In the gateway logs I quite often find (failed) logon attempts to on premisse datasources of users which are disabled (and have there powerBI licence withdrawn too long time ago. The user previously published lots of datasets and reports. In which workspace he has publsied is yet unknown to me.
This is always ni de logfile (with the username which i will not copy here)
sspropinitappname="PowerBI - Model Change Tracker - Id 2803642 - Last Check 05/24/2018 11:27:57"
How can I find the source application or report or dataset or workspace where this attempt is being sent from?
Maybe Audit logs can help you in a certain. With Audit logs, you can know who is taking what action on which item in your Power BI tenant. But only global admin or having an Exchange admin role have access to Audit logs.