Realm admins can query audit logs by using these filters:
- Start and end dates – Enter a date range from one to seven days, inclusive.
- App name – Enter an app name, or leave black to search all apps. Deleted apps cannot be queried.
- User email – Enter a user email, or leave black to search logs for all users.
- Actions – Enter one or more actions separated by commas, or leave blank to search all actions.
- Log ID – Enter a log ID to search all audit logs within the retention period purchased.
To query audit logs using a filter:
- Click Audit Logs on the left-hand navigation bar of the Admin Console, or on the left-hand navigation bar of the Manage Billing Account page.
- Select a filter at the top of the page. Depending on which filter you choose, enter the appropriate information. You can use either the Log ID as a single filter, or any combination of the dates, app name, user email, and action filters.
Note: If you don't specify an app name, user email, action, or log ID filter, all activity within the specified date range displays. -
Click Display logs to apply the chosen filter(s). You can repeat the steps to change and/or combine filters to alter your results.
It may take up to 5 minutes to see a new audit log event appear.
Audit logs display the following information:
| Item | Description |
|---|---|
| Log ID | Auto-generated identifier of the audit log. |
| First Name | User’s first name. |
| Last Name | User’s last name. |
| Email Address | User’s email address. |
| Action | What action was taken, such as log in, create app, report access, or table search. |
| Browser time | Exact time the action was taken, including date, and time with hour, minutes and seconds. Time zone is the browser time zone. |
| IP | The IP address the action was taken from. |
| User Agent | The browser and OS the action was taken from. |
| Session Information |
The Session ID associated with a user’s browsing session on a particular device (which resets when the session expires), or a short snippet of the User Token, which is used for compatible API calls. You can use this information to trace back the user who performed a particular action when using a service account or through an API. For example, an audit log for an action performed by a service account will only contain the service account used in the description. You can trace the Session ID back to the user session associated with the service account by locating the |
| Application | UI for user interface or API for an API call. |
| Description |
A description of the action that occurred. Some audit logs contain links to the resource that was accessed or changed, or links to view additional details.
View examples of descriptions in the Audit Log Library. |
Learn more
Tracking data changes in a specific field