Track activity in Axiom
This page explains how to track activity in your Axiom organization with the audit log.
The audit log allows you to track who did what and when within your Axiom organization.
Tracking activity in your Axiom organization with the audit log is useful for legal compliance reasons. For example, you can investigate the following:
- Track who has accessed the Axiom platform.
- Track organization access over time.
- Track data access over time.
The audit log also make it easier to manage your Axiom organization. They allow you to do the following, among others:
- Track changes made by your team to your observability posture.
- Track monitoring performance.
The audit log is available to all users. Enterprise customers can query the audit log for the full time range. Other customers can query the audit log for the previous three days.
Explore audit log
- Go to the Query tab, and then click APL.
- Query the
axiom-auditdataset. For example, run the query['axiom-audit']to display the raw audit log data in a table. - Optional: Customize your query to filter or summarize the audit log. For more information, see Explore data.
- Click Run.
The action field specifies the type of activity that happened in your Axiom organization.
Export audit log
- Run the query to display the audit log.
- Click
More > Download as JSON.
Restrict access to audit log
To restrict access to the audit log, use Axiom’s role-based access control to define who can access the axiom-audit dataset. For more information, see Access.
List of trackable actions
The action field specifies the type of activity that happened in your Axiom organization. The most common actions that Audit logs allow you to track are the following:
- createAdvancedApiToken means that a user created an advanced API token.
- createAnnotation means that a user created an annotation.
- createBasicApiToken means that a user created a basic API token.
- createDashboard means that a user created a dashboard.
- createDataset means that a user created a dataset.
- createMonitor means that a user created a monitor.
- createNotifier means that a user created a notifier.
- createOrg means that a user created an organization.
- createPersonalAccessToken means that a user created a personal access token.
- createUser means that a user created another user.
- deleteDashboard means that a user deleted a dashboard.
- deleteDataset means that a user deleted a dataset.
- logout means that a user logged out.
- notifierFailed means that a notifier failed.
- notifierTriggered means that a notifier triggered.
- removeUserFromOrg means that a user removed another user from an organization.
- runAplQuery means that a user ran an APL query.
- sendMessage means that Axiom sent a message to a channel defined by a notifier.
- sendUserDeletedEmail means that a user was deleted and Axiom sent out a notification email about the deletion.
- streamDataset means that a user viewed the stream of a dataset.
- trimDataset means that a user trimmed a dataset.
- updateDashboard means that a user updated a dashboard.
- updateMonitor means that a user deleted a monitor.
- updateUserSettings means that a user updated their user settings.
- updateVirtualField means that a user updated a virtual field.
The list above is non-exhaustive. To see all the different actions that happened in your Axiom organization, run the following query:
Was this page helpful?