datumctl activity subcommands answer the “what just happened?” questions that come up when you own a resource or operate a whole project:
datumctl activity history— zoom in on one resource. What changed, by whom, and what did the spec look like before?datumctl activity feed— zoom out to a merged, human-readable timeline across every resource type, so you can spot what moved across the project and separate human changes from automated ones.
--project / --organization flags like every other command — see Contexts & scoping for how scope is resolved.
history and feed are two of the four datumctl activity subcommands. When you need the raw record of who did what for compliance, or lifecycle events with warnings, reach for audit and resource events instead.History: what changed on this resource?
“Something on my project looks different. What changed, who changed it, and what did the spec look like before?”If you own a resource — an app developer or resource owner watching your own project, or an on-call responder pinning down the exact change behind an incident —
datumctl activity history gives you a chronological log of modifications to a single resource’s spec.
You pass the resource type and name positionally:
See what changed with —diff
The table tells you when a resource changed and who changed it. To see what changed, add--diff — it renders a unified diff of the spec between each consecutive version, so you read the change the way you’d read a code review.
--diff compares consecutive versions and strips noisy bookkeeping fields so you see the meaningful spec changes, not churn in server-managed metadata.history looks back 30 days (now-30d) and returns up to 100 versions per page. Widen or narrow the window with --start-time / --end-time, which accept both relative expressions and absolute RFC3339 timestamps:
-o json or -o yaml.
Feed: what’s happening across the project?
“What is going on across this project right now, and which changes came from a person versus an automated system?”If you run the platform — a platform administrator or an SRE on call —
datumctl activity feed merges audit events, resource events, and change history into one human-readable timeline across every resource type. Each row shows a timestamp, the actor, the change source, and a plain-language summary.
now-24h). Adjust the window the same way as history:
Separate human changes from system changes
The single most useful triage filter is--change-source. It accepts exactly two values, human and system, letting you answer “did a person do this, or did an automated controller?” at a glance.
Narrow the feed
Layer these filters to focus the timeline:| Flag | Narrows the feed to |
|---|---|
--actor | A specific actor (for example a user email or service account) |
--kind | A single resource kind |
--api-group | A single API group |
--resource-uid | The history of one specific resource, by UID |
--search | A full-text match against the human-readable summaries |
--filter takes a server-side Common Expression Language (CEL) expression (for example spec.resource.kind in ['Workload', 'HTTPProxy']).
Watch live during an incident
Add--watch (-w) to stream new activity as it happens instead of printing a snapshot and exiting — invaluable when you’re actively working an incident and want to see changes land in real time.
Establish the timeline
Start with
datumctl activity feed --start-time now-1h to see everything that moved around the time of the incident.Split human vs system
Add
--change-source human or --change-source system to decide whether a person or a controller triggered the change.Pin the exact change
Once you’ve identified the affected resource, switch to
datumctl activity history <type> <name> --diff to read the precise spec change.Output and pagination
Both subcommands share the standard activity query model. The default is a table; pass-o json, -o yaml, or a jsonpath expression for machine-readable output, and add --no-headers to drop the table header. Use --limit (default 25 on feed, 100 on history; max 1000), --all-pages, and --continue-after to page through large result sets.
datumctl in automation.
Related
- Querying activity — the hub for the whole
activitycommand family, including the persona routing table and the shared query model. - Audit logs & events — the
auditandeventssubcommands, for the immutable record of who did what and lifecycle events with warnings. - Contexts & scoping — how the active organization and project are resolved before a history or feed query runs.
- Discovering resources & schemas — find the
RESOURCE_TYPEname thatactivity historyexpects as its first positional argument. - Output formats & scripting — machine-readable output, JSONPath, and pagination for piping activity into tooling.