Hi all,
I’m running into a tracking issue using CloudTrail to monitor Amazon QuickSight usage. Specifically, when querying CloudTrail event history (via Athena) where eventSource = 'quicksight.amazonaws.com', I’m seeing numerous QueryDatabase events attributed to specific users - but no corresponding GetDashboard events for those same users, even though they report having accessed dashboards during that time.
This creates confusion on our end, as we expected a GetDashboard event to appear any time a user views a dashboard in the QuickSight console or via a shared folder.
To my knowledge:
QueryDatabasesuggests that visuals were rendered and queried against the underlying datasetGetDashboardis supposed to log when a dashboard definition is fetched
However, the GetDashboard events are missing entirely for many sessions. The users are internal registered QuickSight users (not embedded or anonymous), and dashboards are shared through standard QuickSight folders.
I’ve reviewed the official QuickSight + CloudTrail documentation but there’s no mention of this discrepancy.
My questions:
- Under what conditions should a
GetDashboardevent appear in CloudTrail? - Is it expected behavior that
QueryDatabaseevents can occur withoutGetDashboard? - Could caching, session reuse, or the type of access (e.g., shared folders) suppress
GetDashboardlogging? - Is there any deeper documentation that clarifies when dashboard views do and don’t trigger CloudTrail events?
Any insight from the community or AWS team would be appreciated. Our goal is to build an audit trail of dashboard usage, and right now this inconsistency is making that difficult.
Thanks in advance!
David