Hightouch offers audit logs so workspace admins can see what actions users took in-app and when. For example, suppose someone notices that a sync has sent incorrect data to a destination. A workspace admin can use audit logs to review changes made to the sync before the incorrect data appeared. The admin can correct the issue, and—if necessary—implement controls to avoid future incidents.
View audit logs
Workspace admins and those with the appropriate access can view logs by going to the Audit log tab on the Settings page. The logs consist of a table of actions beginning with the most recent. Each row represents one action.
Each action includes:
- The Date and time, in the viewer's timezone, the action took place
- The Action name, for example, "Sync updated"
- The User who performed the action
- The Resource type of the resource the action was performed on
- The Resource name of the resource the action was performed on
Clicking on an action displays the action's full details in JSON format in the right panel. Added lines are highlighted in green, while removed lines are highlighted in red.
Filter audit logs
You can filter logs by:
- the user who performed the action
- the resource type the action was performed on
- the resource name the action was performed on
- a range of dates
You can select multiple users and resource types to filter by simultaneously.
FAQ
Who can view audit logs?
Anyone with read-access to the workspace resource can view audit logs.
Out-of-the-box roles with these permissions include Admins, Destination Admins, and Source Admins. If you want to create a custom role with the ability to view audit logs, it should include this policy:
{
"effect": "allow",
"actions": "read",
"resource": [
"workspace"
]
}
How far back do audit logs go?
Audit logs track up to 90 days of activity.
What do audit logs include?
Audit logs track user-driven activity vs. programmatic changes. They work by taking a JSON snapshot of the changed resource for every user-driven change. Hightouch uses these snapshots for a before and after comparison for any changes.
A snapshot may include programmatic fields such as last_run_at, but Hightouch doesn't append a new audit log every time a field like last_run_at is updated since sync runs can be configured to run at regular intervals.
The exception to this is activity driven by Git Sync. For example, if a user changes a configuration via Git Sync, Hightouch treats that as a user-driven change, and it appears in the audit logs.
For a complete list of tracked actions, see the following list.
Resource types and tracked actions
Audit logs show creation, update, and deletion type actions for the following resource types:
| Resource type | Tracked actions |
|---|---|
| Alert | Creations, updates, or deletions of alerts you configure to inform you of syncing issues |
| API key | Creations and deletions of API keys Note: Audit logs don't include API Key usage |
| Approval request | Actions taken during approval flows, including sending a request to review a draft or approving a draft |
| Audience | Creations, updates, or deletions of audience configurations |
| Audience schema | Creations, updates, or deletions of parent models, relationships, and event models |
| Cloud credential | Creations, updates, or deletions of cloud credentials, including changing your external storage configuration |
| Draft | Creations, updates, or deletions of drafts used in approval flows |
| Git credential | Creations, updates, or deletions of Git credentials used for Git Sync |
| Git Sync configuration | Creations, updates, or deletions of Git Sync configurations; for example, changing your tracked Git branch |
| Invite | Creations and deletions of workspace invitations |
| Membership | Creations, updates, or deletions of workspace members, including changing a user's role |
| Membership request | Creations and deletions of workspace membership requests |
| Model | Creations, updates, or deletions of general model configurations, including updating the model query or primary key |
| Model column | Creations, updates, or deletions of model columns |
| Model preview | Actions taken while previewing a model, including a user clicking “Preview” while editing a model or running a SQL query against a source during model setup |
| Model trait definition | Creations, updates, or deletions of audience traits |
| Role | Creations, updates, or deletions of custom roles |
| Session | User sign-ins and sign-outs |
| Source | Creations, updates, or deletions of source configurations, including updating credentials or adding labels |
| Sync | Creations, updates, or deletions of sync configurations, including adding labels, scheduling, and turning a sync on or off |
| Sync run | Actions taken while viewing a sync; for example, a user clicking “Run” Note: Audit logs don't include scheduled sync runs nor API-triggered sync runs |