | The settings for the internal help resources were updated. | enabled: whether the internal help resources are enabled |
update_internal_help_resources_content | The content for the internal help resources were updated. | none |
update_ldap_config | The LDAP auth settings were updated. | action:enabled,disabled, ormodified |
update_legacy_feature | A legacy feature was toggled on or off. | legacy_feature_id: ID of the legacy feature |
update_lookml_model | A LookML model was updated. | lookml_model_id: ID of the LookML modelname: name of the LookML modelproject_name: name of the projectunlimited_db_connections: whether the model has unlimiteddatabase connectionsallowed_db_connection_names: list of database connection namesthat are allowed to be used in the model |
update_mobile_device_registration | A mobile device registration was updated. | none |
update_model_set | The models in a model set were changed. | model_set_id: ID of the updated model setold_models: JSON object containing the old models |
update_oidc_config | The OpenID Connect auth settings were updated. | action:enabled,disabled, ormodified |
update_oauth_client_app | An OAuth app client was updated. | app_client_guid: ID of the appapp_display_name: User-friendly display name of the appip: IP address of the requestuser_id: ID of the user who made the request |
update_password_config | The password configuration settings were updated. | none |
update_permission_set | The permissions in a permission set were changed. | permission_set_id: ID of the updated permission setold_permissions: JSON object containing the old permissionsnew_permissions: JSON object containing the new permissions |
update_project | A LookML project was updated. | project_id: ID of the projectgit_release_mgmt_enabled: whetheradvanced deploy mode is enabled for the project.pull_request_mode:Git integration option that is enabled for the project, eitheroff,links,recommended, orrequired |
update_repository_credential | A Git repository credential was updated. | root_project_id: name of the Git repositoryremote_url: URL for the Git repository |
update_role_groups | All groups for a role were set, and all existing group associations fromthat role were removed. | role_id: ID of the rolegroup_ids: IDs of groups to set for the role |
update_role_users | The set of users with a given role was edited. | role_id: ID of the roleold_user_ids: JSON object containing the old users with therolenew_user_ids: JSON object containing the new users with therole |
update_role | A role was updated. | role_id: ID of the roleold_permission_set_id: ID of the role's old permission setold_model_set_id: ID of the role's old model setnew_permission_set_id: ID of the role's new permission setnew_model_set_id: ID of the role's new model set |
update_saml_config | The SAML auth settings were updated. | action:enabled,disabled, ormodified |
update_scheduled_plan_destination | A scheduled plan destination was updated. | id: ID of the updated plan |
update_ssh_server | An SSH server was updated. | ssh_server_id: ID of the SSH server |
update_ssh_tunnel | An SSH tunnel was updated. | ssh_server_id: ID of the SSH server |
update_space | A folder was updated. | space_id: ID of the updated folder |
update_theme | A theme was updated. | id: ID of the theme |
update_totp_config | The two-factor auth settings were updated. | action:enabled,disabled, ormodified |
update_upload | The upload table definition was updated and the DB table wascreated/loaded. | upload_id: ID of the uploaded data that was imported to thedatabase |
update_user | A user's information was updated. | user_id: ID of the modified user |
update_user_access_filter | An access filter was updated for the specified user. | for_user_id: ID of the user whose access filters wereupdated |
update_user_attribute | The definition of a user attribute was updated. | label: Human-friendly label of the user attributename: name of the user attributeuser_attribute_id: ID of the user attribute |
update_user_attribute_group_value | A user attribute value was set at the group level. | group_id: ID of the groupuser_attribute_name: name of the user attributeuser_attribute_id: ID of the user attribute |
update_user_credentials_email | Email/password login information was updated for the specified user. | for_user_id: ID of the user whose email credentials wereupdated |
update_user_facts_chunk | Looker updated the User Facts table in theUserexplore. The table is updated hourly. | chunk_number: ID of the chunk of users about whomLooker computed user factselapsed_seconds: number of seconds Looker tookto compute user factsfacts_created: number of fact entries createdfacts_deleted: number of fact entries deletedusers_processed: number of users processed in this chunk |
update_whitelabel_configuration | The private label configuration was updated. | none |
upload_file | The contents of file were uploaded to Looker foruser-defined table generation and load. | upload_id: ID of the upload that has the custom file attachedto it for later import |
user_permission_elevation | A change occurred that caused a user's permissions to be increased insome way. | user_id: ID of the user whose permissions changedembed_user: whether this was an Embed useradded_permissions: list or permissions that were addedold_permissions: list of permissions before the changenew_permissions: list of permissions after the changecause: name of the event that caused the change, orunknown if the change can't be attributed to a specific eventcause_event_id: ID of the event that caused the change |
user_roles_updated | A user's roles were edited. | user_id: ID of the modified userrole_ids: JSON object containing the user's roles |
validate_compare | New LookML validation was compared to legacy LookML validation for amodel. | aragonite_validation_duration_sec: time in seconds that ittook for new LookML validation to complete.aragonite_validation_errors: errors that were found by newLookML validation.legacy_validation_duration_sec: time in seconds that it tookfor legacy LookML validation to complete.legacy_validation_errors: errors that were found by legacyLookML validation.model: name of the model that was validated.summary: a summary of the validation results. |
validate_theme | A theme was validated. | name: name of the theme |
wipeout_user_emails | All email addresses were changed for a disabled user. | user_id: ID of the user |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.