The audit log allows you to track who did what and when within your Axiom organization. Tracking activity in your Axiom organization with the audit log is useful for legal compliance reasons. For example, you can investigate the following:
  • Track who has accessed the Axiom platform.
  • Track organization access over time.
  • Track data access over time.
The audit log also make it easier to manage your Axiom organization. They allow you to do the following, among others:
  • Track changes made by your team to your observability posture.
  • Track monitoring performance.
The audit log is available to all users. By default, you can query the audit log for the previous three days. You can request the ability to query the audit log for the full time range as an add-on if you’re on the Axiom Cloud plan, and it’s included by default on the Bring Your Own Cloud plan. For more information on ugrading, see the Plan page in your Axiom settings.

Explore audit log

  1. Go to the Query tab, and then click APL.
  2. Query the axiom-audit dataset. For example, run the query ['axiom-audit'] to display the raw audit log data in a table.
  3. Optional: Customize your query to filter or summarize the audit log. For more information, see Explore data.
  4. Click Run.
The action field specifies the type of activity that happened in your Axiom organization.

Export audit log

  1. Run the query to display the audit log.
  2. Click More icon More > Download as JSON.

Restrict access to audit log

To restrict access to the audit log, use Axiom’s role-based access control to define who can access the axiom-audit dataset. For more information, see Access.

List of trackable actions

The action field specifies the type of activity that happened in your Axiom organization. The actions that Audit logs allow you to track are the following:
  • aplDelete
  • createAnnotation
  • createAPIToken
  • createDashboard
  • createDataset
  • createEndpoint
  • createFlowConfiguration
  • createFlowDestination
  • createFlowReplay
  • createFlowStream
  • createGroup
  • createMapField
  • createMonitor
  • createNotifier
  • createOrg
  • createOrgStorage
  • createPersonalToken
  • createRole
  • createUser
  • createView
  • createVirtualField
  • deleteAnnotation
  • deleteAPIToken
  • deleteDashboard
  • deleteDataset
  • deleteEndpoint
  • deleteFlowConfiguration
  • deleteFlowDestination
  • deleteGroup
  • deleteMapField
  • deleteMonitor
  • deleteNotifier
  • deleteOrg
  • deletePersonalToken
  • deleteRepo
  • deleteRole
  • deleteSession
  • deleteShareLink
  • deleteView
  • downgradeOrg
  • downgradePlan
  • fieldLimitApproached
  • fieldLimitExceeded
  • getDashboard
  • getDatasetFields
  • getField
  • getSharedRepos
  • logout
  • logoutEverywhere
  • messageSent
  • notifierFailed
  • notifierTriggered
  • notifyCustomerIOIssues
  • postRepos
  • regenerateAPIToken
  • regeneratePersonalToken
  • removeRBAC
  • removeUserFromOrg
  • resolveMonitor
  • resolveMonitorAll
  • resumeFlowReplay
  • resumeFlowStream
  • rotateSharedAccessKeys
  • runAPLQuery
  • sendOrgDeletedEmails
  • sendOrgMonthlyIngestedExceededEmail
  • sendOrgMonthlyIngestedNearLimitEmail
  • sendUserDeletedEmail
  • sendWelcomeEmail
  • setEnableAI
  • shareRepo
  • stopFlowReplay
  • stopFlowStream
  • streamDataset
  • triggerNotifier
  • triggerNotifierWithID
  • trimDataset
  • unShareRepo
  • updateDashboard
  • updateDataset
  • updateDatasetSettings
  • updateEndpoint
  • updateField
  • updateFlowConfiguration
  • updateFlowDestination
  • updateGroup
  • updateMapFields
  • updateMonitor
  • updateNotifier
  • updateOrg
  • updatePersonalToken
  • updateRepo
  • updateRole
  • updateUser
  • updateUserSettings
  • updateView
  • updateVirtualField
  • upgradeOrg
  • upgradePlan
  • usageCalculated
  • useShareLink
  • vacuumDataset