DocumentationExperience PlatformExperience Platform overview

Audit logs audit-logs

Last update: Fri Nov 29 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin
  • Developer

In order to increase the transparency and visibility of activities performed in the system, Adobe Experience Platform allows you to audit user activity for various services and capabilities in the form of “audit logs”. These logs form an audit trail that can help with troubleshooting issues on Platform, and help your business effectively comply with corporate data stewardship policies and regulatory requirements.

In a basic sense, an audit log tells who performed what action, and when. Each action recorded in a log contains metadata that indicates the action type, date and time, the email ID of the user who performed the action, and additional attributes relevant to the action type.

NOTE
The metadata for the actions Add user and Remove user within the Role resource will not contain the email ID of the user who performed the action. Instead, the logs will display the system generated email ID (system@adobe.com).

This document covers audit logs in Platform, including how to view and manage them in UI or API.

Event types captured by audit logs category

The following table outlines which actions on which resources are recorded by audit logs:

Resource
Actions
Access control policy (attribute based access control)
  • Create
  • Update
  • Delete
Account (Adobe)
  • Create
  • Update
  • Delete
Attribution AI instance
  • Create
  • Update
  • Delete
  • Enable
  • Disable
Audit logs
  • Export
Class
  • Create
  • Update
  • Delete
Computed attribute
  • Create
  • Update
  • Delete
Customer AI instance
  • Create
  • Update
  • Delete
  • Enable
  • Disable
Dataset
Datastream
Data types
  • Create
  • Update
  • Delete
Destination
  • Create
  • Update
  • Delete
  • Enable
  • Disable
  • Dataset Activate
  • Dataset Remove
  • Profile Activate
  • Profile Remove
Field group
  • Create
  • Update
  • Delete
Identity graph
  • View
Identity namespace
  • Create
  • Update
Merge policy
  • Create
  • Update
  • Delete
Product profile
  • Create
  • Update
  • Delete
Query
  • Execute
Query template
  • Create
  • Update
  • Delete
Role (attribute based access control)
  • Create
  • Update
  • Delete
  • Add user
  • Remove user
Sandbox
  • Create
  • Update
  • Reset
  • Delete
Scheduled query
  • Create
  • Update
  • Delete
Schema
  • Create
  • Update
  • Delete
  • Enable for Profile
Segment
  • Create
  • Delete
  • Segment Activate
  • Segment Remove
Source data flow
  • Create
  • Update
  • Delete
  • Enable
  • Disable
  • Dataset activate
  • Dataset remove
  • Profile ativate
  • Profile remove
Work order
  • Create

Access to audit logs

When the feature is enabled for your organization, audit logs are automatically collected as activity occurs. You do not need to manually enable log collection.

In order to view and export audit logs, you must have the View User Activity Log access control permission granted (found under the Data Governance category). To learn how to manage individual permissions for Platform features, please refer to the access control documentation.

Managing audit logs in the UI managing-audit-logs-in-the-ui

You can view audit logs for different Experience Platform features within the Audits workspace in the Platform UI. The workspace shows a list of recorded logs, by default sorted from most recent to least recent.

The Audits dashboard highlighting Audits in the left menu.

Audit logs are retained for 365 days after which they will be deleted from the system. Therefore, you can only go back for a maximum period of 365 days. If you require data of more than 365 days, you should export logs at a regular cadence to meet your internal policy requirements.

Select an event from the list to view its details in the right rail.

Audits dashboard Activity log tab with the event details panel highlighted.

Filter audit logs

NOTE
Since this a new feature, the data displayed only goes back to March 2022. Depending on the resource selected, earlier data may be available from January 2022.

Select the funnel icon ( Filter icon ) to display a list of filter controls to help narrow results. Only the last 1000 records are displayed irrespective of the various filters selected.

The Audits dashboard with the filtered activity log highlighted.

The following filters are available for audit events in the UI:

Filter
Description
Category
Use the dropdown menu to filter displayed results by category.
Action
Filter by action. The actions available for each service can be seen in the resource table above.
User
Enter the complete user ID (for example, johndoe@acme.com) to filter by user.
Status
Filter by whether the action was allowed (completed) or denied due to lack of access control permissions.
Date
Select a start date and/or an end date to define a date range to filter results by. Data can be exported with a 90-day lookback period (for example, 2021-12-15 to 2022-03-15). This can differ by event type.

To remove a filter, select the “X” on the pill icon for the filter in question, or select Clear all to remove all filters.

The Audits dashboard with clear filter highlighted.

The returned audit log data contains the following information on all queries that meet your chosen filter criteria.

Column name
Description
Timestamp
The exact date and time of the action performed in a month/day/year hour:minute AM/PM format.
Asset Name
The value for the Asset Name field depends on the category chosen as a filter.
Category
This field matches the category selected in the filter dropdown.
Action
The available actions depend on the category chosen as a filter.
User
This field provides the user ID that executed the query.

The Audits dashboard with the filtered activity log highlighted.

Export audit logs

To export the current list of audit logs, select Download log.

The Audits dashboard with the Download log highlighted.

In the dialog that appears, select your preferred format (either CSV or JSON), then select Download. The browser downloads the generated file and saves it to your machine.

The file format selection dialog with Download highlighted.

Enable alerts enable-alerts

You can enable audit alerts to receive notifications for the following rules:

  • Audience create
  • Audience update
  • Audience delete
  • Dataset create
  • Dataset update
  • Dataset delete
  • Schema create
  • Schema update
  • Schema delete

Select the desired alert from the list to subscribe to receive notifications. For more information on alerts, see the guide on subscribing to alerts using the UI.

Managing audit logs in the API

All actions that you can perform in the UI can also be done using API calls. See the API reference document for more information.

Managing audit logs for Adobe Admin Console

To learn how to manage audit logs for activities in Adobe Admin Console, refer to the following document.

Next steps and additional resources

This guide covered how to manage audit logs in Experience Platform. For more information on how to monitor Platform activities, see the documentation on Observability Insights and monitoring data ingestion.

To reinforce your understanding of audit logs in Experience Platform, watch the following video:

video poster

https://video.tv.adobe.com/v/341450?quality=12&learn=on

Transcript
Audit logs provide transparency and visibility into all activities on Adobe Experience Platform based applications, helping you to comply with corporate data stewardship policies and regulatory requirements. This accountability and transparency will also help you to troubleshoot issues on platform by giving you easy access to who did what and when. Access to the logs is governed by Experience Platform access control and requires administrators to add the view user activity log permission to relevant users through the admin console. Once access is provided, you can go into the platform interface, and then the left rail, click on the audits link to view the logs. Here, you can see the list of logged actions ordered by most recent activity. For each logged action, the system captures and exposes key metadata, including the name of the asset acted upon, type of action, and the user ID of who performed the action. Additional details such as asset identifiers and IP addresses are available in this sidebar. You can filter the logs and export the logs as CSV or JSON for additional discovery and analysis. For example, your IT department could upload the data into a log aggregator for analysis across your tech stack. All these actions can also be executed through the API, and that includes controls to query, filter and export logs based on key facets. You can learn more about the API usage in our Experience League and Developer Portal documentation. Here’s a list of actions that are captured in the logs today and includes key configuration activity in schemas, data sets, sandbox management and activation. We plan to extend this list and include more critical event types and metadata over time. In summary, audit logs help you to comply with corporate data stewardship policies and regulatory requirements, and to troubleshoot. Thank you. -
recommendation-more-help
5741548a-2e07-44b3-9157-9c181502d0c5