Audit log
The Audit log within account administration contains the audit log of:
- All activities related to account settings.
- User sign in, sign up events, and actions.
- Flow-level activities such as flow creation, updation and deletion.
To view your audit log, click Go to Profile > Account administration > Audit log. The account-level audit log is available to the Super Admins, IAM Admins (account management logs) and User Admins (user and group management logs).
Similarly, flow-level audit logs is also available to flow admins across process, boards, datasets, integrations, apps and portals. They can be accessed by clicking the More options button ( ) > Audit log.
You can get the following details from the Audit log section of your account:
- Audit ID: This unique ID is generated automatically by the system for every event recorded as part of the history.
- Timestamp: The exact time when a specific action happened or was performed.
- Actor: The account user who acted.
- Action: The kind of activity or action that had taken place. Examples include Dataset permission change, Account ownership transferred, User activated, Account security updated, Field modified, IP address, etc.
- Object: The object or the underlying resource that is being changed.
- Event category: Common name for an event that you can use to filter down to similar events. Examples: Process Administration, Case Administration, etc.,
- Platform: The device or Operating System (OS) used to record the event.
- IP: The network IP address of the recording device.
- Batch ID: This unique ID is generated automatically by the system for a group of related events. Unlike Audit ID, the Batch ID of these events will be the same for reference purposes.
All entries in the audit log get reflected in the user interface with a slight delay. This delay sometimes ranges from a few seconds to a maximum of four hours.
Interpreting the audit log
When you expand each entry in the audit log, based on the type of action performed, you will see data highlighted in three colors: green, red, and yellow. Each color has a distinct meaning that's explained below.
Here, Delta refers to the difference between the original state of the data to its updated state, and highlights only the specific details that have been added, deleted and modified.
Note:
Only enterprise plan users can view the detailed delta associated with each event in the audit log.
Green: This color indicates new data recorded during the new event. For example, when a new process gets created, all the field data, like process name, owner, user role, etc., is recorded for the first time and is highlighted in green.
Likewise, adding a new user would result in the user details, such as First Name, Last Name, Manager, Department, etc., being recorded for the first time in green.
This color indicates new data recorded as part of the new event. For example, when a new form is published, all the new fields created before the publication are recorded for the first time, highlighted in green.
When values are entered in the fields in a form and when the item is submitted, the new values entered are recorded in green.
Yellow: When there is a change in the recorded data, the color yellow highlights that change. For example, when there is a change in the user's name, both the existing name and the newly recorded name get highlighted in yellow to showcase the difference.
Red: Red is used when some recorded data is removed from the audit log and not replaced with new data. For example, when a user is removed from your Kissflow account, all recorded information associated with that user gets removed. When a value in a field in a form is removed and when the item is submitted, the removed value gets recorded in red.
Sorting fields
On the Audit log page, click the Expand button ( ) beside a field filter to sort a field in ascending or descending order.
Searching fields
- On the Audit log page, click the Expand button ( ) beside a field filter
to search for a specific entry. - Use the search box ( ) to search for the necessary term.
Filtering fields
You will be able to filter the Audit log events based on the following fields/criteria:
- Audit period
- Last 30 days: Get event information for the previous 30 days from the current date
- Last 60 days: Get event information for the previous 60 days from the current date
- Last 90 days: Get event information for the previous 90 days from the current date
- Custom date range: Select a customized date range to filter events
Note:
The audit log will only show audit entries from the past 90 days. To view audit events from a date past those 90 days, you must contact our customer support team.
- Object: Select one or more objects from the suggestions or enter the exact object name you would like to derive the log details.
- Event category: Filtering events based on event categories is a recommended way to get specific events from the Audit log section. If you are unsure how to go with the event category, enter a flow name like process or board in its search bar, and it will list all the categories relevant to the flow type you just entered.
- Actor: You can select one or more account users to filter events based on users.
- Action: Enter a relevant action in the field's search bar or select one from the suggested list of actions as necessary. You can filter events based on only one action at a time.
- Audit ID, Batch ID, and IP: Filters are applied on these fields mostly to backtrace an event's history. Enter the exact Audit ID, Batch ID, or IP address to filter events as necessary.
Removing filter conditions
Applied filter conditions will be highlighted in blue, as in the above screenshot. To remove a specific filter condition, hover over it and click the Remove button () to clear it.
Exporting an audit log
Click the Export button (
) to export the audit log as a file on the Audit log page. An email with the download link will be sent immediately to your registered email address from where you can download the file.