Nota
L-aċċess għal din il-paġna jeħtieġ l-awtorizzazzjoni. Tista’ tipprova tidħol jew tibdel id-direttorji.
L-aċċess għal din il-paġna jeħtieġ l-awtorizzazzjoni. Tista’ tipprova tibdel id-direttorji.
Important
This system table is in Public Preview.
The network access events tables record events where network access is denied. Each row represents an individual event, such as a blocked outbound request to an external domain or a blocked inbound request from a restricted IP.
Outbound network access events system table schema
The outbound network access events table records events where outbound access from a workspace to an external destination is denied by an egress policy. For example, if a user attempts to access "google.com" from a notebook and fails, the event is logged.
Table path: This system table is located at system.access.outbound_network.
| Column name | Data type | Description | Example |
|---|---|---|---|
account_id |
string | The ID of the Databricks account | 7af234db-66d7-4db3-bbf0-956098224879 |
workspace_id |
string | The ID of the workspace where the event occurred | 1234567890123456 |
event_id |
string | The ID of the event | db52a413-7a0a-4d49-b742-7ae5f06bc4b2 |
destination_type |
string | The type of destination. Possible values are DNS, IP, and STORAGE |
DNS |
destination |
string | Details of the blocked destination. Depending on the destination type, the value could be a domain name, IP address, or storage location. | google.com |
dns_event |
struct | Details about the DNS destination. Only populates for DNS destinations, otherwise the field is NULL. |
{ "domain_name":"google.com", "rcode": 3 } |
storage_event |
struct | Details about the storage destination. Only populates for storage destinations, otherwise the field is NULL. |
{ "hostname":"s3://some-bucket", "path": "/some-path", "rejection_reason": "storage-bucket-path-denied" } |
event_time |
timestamp | Timestamp when the event took place | 2024-05-01T01:01:01.123 |
access_type |
string | Type of access event that occurred. | DROP |
network_source_type |
string | The specific product or service used within the workspace where the event occurred. | DBSQL, General Compute, MLServing, ML Build, Apps |
Sample queries
The following sample queries help you gain insight into denial logs in your account:
- Get all the denial logs for a given workspace for a given time range.
- To drill down for a given error
Get all the denial logs for a given workspace for a given time range.
SELECT
event_id, destination_type, destination
COUNT(*) AS destination_count
FROM
system.access.outbound_network
WHERE
event_time > '2024-09-25'
AND event_time < '2024-09-26'
AND account_id = <id>
AND workspace_id = <id>
GROUP BY
destination;
To drill down for a given error
SELECT
storage_event.hostname, storage_event.path, storage_event.rejection_reason
FROM
system.access.outbound_network AS storage_event
WHERE
event_time > '2024-09-25'
AND event_time < '2024-09-26'
AND account_id = <id>
AND workspace_id = <id>
AND destination = 'storage path';
Inbound network access events system table schema
The inbound network access events table records events where inbound access to a workspace is denied by an ingress policy. For example, if a user attempts to connect to a workspace from a blocked IP address, the failed attempt is logged. Context-based ingress control is in Public Preview.
Table path: This system table is located at system.access.inbound_network.
| Column name | Data type | Description | Example |
|---|---|---|---|
account_id |
string | The ID of the Databricks account. | 7af234db-66d7-4db3-bbf0-956098224879 |
workspace_id |
string | The ID of the workspace where the event occurred. | 1234567890123456 |
event_id |
string | The ID of the event. | db52a413-7a0a-4d49-b742-7ae5f06bc4b2 |
request_path |
string | The destination of the request. | /compute |
source |
struct | The source of the request. Contains IP, private link, and related attributes. | { "ip": "10.0.0.1", "private-link": "some-pl-id" } |
authenticated_as |
string | The authenticated identity of the request. Must be one of the following:
|
user@databricks.com |
policy_id |
string | The ID of the ingress policy that evaluated the request. | fbc3a2a1-ef12-43b8-9e88-f024ac219ba5 |
event_time |
timestamp | Timestamp when the event took place. | 2024-05-01T01:01:01.123 |
policy_outcome |
string | Type of access event outcome. Possible values are DENY or DENY_DRY_RUN. |
DENY |
Sample queries
The following sample queries help you analyze ingress denial logs in your account:
Get all denied inbound requests for the last 2 hours
SELECT *
FROM system.access.inbound_network
WHERE event_time >= current_timestamp() - interval 2 hour
ORDER BY event_time DESC;
Count denied requests by source IP
SELECT
source.ip,
COUNT(*) AS deny_count
FROM
system.access.inbound_network
WHERE
event_time >= '2025-09-01'
AND event_time < '2025-09-02'
AND account_id = <id>
AND workspace_id = <id>
GROUP BY
source.ip
ORDER BY
deny_count DESC;
To drill down for a given error
SELECT
request_path,
source.ip AS source_ip,
authenticated_as,
policy_outcome
FROM
system.access.inbound_network
WHERE
event_time > '2025-09-01'
AND event_time < '2025-09-02'
AND account_id = <id>
AND workspace_id = <id>
AND request_path = '/compute';