Audit log events
Categories of administrative events recorded in the audit log.
Every administrative change in the console writes to an append-only audit log scoped to the organisation. Events are grouped into categories for filtering and retention.
Categories
| Category | Surface |
|---|---|
agent | Agent create / rename / rotate-key / delete. |
page | Status page create / edit / theme change / access-mode change / delete. |
webhook | Webhook subscription create / edit / pause / delete; delivery retry / discard. |
metric | Metric definition create / edit / threshold change / delete. Manual metric status writes (metric.status.set_manually) also fall here. |
slo | SLO create / target change / window change / delete; burn open / resolve. |
customer | Customer create / edit / page binding change / SLO override / delete. |
incident | Incident create / publish / update / resolve / delete; message append. |
maintenance | Maintenance schedule / start / complete / cancel; starting-soon cron event. |
subscriber | Subscriber confirm / unsubscribe; per-event delivery audit lives in subscriber_deliveries, not audit_log. |
org | Organisation create / rename / member add / member remove. |
auth | User sign-in, sign-out, MFA enrol, password change. |
subscription | Plan change, payment method update, invoice generated. |
billing | Payment provider events (charge succeeded, refund, dispute, etc.). |
api_key | Org API key create / revoke. |
other | Any event whose action prefix does not match the categories above. |
Event shape
Each row carries:
id: opaque identifier.org_id: the organisation the event scopes to.actor: the user or system that performed the action.action: dotted action string (for exampleagent.created,slo.target_changed).target_typeandtarget_id: the resource the action affected.metadata: action-specific JSON payload.created_at: timestamp.
Filtering
The audit log page in the console supports filtering by:
- Time range.
- Category.
- Actor (user identifier).
- Action (full dotted string).
- Target id.
Retention
Audit log retention follows the same window as metric history (see Plans and quotas). Older entries are not deleted automatically; export them on the schedule your compliance team requires.
Was this page helpful?