Organization Audit Logs - Tracking User Activity
Overview
Section titled “Overview”Organization audit logs provide a complete record of all actions performed by users in your organization. This feature is essential for compliance, security monitoring, and understanding changes to your organization’s configuration. By reviewing audit logs regularly, you can maintain visibility into who did what and when in your organization.
Important Note: This article covers organization audit logs that track user actions and configuration changes. For searching your ingested network logs, refer to the Hot Search and Cold Search documentation.
Accessing Audit Logs
Section titled “Accessing Audit Logs”To view your organization’s audit logs:
- Navigate to your organization’s audit logs page at
/organizations/:orgId/audit-logs - The audit log interface will display with search and filtering capabilities
Required Permissions: You need appropriate organization-level permissions to access audit logs. If you cannot see the audit logs page, contact your organization administrator.
Understanding Audit Log Entries
Section titled “Understanding Audit Log Entries”Each audit log entry contains key information about actions taken in your organization:
- Timestamp: When the action occurred
- User ID: Which user performed the action
- Organization ID: The organization context
- Action: What type of action was performed
- Resource Type: The type of resource affected (if applicable)
- Resource ID: The specific resource identifier (if applicable)
- Details: Additional context about the action
Searching and Filtering Audit Logs
Section titled “Searching and Filtering Audit Logs”The audit logs interface provides several ways to find specific activities:
Main Search
Section titled “Main Search”Use the main search bar to quickly find audit log entries. The search functionality helps you locate specific actions or events across your audit trail.
Filter Options
Section titled “Filter Options”The audit logs page includes a filter grid that allows you to narrow down results:
- Date Range: Select a specific time period to review
- User Activity: Filter by specific users
- Action Types: Focus on particular types of actions
- Browser Information: View which browsers were used for actions
Active filters are displayed clearly so you can see what criteria are currently applied to your audit log view.
Tips for Effective Searching
Section titled “Tips for Effective Searching”- Start with broader date ranges and narrow down as needed
- Combine multiple filters to pinpoint specific events
- Use the search bar for quick lookups of known actions or users
- Review active filters to ensure you’re seeing the complete picture
What Actions Are Logged
Section titled “What Actions Are Logged”Audit logs capture a comprehensive range of user activities within your organization, including:
- User management actions (adding, removing, or modifying users)
- Organization configuration changes
- Permission and role modifications
- Access to sensitive areas or data
- Administrative actions
The system automatically records these actions with full context, ensuring you have a complete audit trail.
Reviewing Audit Logs for Compliance
Section titled “Reviewing Audit Logs for Compliance”Regular audit log reviews are essential for maintaining security and compliance:
Best Practices
Section titled “Best Practices”- Establish a Review Schedule: Set up regular intervals (weekly, monthly) to review audit logs
- Focus on Critical Actions: Pay special attention to user management, permission changes, and configuration modifications
- Look for Anomalies: Watch for unusual patterns, such as actions at odd hours or unexpected user activities
- Document Your Reviews: Keep records of your audit log reviews for compliance purposes
- Set Up Alerts: If available in your organization, configure notifications for critical actions
Common Review Scenarios
Section titled “Common Review Scenarios”- User Onboarding/Offboarding: Verify that user access was granted or revoked appropriately
- Configuration Changes: Track who made changes to organization settings and when
- Security Incidents: Investigate suspicious activities or policy violations
- Compliance Audits: Generate reports showing user activities during specific periods
Exporting Audit Logs
Section titled “Exporting Audit Logs”For compliance and record-keeping purposes, you may need to export audit log data. Check your organization settings for available export options that allow you to:
- Save audit logs for long-term retention
- Share logs with compliance officers or auditors
- Integrate with external security information and event management (SIEM) systems
- Create reports for regulatory requirements
Troubleshooting
Section titled “Troubleshooting”Audit Logs Not Loading
Section titled “Audit Logs Not Loading”If you encounter issues viewing audit logs:
- Verify you have the necessary permissions
- Check your network connection
- Refresh the page to reload the data
- Contact your administrator if the problem persists
Missing Audit Log Entries
Section titled “Missing Audit Log Entries”If you expect to see certain actions but don’t:
- Verify the date range filter includes the time period in question
- Check that no other filters are excluding the entries
- Confirm the action type is one that gets logged
- Review your active filters to ensure they’re not too restrictive
Related Resources
Section titled “Related Resources”- User Management: Learn about managing users in your organization
- Organization Settings: Configure your organization’s general settings
- Dashboard: View your organization overview and statistics at
/organizations/:orgId/dashboard/:orgId
Need Help? If you have questions about audit logs or need assistance interpreting specific entries, contact your organization administrator or support team.