/
Work with audit logs

Work with audit logs

Owned by Elizabeth Riezinger (Unlicensed)
Last updated: Oct 14, 2024 by Shailly Kumar
3 min read

This article highlights a new alerting feature that's natively available in Compass and is gradually rolling out to some customers. It may not yet be visible or available on your site.

Audit logs are a summary of all the activities associated with an integration that help team admins troubleshoot issues.

View the audit log

Things to do before you start:

To access and work with the audit logs for your team:

  1. In Compass, go to Settings > Products.

  2. Scroll to the Operations section and select Audit logs from the sidebar.

You’ll see a table of activities organized by date and the time the activity happened. Expand a log entry to dig into the details. You can also copy the JSON version of the log for viewing. Some log entries may not include the details or the JSON content.

An audit log contains the following information:

  • IDs of and information about alerts, incidents, integrations

  • Time stamps, timezones

  • Details of action taken. For example, responder added, alert acknowledged, etc.

  • Integration properties

  • User profile information such as email, public name, full name, etc., as per the user’s profile visibility settings.

The organization admins, Jira admins, and team admins can view all the audit log information as they have access to integrations' logs, including APIs and downloads.

Following is a detailed audit log entry in JSON format:

{ "_internalDetails": { "incident-raw-id":"8b75f063-937c-4277-80d4-86d4b301ce27", "incident-alert-type":"Associated" }, "note":"null", "snoozedUntil":"null", "ownerFullName":"null", "acknowledged":"false", "isCustomAction":"false", "integrationName":"Another sync", "description":"", "source":"xyz@mytest.com", "_extraProperties":{ "incident-alert-type":"Associated" }, "-oldTags":[], "tinyId":"803", "alias":"5d3973e2-ebcd-4ef9-9cee-4ce0e2ee93e3-1688164225746", "action":"AddDetails", "id":"5d3973e2-ebcd-4ef9-9cee-4ce0e2ee93e3-1688164225746", "-customActions":[], "owner":"", "eventId":"b3dee76d-a50e-4f4a-b672-adbacadbf49e", "_parsedData":{ "custom":"false", "_oldAlert":{ "owner":"", "_internalDetails":{ "incident-raw-id":"8b75f063-937c-4277-80d4-86d4b301ce27", "incident-alert-type":"Associated" }, "closedBy":"", "acknowledged":"false", "-actions":[], "count":"1", "acknowledgedBy":"", "source":"xyz@mytest.com", "_details":{"incident-alert-type":"Associated" }, "message":"This is a high priority alert", "priority":"P2", "snoozed":"false", "seen":"false", "-responders":[], "-tags":[], "lastAcknowledgeTime":"0", "entity":"", "lastOccurredAt":"2023-06-30T22:30:25.746Z", "status":"open", "updatedAt":"1688164230672000070" }, "_newAlert":{ "owner":"", "_internalDetails":{ "incident-raw-id":"8b75f063-937c-4277-80d4-86d4b301ce27", "incident-alert-type":"Associated" }, "closedBy":"", "acknowledged":"false", "-actions":[], "count":"1", "acknowledgedBy":"", "source":"xyz@mytest.com", "_details":{ "incident-alert-type":"Associated" }, "message":"This is a high priority alert", "priority":"P2", "snoozed":"false", "seen":"false", "-responders":[], "-tags":[], "lastAcknowledgeTime":"0", "entity":"", "lastOccurredAt":"2023-06-30T22:30:25.746Z", "status":"open", "updatedAt":"1688164230757318015" }, "eventTime":"2023-06-30T22:30:30.764Z", "action":"AddDetails", "_source":{ "sourceType":"incident", "domain":"incident", "type":"request", "configType":"incident" }, "_customer":{ "cloudId":"336fac08-6a32-4272-86a4-8dd71505d33b", "name":"jsmops.env", "timeZone":"Europe/Sofia", "id":"7471af39-b2fd-4296-a7f1-c51dd4a6bd85", "locale":"en_US", "activationId":"28467559-c62f-443d-9877-c4879fb7649b" }, "_metadata":{ "createdAt":"2023-06-30T22:30:25.746Z", "tinyId":"803", "closeTime":"-1", "alias":"5d3973e2-ebcd-4ef9-9cee-4ce0e2ee93e3-1688164225746", "description":"", "id":"5d3973e2-ebcd-4ef9-9cee-4ce0e2ee93e3-1688164225746", "_integration":{"id":"0e0b127f-a89a-46eb-831a-b7c1bae17605", "type":"API" }, "ownerTeamId":"", "-customActions":[] }, "actionOwnerDisplay":"System", "timestamp":"2023-06-30T22:30:30.764Z" }, "-newlyAddedTags":[], "oldPriority":"P2", "integrationId":"6e422287-b320-4a37-90c7-44ba50f67ad5", "_details":{ "incident-alert-type":"Associated" }, "message":"This is a high priority alert", "priority":"P2", "_actionSource":{ "sourceType":"incident", "domain":"incident", "type":"request", "configType":"incident" }, "-responders":[], "-tags":[], "actionOwnerDisplay":"System", "-removedTags":[], "status":"open" }

Search and filter the audit log

The audit log lists activities that go as far back as 180 days. You can search for specific integrations, alerts, notification rules, etc., in the search tab, and specify the time interval to search for.

  1. In Compass, go to Settings > Products.

  2. Scroll to the Operations section and select Audit logs from the sidebar.

  3. Enter your search criteria in the text field. You can search for activities with specific keywords or by using the names of users, log category names, etc.

  4. Narrow the search results by applying any number of filters:

    1. Specify a date range, duration, log category, or log level.

    2. Select Update.

  5. Select Apply.

Export audit log

You can export the audit log to get it via email in CSV format.

  1. In Compass, go to Settings > Products.

  2. Scroll to the Operations section and select Audit logs from the sidebar.

  3. Add filters if you wish to narrow down the logs you export to a specific criteria, and select Apply.

  4. When you’re ready to export, select Export log.

  5. You’ll get your exported log via email, this may take a while depending on the size of the exported logs.

 

Related content

What are audit logs?
What are audit logs?
Operations
Read with this
What are reports of operations?
What are reports of operations?
Operations
Read with this
Reports for on-call teams
Reports for on-call teams
Operations
Read with this