Documentation Experience Platform Experience Platform overview

Audit logs

Last update: March 17, 2025

Topics:
Audits

CREATED FOR:

Admin
Developer

In order to increase the transparency and visibility of activities performed in the system, Adobe Experience Platform allows you to audit user activity for various services and capabilities in the form of “audit logs”. These logs form an audit trail that can help with troubleshooting issues on Platform, and help your business effectively comply with corporate data stewardship policies and regulatory requirements.

In a basic sense, an audit log tells who performed what action, and when. Each action recorded in a log contains metadata that indicates the action type, date and time, the email ID of the user who performed the action, and additional attributes relevant to the action type.

NOTE

The metadata for the actions Add user and Remove user within the Role resource will not contain the email ID of the user who performed the action. Instead, the logs will display the system generated email ID (system@adobe.com).

This document covers audit logs in Platform, including how to view and manage them in UI or API.

Event types captured by audit logs

The following table outlines which actions on which resources are recorded by audit logs:

Resource	Actions
Access control policy (attribute based access control)	Create Update Delete
Account (Adobe)	Create Update Delete
Attribution AI instance	Create Update Delete Enable Disable
Audit logs	Export
Class	Create Update Delete
Computed attribute	Create Update Delete
Customer AI instance	Create Update Delete Enable Disable
Dataset	Create Update Delete Enable for Real-Time Customer Profile Disable for Profile Add data Delete batch
Datastream	Create Update Delete Enable Disable Edit Mapping
Data types	Create Update Delete
Destination	Create Update Delete Enable Disable Dataset Activate Dataset Remove Profile Activate Profile Remove
Field group	Create Update Delete
Identity graph	View
Identity namespace	Create Update
Merge policy	Create Update Delete
Product profile	Create Update Delete
Query	Execute
Query template	Create Update Delete
Role (attribute based access control)	Create Update Delete Add user Remove user
Sandbox	Create Update Reset Delete
Scheduled query	Create Update Delete
Schema	Create Update Delete Enable for Profile
Segment	Create Delete Segment Activate Segment Remove
Source data flow	Create Update Delete Enable Disable Dataset activate Dataset remove Profile ativate Profile remove
Work order	Create

Access to audit logs

When the feature is enabled for your organization, audit logs are automatically collected as activity occurs. You do not need to manually enable log collection.

In order to view and export audit logs, you must have the View User Activity Log access control permission granted (found under the Data Governance category). To learn how to manage individual permissions for Platform features, please refer to the access control documentation.

Managing audit logs in the UI

You can view audit logs for different Experience Platform features within the Audits workspace in the Platform UI. The workspace shows a list of recorded logs, by default sorted from most recent to least recent.

The Audits dashboard highlighting Audits in the left menu.

Audit logs are retained for 365 days after which they will be deleted from the system. If you require data of more than 365 days, you should export logs at a regular cadence to meet your internal policy requirements.

Your method of requesting audit logs changes the allowable time period and the number of records you will have access to. Exporting logs allows you to go back 365 days (in 90 day intervals) to a maximum of 10,000 records, where as the activity log UI in Experience Platform displays the past 90 days to a maximum of 1000 records.

Select an event from the list to view its details in the right rail.

Audits dashboard Activity log tab with the event details panel highlighted.

Filter audit logs

Select the funnel icon ( ) to display a list of filter controls to help narrow results.

NOTE

The Experience Platform UI only displays the past 90 days up a maximum of 1000 records, regardless of the applied filters. If you need logs past that (to a maximum of 365 days), you’ll need to export your audit logs.

The Audits dashboard with the filtered activity log highlighted.

The following filters are available for audit events in the UI:

Filter	Description
Category	Use the dropdown menu to filter displayed results by category.
Action	Filter by action. The actions available for each service can be seen in the resource table above.
User	Enter the complete user ID (for example, `johndoe@acme.com`) to filter by user.
Status	Filter by whether the action was allowed (completed) or denied due to lack of access control permissions.
Date	Select a start date and/or an end date to define a date range to filter results by. Data can be exported with a 90-day lookback period (for example, 2021-12-15 to 2022-03-15). This can differ by event type.

To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.

The Audits dashboard with clear filter highlighted.

The returned audit log data contains the following information on all queries that meet your chosen filter criteria.

Column name	Description
Timestamp	The exact date and time of the action performed in a `month/day/year hour:minute AM/PM` format.
Asset Name	The value for the Asset Name field depends on the category chosen as a filter.
Category	This field matches the category selected in the filter dropdown.
Action	The available actions depend on the category chosen as a filter.
User	This field provides the user ID that executed the query.

The Audits dashboard with the filtered activity log highlighted.

Export audit logs

To export the current list of audit logs, select Download log.

NOTE

Logs can be requested in 90 day intervals up to 365 days in the past. However, the maximum amount of logs that can be returned during a single export is 10,000.

The Audits dashboard with the Download log highlighted.

In the dialog that appears, select your preferred format (either CSV or JSON), then select Download. The browser downloads the generated file and saves it to your machine.

The file format selection dialog with Download highlighted.

Enable alerts

You can enable audit alerts to receive notifications for the following rules:

Audience create
Audience update
Audience delete
Dataset create
Dataset update
Dataset delete
Schema create
Schema update
Schema delete

Select the desired alert from the list to subscribe to receive notifications. For more information on alerts, see the guide on subscribing to alerts using the UI.

Managing audit logs in the API

All actions that you can perform in the UI can also be done using API calls. See the API reference document for more information.

Managing audit logs for Adobe Admin Console

To learn how to manage audit logs for activities in Adobe Admin Console, refer to the following document.

Next steps and additional resources

This guide covered how to manage audit logs in Experience Platform. For more information on how to monitor Platform activities, see the documentation on Observability Insights and monitoring data ingestion.

To reinforce your understanding of audit logs in Experience Platform, watch the following video:

video poster

https://video.tv.adobe.com/v/341450?quality=12&learn=on

Transcript

Audit logs provide transparency and visibility into all activities on Adobe Experience Platform based applications, helping you to comply with corporate data stewardship policies and regulatory requirements. This accountability and transparency will also help you to troubleshoot issues on platform by giving you easy access to who did what and when. Access to the logs is governed by Experience Platform access control and requires administrators to add the view user activity log permission to relevant users through the admin console. Once access is provided, you can go into the platform interface, and then the left rail, click on the audits link to view the logs. Here, you can see the list of logged actions ordered by most recent activity. For each logged action, the system captures and exposes key metadata, including the name of the asset acted upon, type of action, and the user ID of who performed the action. Additional details such as asset identifiers and IP addresses are available in this sidebar. You can filter the logs and export the logs as CSV or JSON for additional discovery and analysis. For example, your IT department could upload the data into a log aggregator for analysis across your tech stack. All these actions can also be executed through the API, and that includes controls to query, filter and export logs based on key facets. You can learn more about the API usage in our Experience League and Developer Portal documentation. Here’s a list of actions that are captured in the logs today and includes key configuration activity in schemas, data sets, sandbox management and activation. We plan to extend this list and include more critical event types and metadata over time. In summary, audit logs help you to comply with corporate data stewardship policies and regulatory requirements, and to troubleshoot. Thank you. -

recommendation-more-help