Feature Request - Filter Streaming Audit Events by API attribute "event_type"

Proposal

As a user of gitlab.com, I want to create an Audit Streaming destination and create a filter for that destination that filters by the audit attribute "event_type" (seen in the audit event payload), so that I can isolate audit logs getting streamed to just a limited type of events (I only want membership change events streamed to my destination).

I have been informed (in this support ticket: 364704) that currently you can only filter streaming audit events by the following types:

Project - User
Group - User
Date/Time - Group, project, or user
All - Date range buttons and pickers (maximum range of 31 days). Default is from the first day of the month to today’s date.

The audit event payload has an attribute "event_type", ex: "event_type": "repository_git_operation"

What does success look like

I would like to be able to submit this filter creation for a destination, and the streaming events get appropriately filtered:

mutation createEventTypeFilter {
   auditEventsStreamingDestinationEventsAdd(
    input: {
      destinationId:  "gid://gitlab/AuditEvents::ExternalAuditEventDestination/0",
      eventTypeFilters:["access_change"] 
    }
  ){
    errors
    eventTypeFilters
  }
}

GitLab Ultimate Category:Audit Events

Ultimate customer with 800 licenses requesting feature. We are just transitioning to gitlab.com from onprem and need to setup audit streaming to regulate membership changes to group and projects in the new namespace.

Edited Jan 25, 2023 by Amber Beasley