coder
diff --git a/‎coderd/apidoc/docs.go
+6-2 b/‎coderd/apidoc/docs.go
+6-2
diff --git a/‎coderd/apidoc/swagger.json
+6-2 b/‎coderd/apidoc/swagger.json
+6-2
diff --git a/‎coderd/audit.go
+1-1 b/‎coderd/audit.go
+1-1
diff --git a/‎coderd/audit_test.go
+45-4 b/‎coderd/audit_test.go
+45-4
diff --git a/‎coderd/database/dbmem/dbmem.go
+4-1 b/‎coderd/database/dbmem/dbmem.go
+4-1
diff --git a/‎coderd/database/dump.sql
+3-1 b/‎coderd/database/dump.sql
+3-1
diff --git a/‎coderd/database/models.go
+7-1 b/‎coderd/database/models.go
+7-1
diff --git a/‎coderd/database/queries.sql.go
+10-2 b/‎coderd/database/queries.sql.go
+10-2
diff --git a/‎coderd/database/queries/auditlogs.sql
+6 b/‎coderd/database/queries/auditlogs.sql
+6
diff --git a/‎coderd/searchquery/search.go
+1 b/‎coderd/searchquery/search.go
+1
diff --git a/‎codersdk/audit.go
+7 b/‎codersdk/audit.go
+7
diff --git a/‎docs/reference/api/schemas.md
+2 b/‎docs/reference/api/schemas.md
+2
diff --git a/‎enterprise/audit/table.go
+8-8 b/‎enterprise/audit/table.go
+8-8
@@ -159,7 +159,7 @@ func (api *API) generateFakeAuditLog(rw http.ResponseWriter, r *http.Request) {
 		Diff:             diff,
 		StatusCode:       http.StatusOK,
 		AdditionalFields: params.AdditionalFields,
-		RequestID:        uuid.Nil, // no request ID to attach this to
+		RequestID:        params.RequestID,
 		ResourceIcon:     "",
 		OrganizationID:   params.OrganizationID,
 	})
 
@@ -286,23 +286,44 @@ func TestAuditLogsFilter(t *testing.T) {
 			t.Logf("Resource: %#v", resource)
 		}
 
-		// Create one log with "Connect"
+		// Create one log with "Connect" and "Disconect".
+		connectRequestID := uuid.New()
 		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
 			Action:       codersdk.AuditActionConnect,
+			RequestID:    connectRequestID,
 			ResourceType: codersdk.ResourceTypeWorkspaceAgent,
 			ResourceID:   workspace.LatestBuild.Resources[0].Agents[0].ID,
 			Time:         time.Date(2022, 8, 15, 14, 30, 45, 100, time.UTC), // 2022-8-15 14:30:45
 		})
 		require.NoError(t, err)
 
-		// Create one log with "Open"
+		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
+			Action:       codersdk.AuditActionDisconnect,
+			RequestID:    connectRequestID,
+			ResourceType: codersdk.ResourceTypeWorkspaceAgent,
+			ResourceID:   workspace.LatestBuild.Resources[0].Agents[0].ID,
+			Time:         time.Date(2022, 8, 15, 14, 35, 0o0, 100, time.UTC), // 2022-8-15 14:35:00
+		})
+		require.NoError(t, err)
+
+		// Create one log with "Open" and "Close".
+		openRequestID := uuid.New()
 		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
 			Action:       codersdk.AuditActionOpen,
+			RequestID:    openRequestID,
 			ResourceType: codersdk.ResourceTypeWorkspaceApp,
 			ResourceID:   workspace.LatestBuild.Resources[0].Agents[0].Apps[0].ID,
 			Time:         time.Date(2022, 8, 15, 14, 30, 45, 100, time.UTC), // 2022-8-15 14:30:45
 		})
 		require.NoError(t, err)
+		err = client.CreateTestAuditLog(ctx, codersdk.CreateTestAuditLogRequest{
+			Action:       codersdk.AuditActionClose,
+			RequestID:    openRequestID,
+			ResourceType: codersdk.ResourceTypeWorkspaceApp,
+			ResourceID:   workspace.LatestBuild.Resources[0].Agents[0].Apps[0].ID,
+			Time:         time.Date(2022, 8, 15, 14, 35, 0o0, 100, time.UTC), // 2022-8-15 14:35:00
+		})
+		require.NoError(t, err)
 
