Cloud Search log events

View a record of user actions in Cloud Search

Depending on your Google Workspace edition, you might have access to the security investigation tool, which has more advanced features. For example, super admins can identify, triage, and take action on security and privacy issues. Learn more

As your organization's administrator, you can run searches and take action on security issues related to Cloud Search log events. For example, you can view a record of actions in Cloud Search as users in your organization search across Google Workspace services, such as Drive, Contacts, and Gmail, and third-party data sources.

Run a search for Cloud Search log events

Your ability to run a search depends on your Google edition, your administrative privileges, and the data source. You can run a search on all users, regardless of their Google Workspace edition.

Attribute descriptions

For this data source, you can use the following attributes when searching log event data:

Attribute Description
Actor Email address of the user who performed the action

Actor group name

Group name of the actor. For more information, go to Filtering results by Google Group.

To add a group to your filtering groups allowlist:

  1. Select Actor group name.
  2. Click Filtering groups.
    The Filtering groups page appears.
  3. Click Add Groups.
  4. Search for a group by entering the first few characters of its name or email address. When you see the group you want, select it.
  5. (Optional) To add another group, search for and select the group.
  6. When you finish selecting groups, click Add.
  7. (Optional) To remove a group, click Remove group .
  8. Click Save.

Actor organizational unit

Organizational unit of the actor
Date Date and time the event occurred (displayed in your browser's default time zone)
Event The logged event action, such as Search, Suggest, or List query sources
 

Service name

Name of the service handling the API call

Method name

Name of the method handling the API call

API call response status code

Response status code of the API call
Search request search application ID

Search application ID sent in the search request                                             

Search request query Query sent in the search request
Number of results in search response 

Number of results sent in the search response

Suggest request search application ID Search application ID sent in the suggest request
Suggest request query Query sent in the suggest request
Number of results in suggest response Number of results sent in the suggest response
List query sources search application ID Search application ID send in the list query sources request
Number of results in list query sources response Number of results sent in the list query sources response

Manage log event data

Take action based on search results

Manage your investigations

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition

Was this helpful?

How can we improve it?
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

9830219274324909463
true
Search Help Center
true
true
true
true
true
73010
false
false
false
Search
Clear search
Close search
Main menu