Audit Logs

Audit Logs

Audit logs provide a complete record of all actions taken within your AI for Database organization. They are essential for security reviews, compliance, and troubleshooting.

What Is Logged

Every significant action is recorded:

• Authentication events -- logins, logouts, failed login attempts, SSO events
• Connection changes -- connections created, modified, deleted, tested
• Query activity -- queries executed, saved, deleted (the SQL is logged, not the results)
• Dashboard activity -- dashboards created, modified, shared, deleted
• Workflow activity -- workflows created, modified, executed, failed
• Team changes -- members invited, removed, roles changed
• Settings changes -- any configuration change by any user

Viewing Audit Logs

Navigate to Settings > Audit Logs. Logs are displayed in reverse chronological order with the following fields:

• Timestamp -- when the event occurred (in your timezone)
• Actor -- who performed the action (email and IP address)
• Action -- what was done (e.g., "query.executed", "connection.created")
• Resource -- what was affected (e.g., the query ID, dashboard name)
• Details -- additional context specific to the action

Searching and Filtering

Filter logs by:

• Date range
• Actor (specific user)
• Action type
• Resource type

The search bar supports free-text search across all fields.

Exporting Logs

Click Export to download logs as CSV or JSON. Exports respect your current filters, so you can export specific date ranges or action types.

Log Forwarding (Enterprise)

Forward audit logs in real-time to your SIEM or log management system:

• Splunk -- HTTP Event Collector integration
• Datadog -- Log forwarding via API
• AWS CloudWatch -- direct integration
• Custom webhook -- send logs as JSON to any endpoint

Retention

Audit logs are retained for 1 year on Pro plans and 3 years on Enterprise plans. Extended retention is available on request.