Richer audit log context

Audit logs now give you a clearer picture of what’s happening across your organization.

Audit logs now capture significantly more context about how your team interacts with Axiom. When you review audit logs, you’ll see privacy-safe representations of the queries being run, making it easier to understand what’s happening across your organization without exposing sensitive data in query strings.

Audit logs now also track the source of each query—including which monitor triggered it—so you can trace query activity back to its origin. This is particularly useful when debugging performance issues or understanding which monitors are generating the most query load. Dashboard tracking is coming soon to provide even more visibility.

Query cost tracking and storage usage are now included in audit logs, giving you better visibility into resource consumption patterns. This helps you identify expensive queries, optimize performance, and understand how different teams use their query and storage budgets.

These enhancements make audit logs more actionable for governance, debugging, and cost optimization workflows.

With query cost tracking now available in audit logs, you can set up monitors to alert you when expensive queries run. Here’s an APL example that identifies queries exceeding your cost threshold of 1000 query units:

['axiom-audit']
| where action == 'runAPLQueryCost'
| where ['properties.query_cost_gbms'] > 1000

Use this query as a monitor to get notified when expensive queries run. You can adjust the query_cost_gbms threshold based on your organization’s usage patterns and budget.

Check out the audit logs documentation for more details.

• Fixed OpenTelemetry span handling.
• Improved dataset handling during subscription updates.
• Fixed spend limit notification logic to ensure alerts are sent correctly.