Audit logs

Audit logs enable admins to gain greater visibility into how users access their apps and the types of changes that are made to data and structure within those apps. Using audit logs, admins can ensure adherence to their organization’s security standards and compliance policies.

Note: Audit logs are included with Platform and above plans with six months data retention and are available as an add-on for Premier plans. Data retention is the continued storage of an organization's data for compliance or business reasons. Retention packages are available for one, three, and seven years.

Audit logs are rolling logs based on the selected data retention period. A total of 90 days of activity is available. Audit logs are available for the following activity types:

Activities Types
User events
  • User creation

  • User token creation, deletion, activation, or deactivation

  • All successful log-ins and log-outs

Data access and changes
  • App and table searches

  • App and table home page access

  • Rich text page access

  • Code page access

  • Record access, creation, modification, or deletion

  • Report access, including through a URL redirect

  • Form activity through a URL redirect

  • Downloading all forms and users in app when going offline in mobile

  • Calls to API_DoQueryCount, a call which counts the number of records in a table that match a set of criteria

  • Searches at the app level, including the number of tables searched

  • Embedded reports access

Schema changes
  • App creation and deletion

  • Table creation and deletion

  • Relationship creation and deletion

  • Field creation and deletion

  • Enabling and disabling offline mode

This topic describes how to:

Enable data change logs

Admins can view activity details for an app. By default, data change tracking is disabled.

To enable data changes:

  1. As a realm admin with account admin privileges, you enable data change tracking from the Apps page of the Admin Console. Select the check box on the left of the app, and then click the option at the top of the page to enable or disable change logs.

    Note: You can enable or disable data change logs for up to 20 apps per realm.

    Note: There is a data size limit of 0.25 megabytes per record, which equates to 250,000 characters or about 40,000 words. If your app has lengthy field values and you are tracking many fields, the amount of data displayed in each field may be truncated.
  2. Once you enable this setting on the Apps page, the Track field checkbox displays in the Advanced section of the Fields properties page:

  3. Select the check box to track the field for audit purposes.

    Admins can select up to 50 fields per table to track by selecting Advanced Options at the top right of the page. From the Advanced Options dialog, select the Audit Logs Enabled check box and click Save. The Audit Logs Enabled property is the same as the This field will be tracked for audit purposes property.

    Note: Formula and summary fields are not supported.

    The Audit Logs Enabled column is added to the Fields properties pages showing those fields with enabled audit logs with a green check mark.

For text fields, there is another log property you can set from the Field properties page to log edits against and display on forms. After you add a new text field, click the text field you just added and click to expand the Text field options section.

Select the Log Entries check box to Log the edits to this field, and show them on forms. Click Save to update your changes.

View details of data changes

When admins enable audits for data change logs at both the app and field level, they can view data changes in audit logs and click each change for more detail.

If existing data was updated, the old and new values display next to each other.

Query and filter audit logs

Admins can customize how to query their audit logs by using the following filters:

  • Start and end dates - Enter a date range from one to seven days, inclusive.
  • App name
  • User email
  • Log ID - Search all audit logs within the retention period purchased.

Note: The app name filter does not currently support querying for deleted apps.

To query audit logs using a filter:

  1. Click Audit Logs on the left-hand navigation bar of the Admin Console, or on the left-hand navigation bar of the Manage Billing Account page.
  2. Select a filter at the top of the page. Based on the filter chosen, enter the appropriate information. You can use either the Log ID as a single filter, or any combination of the dates, app name, and user email filters.
    Note: If you do not specify an app name, user email, or log ID filter, all activity within the specified date range displays.

  3. Click Display logs to apply the chosen filter(s). You can repeat the steps to change and/or combine filters to alter your results.

Audit logs display the following information:

Item Description
Log ID  Auto-generated identifier of the audit log.
First Name User’s first name.
Last Name User’s last name.
Email Address User’s email address.
Action What action was taken, such as log in, create app, report access, or table search.
Browser time Exact time the action was taken, including date, and time with hour, minutes and seconds. Time zone is the browser time zone.
IP The IP address the action was taken from.
User Agent The browser and OS the action was taken from.
Application UI for user interface or API for an API call.
Description A brief description of the action that you can click to see additional details.

Download audit logs

Admins can download audit log information in seven-day increments. A total of 90 days of activity is available. Downloaded logs contain all the information available in the user interface plus IDs. To download an audit log:

  1. Click Audit Logs on the left-hand navigation bar of the Admin Console, or on the left-hand navigation bar of the Manage Billing Account page.
  2. Select filters to customize how to query the audit logs.
  3. Click Display logs to view the log activity.
  4. Click Download to generate a .csv file of the audit logs.