Export audit data

Whenever a change is made to a user profile, information about that change is written to the Console audit log: any action that creates, deletes, or modifies a user account in any way is recorded in the log:

type c5ukftq8n6fene4mgw6bvbhb5vj87rps,lgalaviz@janrain.com,,,
277a966f-37e6-4ce8-9abc-61b77ca6ae3f,,TBD dragons,kskmfn2sxu4ysuvrzv8cs57wa53rzums,

If you look closely, you’ll see that this audit log entry (and all audit log entries, for that matter) contains the attributes detailed in the following table (although, depending on the change and who made it, not all the attributes will contain values):

NameShow Audit DataDescription
agent_capture_client_idChange ByID of the API client associated with the API call. This is the same ID found on the Manage Properties page. For example:

agent_emailChange ByEmail address of the agent who made the change. This attribute will be blank unless the task was carried out by a Console agent. For example:

agent_idReserved for future use.
agent_labelReserved for future use.
agent_uuidUUID of the agent who carried out the task. This attribute will be blank unless the task was carried out by a Console agent. For example:

origin_componentReserved for future use.
signed_data_client_descriptionDescription of the signing client. This attribute will be blank unless the task was carried out by a Console agent. For example:

signed_data_client_idClient ID used to sign any ancillary data delivered along with the logdata header interface. This attribute will be blank unless the task was carried out by a Console agent. For example:

target_capture_application_idID of the application used when making the API call; application IDs can be found on the Manage Application page. For example:

target_capture_entity_typeName of the database schema (i.e., the entity type) that was updated. For example:

target_capture_uuidUUID of the user profile that was modified. For example:

target_field_current_valueNew ValueNew value assigned to the modified attribute. For example:

2017-09-25 15:20:52.18615 +0000
target_field_pathField ChangedName (path) of the modified attribute. For example:

target_field_previous_valuePrevious ValueValue that was assigned to the attribute before the modification was made. For example:

2017-09-21 20:14:32.532408 +0000
transaction_committedTime UpdatedDate and time the modification took place. For example:

2017-09-25T15:20:52Z 00
transaction_idReserved for future use.
typeType of operation performed: create, update, or delete. For example:



In the preceding table, the Show Audit Data column corresponds to the columns used when you choose to display audit data onscreen instead of downloading that data.

Good question: how do you get access to all this log data? In the Console, you gain access to log entries by exporting audit data for a user (you can only export audit data for a single user at a time). To export this data, and to view the data onscreen, complete the following procedure:

  1. From the Manage Profiles page, click the user profile containing the audit data you want to export.

  2. From the user profile Edit page, click Export Audit Data:

  3. On the Export Audit Data tab, select a time interval (30 days, 60 days, 90 days) for the export:

  4. Click Show Audit Data. The audit data is displayed onscreen:


The preceding procedure was carried out in an application where Customer Care Portal has been enabled. If you are not using Customer Care Portal, you'll follow the same procedure; you just won't see the Edit Profile option.

As you can see, the onscreen display includes only a handful of audit data fields (although, arguably, these are the fields you’re probably most interested in). Despite that seeming-limitation, Akamai strongly recommends viewing audit data onscreen whenever possible. Why? Because audit data always includes personally-identifiable information (PII). The chances of someone stumbling upon PII that they shouldn’t have access to is lessened if that data is displayed onscreen (and then disappears from sight when you access another page in the Console). By comparison, downloading and saving CSV files, each file containing PII, increases the chances of that data being exposed.

If you need to download data, however, you can complete the same procedure and then click Download CSV File instead of Show Audit Data. Clicking Download File downloads audit data to a comma-separated values (CSV) file with a name similar to this:


In the preceding file name, f467d27a-e4f1-4c1b-bd18-24d47b6ac3f8 indicates the UUID of the user whose audit data was exported.


We should also mention that the CSV file is downloaded directly to the Downloads folder configured for your web browser. You cannot save the file to any directory other than that.

When downloading audit data, as we saw previously, you can export all audit data for the last 30 days, the last 60 days, or the last 90 days.

In addition to those predefined intervals, the Select Dates option enables you to pick a specific time interval for downloading audit information any time within the last 90 days; for example, you might choose to look at audit activity that took place only between September 8 and September 15, 2018:

To return data for a specific time range, click Select Dates and then click the Start Date calendar icon to display the date picker:

Click a start date, then repeat the process to select an end date.

Note that, when you display the date picker, you’ll initially see a calendar only for the current month. Does that mean you’re limited to time intervals that occurred only in this month? No. If you want to set a date for a month other than the current one, just click the displayed month name (e.g., Oct 2018). In turn, you’ll see a list of months similar to this:

To select a start date in, say, September 2018, just click the appropriate month and then click the start date.

If you look closely at the preceding calendar, you’ll notice that some of the months (like January through June) are unavailable. Why can’t you select those months (and, by extension, any days within those months)? There’s a good reason for that: audit data is only maintained for 90 days. That means that you cannot select a start date (or a start month) from 91 or more days ago.