 		// Test cases
 		testCases := []struct {
@@ -334,12 +355,12 @@ func TestAuditLogsFilter(t *testing.T) {
 			{
 				Name:           "FilterByEmail",
 				SearchQuery:    "email:" + coderdtest.FirstUserParams.Email,
-				ExpectedResult: 7,
+				ExpectedResult: 9,
 			},
 			{
 				Name:           "FilterByUsername",
 				SearchQuery:    "username:" + coderdtest.FirstUserParams.Username,
-				ExpectedResult: 7,
+				ExpectedResult: 9,
 			},
 			{
 				Name:           "FilterByResourceID",
@@ -396,11 +417,31 @@ func TestAuditLogsFilter(t *testing.T) {
 				SearchQuery:    "resource_type:workspace_agent action:connect",
 				ExpectedResult: 1,
 			},
+			{
+				Name:           "FilterOnWorkspaceAgentDisconnect",
+				SearchQuery:    "resource_type:workspace_agent action:disconnect",
+				ExpectedResult: 1,
+			},
+			{
+				Name:           "FilterOnWorkspaceAgentConnectionRequestID",
+				SearchQuery:    "resource_type:workspace_agent request_id:" + connectRequestID.String(),
+				ExpectedResult: 2,
+			},
 			{
 				Name:           "FilterOnWorkspaceAppOpen",
 				SearchQuery:    "resource_type:workspace_app action:open",
 				ExpectedResult: 1,
 			},
+			{
+				Name:           "FilterOnWorkspaceAppClose",
+				SearchQuery:    "resource_type:workspace_app action:close",
+				ExpectedResult: 1,
+			},
+			{
+				Name:           "FilterOnWorkspaceAppOpenRequestID",
+				SearchQuery:    "resource_type:workspace_app request_id:" + openRequestID.String(),
+				ExpectedResult: 2,
+			},
 		}
 
 		for _, testCase := range testCases {
 
@@ -12369,10 +12369,13 @@ func (q *FakeQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg data
 			arg.OffsetOpt--
 			continue
 		}
+		if arg.RequestID != uuid.Nil && arg.RequestID != alog.RequestID {
+			continue
+		}
 		if arg.OrganizationID != uuid.Nil && arg.OrganizationID != alog.OrganizationID {
 			continue
 		}
-		if arg.Action != "" && !strings.Contains(string(alog.Action), arg.Action) {
+		if arg.Action != "" && string(alog.Action) != arg.Action {
 			continue
 		}
 		if arg.ResourceType != "" && !strings.Contains(string(alog.ResourceType), arg.ResourceType) {
 
@@ -117,6 +117,12 @@ WHERE
             workspace_builds.reason::text = @build_reason
         ELSE true
     END
+	-- Filter request_id
+	AND CASE
+		WHEN @request_id :: uuid != '00000000-0000-0000-0000-000000000000'::uuid THEN
+			audit_logs.request_id = @request_id
+		ELSE true
+	END
 
 	-- Authorize Filter clause will be injected below in GetAuthorizedAuditLogsOffset
 	-- @authorize_filter
 
@@ -33,6 +33,7 @@ func AuditLogs(ctx context.Context, db database.Store, query string) (database.G
 	const dateLayout = "2006-01-02"
 	parser := httpapi.NewQueryParamParser()
 	filter := database.GetAuditLogsOffsetParams{
+		RequestID:      parser.UUID(values, uuid.Nil, "request_id"),
 		ResourceID:     parser.UUID(values, uuid.Nil, "resource_id"),
 		ResourceTarget: parser.String(values, "", "resource_target"),
 		Username:       parser.String(values, "", "username"),
 
@@ -111,7 +111,9 @@ const (
 	AuditActionRegister             AuditAction = "register"
 	AuditActionRequestPasswordReset AuditAction = "request_password_reset"
 	AuditActionConnect              AuditAction = "connect"
+	AuditActionDisconnect           AuditAction = "disconnect"
 	AuditActionOpen                 AuditAction = "open"
+	AuditActionClose                AuditAction = "close"
 )
 
 func (a AuditAction) Friendly() string {
@@ -136,8 +138,12 @@ func (a AuditAction) Friendly() string {
 		return "password reset requested"
 	case AuditActionConnect:
 		return "connected"
+	case AuditActionDisconnect:
+		return "disconnected"
 	case AuditActionOpen:
 		return "opened"
+	case AuditActionClose:
+		return "closed"
 	default:
 		return "unknown"
 	}
@@ -196,6 +202,7 @@ type CreateTestAuditLogRequest struct {
 	Time             time.Time       `json:"time,omitempty" format:"date-time"`
 	BuildReason      BuildReason     `json:"build_reason,omitempty" enums:"autostart,autostop,initiator"`
 	OrganizationID   uuid.UUID       `json:"organization_id,omitempty" format:"uuid"`
+	RequestID        uuid.UUID       `json:"request_id,omitempty" format:"uuid"`
 }
 
 // AuditLogs retrieves audit logs from the given page.
 
