Guide
TrainingSupportCommunity

Use search filters with audit logs

Suggest Edits

Either instead of, or in conjunction with, the Search Logs field, you can also search/filter your audit log events by using search filters. The Filters pane (displayed if you click Show Filters) provides three ways to filter your audit logs:

  • By date or by date range; for example, you can return only the events recorded during the week of May 26,2019 through June 2, 2019. This is important, because you cannot filter by date in the Search Logs field.

  • By agent email address. Note that you must enter the complete email address; a partial address like greg.stemp won’t work in the Filters pane.

  • By activity type. Unlike the Search Logs field, however, you can only filter on one activity at a time.

You can also use any combination of filter types; if you use multiple search criteria then the Console will construct an AND search for filtering your audit logs. For example, suppose you set the date to June 5, 2019, the activity to Flow Created, and the agent email address to greg.stemp@janrain.com:

When you click Search you’ll get back only those records that meet all three criteria:

The following sections of this documentation explores the filter options in more detail.


Filter by activity

When you filter by activity, you restrict the returned data to a specific action: a user profile was created; API client settings were updated; a Console agent was assigned a new role. For example, if you select User Updated, you’ll only get back audit data involving user profiles that have been updated:

To filter by activity, click the Choose an Activity dropdown and then select the appropriate action:

Note that, from within the Filters section, you can only filter on one action at a time. You cannot select multiple actions in the dropdown list.


Filter by agent email

The Filtering by Agent Email option provides a way to limit the returned events to those actions carried out by the specified agent. For example, if this filter is set to greg.stemp@janrain.com then the returned audit data will look similar to this:

To filter by agent email, simply type the agent’s email address in the Search for Agent Email field:

Note that you must type a valid (i.e., complete) email address. For example, suppose you leave off the .com. In that case, you’ll get the following error message, the Search button will be disabled, and you won’t be able to continue until you address the problem:

When using the Filters section you are also limited to filtering on one email address at a time. Trying to enter a second email address will result in the same error you get when you enter an invalid email address:


Filter by date range

Filter by Date Range gives you two options for limiting the returned data to a specified length of time: you can choose to return all the events recorded in the past 30 days (both the default value and the maximum value), or you can limit the returned data to events recorded within a specified time interval (e.g., from May 15, 2019 through May 20, 2019). To return data for the past 30 days, just select 30 Days the default value):

To return data for a specified date interval, you’ll need to use the dropdown lists to select a start date and an end date:


📘

Before you ask, the day is the smallest interval of time you can filter on: for example, you can’t filter for all the events recorded between 2:00 PM and 4:00 PM on a specified day. However, if you export your audit data the full date and time will be available in the exported CSV file:


As noted elsewhere, 30 days is the maximum length for a date interval; that’s because audit data is only retained for 30 days and is then automatically discarded. Let’s suppose that, on May 30, 2019, you decided to review audit data for the month of March. But note what happens when you try to set March 1, 2019 as your start date:

As you can see, the month of March is grayed-out and unavailable. Why? Because the data for March (which is more than 30 days old) no longer exists. Data for April does exist but, not any data that’s more than 30 days old:

As you can see, data is available only for April 30th and not for any other day before that.

Oh, and be sure you select an end date: you can’t select a start date and assume an end date of the current date. If you don’t select an end date, the Search button won’t be available, at least not until you do select an end date:

Updated almost 2 years ago