@@ -27,8 +27,8 @@ var AuditActionMap = map[string][]codersdk.AuditAction{
 	"Group":           {codersdk.AuditActionCreate, codersdk.AuditActionWrite, codersdk.AuditActionDelete},
 	"APIKey":          {codersdk.AuditActionLogin, codersdk.AuditActionLogout, codersdk.AuditActionRegister, codersdk.AuditActionCreate, codersdk.AuditActionDelete},
 	"License":         {codersdk.AuditActionCreate, codersdk.AuditActionDelete},
-	"WorkspaceAgent":  {codersdk.AuditActionConnect},
-	"WorkspaceApp":    {codersdk.AuditActionOpen},
+	"WorkspaceAgent":  {codersdk.AuditActionConnect, codersdk.AuditActionDisconnect},
+	"WorkspaceApp":    {codersdk.AuditActionOpen, codersdk.AuditActionClose},
 }
 
 type Action string
@@ -310,14 +310,14 @@ var auditableResourcesTypes = map[any]map[string]Action{
 		"mapping": ActionTrack,
 	},
 	&database.WorkspaceAgent{}: {
-		"id":                         ActionTrack,
+		"id":                         ActionIgnore,
 		"created_at":                 ActionIgnore,
 		"updated_at":                 ActionIgnore,
-		"name":                       ActionTrack,
+		"name":                       ActionIgnore,
 		"first_connected_at":         ActionIgnore,
 		"last_connected_at":          ActionIgnore,
 		"disconnected_at":            ActionIgnore,
-		"resource_id":                ActionTrack,
+		"resource_id":                ActionIgnore,
 		"auth_token":                 ActionIgnore,
 		"auth_instance_id":           ActionIgnore,
 		"architecture":               ActionIgnore,
@@ -345,8 +345,8 @@ var auditableResourcesTypes = map[any]map[string]Action{
 	&database.WorkspaceApp{}: {
 		"id":                    ActionIgnore,
 		"created_at":            ActionIgnore,
-		"agent_id":              ActionTrack,
-		"display_name":          ActionTrack,
+		"agent_id":              ActionIgnore,
+		"display_name":          ActionIgnore,
 		"icon":                  ActionIgnore,
 		"command":               ActionIgnore,
 		"url":                   ActionIgnore,
@@ -356,7 +356,7 @@ var auditableResourcesTypes = map[any]map[string]Action{
 		"health":                ActionIgnore,
 		"subdomain":             ActionIgnore,
 		"sharing_level":         ActionIgnore,
-		"slug":                  ActionTrack,
+		"slug":                  ActionIgnore,
 		"external":              ActionIgnore,
 		"display_order":         ActionIgnore,
 		"hidden":                ActionIgnore,
Original file line number	Diff line number	Diff line change
`@@ -12369,10 +12369,13 @@ func (q *FakeQuerier) GetAuthorizedAuditLogsOffset(ctx context.Context, arg data`
`12369`	`12369`	`arg.OffsetOpt--`
`12370`	`12370`	`continue`
`12371`	`12371`	`}`
	`12372`	`+ if arg.RequestID != uuid.Nil && arg.RequestID != alog.RequestID {`
	`12373`	`+ continue`
	`12374`	`+ }`
`12372`	`12375`	`if arg.OrganizationID != uuid.Nil && arg.OrganizationID != alog.OrganizationID {`
`12373`	`12376`	`continue`
`12374`	`12377`	`}`
`12375`		`- if arg.Action != "" && !strings.Contains(string(alog.Action), arg.Action) {`
	`12378`	`+ if arg.Action != "" && string(alog.Action) != arg.Action {`
`12376`	`12379`	`continue`
`12377`	`12380`	`}`
`12378`	`12381`	`if arg.ResourceType != "" && !strings.Contains(string(alog.ResourceType), arg.ResourceType) {`