Accessing Enterprise audit logs in Airtable

Prev Next

Plan availability

Enterprise Scale plan only

Permissions

Admin

Platform(s)

Web/Browser, Mac app, and Windows app

Related reading

Airtable Enterprise audit logs allow admins to monitor activity within their organizations. Audit logs are accessible through your reports' page in admin panel or programmatically through Airtable's API.

Learn how to review, generate, and download your organization's audit log.

Accessing audit logs in the admin panel

  1. Visit your admin panel.

  2. Click Reports.

  3. Scroll to the “Audit log” tile.

Generating audit logs in the admin panel

Note

Generating reports can take up to 10 minutes. Once your report is available, you'll receive an email confirmation. 

  1. After accessing your organization’s audit logs, you’ll perform a search based on certain filter options.

  2. Below the “Date” field, click the dropdown to configure a date range.

    1. There are four preconfigured lookback periods or you can click Custom date range… to enter a specific “Start date” and “End date.”

  3. Next, you can optionally filter the audit log search to only return “Events with a specific user.” Click the dropdown menu and begin typing the name of a user. Click on the name of the user you want to filter by in the search results.

  4. Next, you can optionally configure a specific “Event category” and/or “Object ID” filter. Click > More search options to reveal these options:

    1. Event category - Maps to category in API requests.

    2. Object ID - An object can be a base, user, workspace, invite, and more. Maps to modelID in audit log events API. Learn more about finding Airtable IDs within the product (without API) here.

  5. After you have added the filters you would like, click Search.

    1. A new page will load, showing all the events matching your query parameters.

    2. You can change your query parameters and/or add additional filters in the returned events using the dropdowns and fields on the page.

    3. You are limited to 10,000 events via the admin panel interface. If you need to download more, add more filters to your data, or consider using the audit log API.

    4. You can click on any event's row to open a more detailed view of the event.

Downloading audit logs in the admin panel

  1. Once your report is available, click the CSV button .

  2. Open the CSV in your preferred application.

Generating a share link audit log from the admin panel

  1. Visit your admin panel.

  2. Click Reports.

  3. Scroll to the “Audit log” tile.

  4. Below the “Date” field, click the dropdown to configure a date range.

    1. There are four preconfigured lookback periods or you can click Custom date range… to enter a specific “Start date” and “End date.”

  5. Next, you will click the dropdown below “Event category” and click Share.

  6. Click Search.

    1. A new page will load, showing all the events matching your query parameters.

    2. You can change your query parameters and/or add additional filters in the returned events using the dropdowns and fields on the page.

    3. You are limited to 10,000 events via the admin panel interface. If you need to download more, add more filters to your data, or consider using the audit log API.

    4. You can click on any event's row to open a more detailed view of the event.

  7. Once you’ve adjusted any search parameters or filters, you can export the search results as a CSV. Click the CSV button .

  8. Open the CSV in your preferred application.

Audit log CSV data

  • ID: A unique identifier for the audit log entry. This helps distinguish each record within the log.

  • Timestamp: The exact date and time when the action was logged or performed.

  • Action: The type of action that was performed, such as "created", "updated", or "deleted". It describes what occurred during the event. See Audit log event types for more information.

  • Payload version: Refers to the version of the data structure or format used in the log entry. This helps track changes or updates to the structure of the logged information over time.

  • Model ID: A unique identifier for the object or entity that was affected by the action (such as a record or table in Airtable). See Finding Airtable IDs for more information.

  • Model type: The type of object or entity that the action was performed on, such as "record", "table", or "workspace". This describes the Model ID.

  • IP address: The IP address from which the action originated, identifying the network location of the user who performed the action.

  • User agent: A string that provides information about the browser, operating system, or software used by the user when the action was performed.

  • Action ID: A unique identifier for the specific action, useful for tracking and referencing particular events.

  • Workspace ID: The unique identifier for the workspace in which the action occurred.

  • Base ID: The unique identifier for the base where the action was taken.

  • Interface ID: The unique identifier for the interface where the action was taken.

  • User ID: The unique identifier for the user who performed the action.

  • User email: The email address of the user who performed the action, providing a way to identify them personally.

  • User full name: The full name of the user who performed the action.

  • Payload: The detailed data associated with the action. This may include changes made, records affected, or additional metadata related to the action.

Accessing and generating audit logs via Airtable's API

Check out our Audit log integration guide to learn more about using Airtable's API to access and generate audit logs.

FAQs

What format are the event logs in and can they be customized?

Event logs are in a CSV format when downloaded from the Admin Panel and returned in JSON format when retrieved via the API.

Can I filter the event logs to only show specific types of events?

Yes, filter events by modelID and date in the Admin Panel, or use parameters like originatingUserId and eventType with the API.

What's the best way to limit a query range?

To limit a query to a particular time range, you can supply startTime and/or endTime. These should be supplied in ISO 8601 format, e.g. 2023-01-20T15:58:30Z.

Is there a limit to the amount of event logs that can be streamed and stored?

The API has standard Web API rate limits with 1000 events per response and pagination for more results.

How often are the event logs updated in the stream?

Events are updated in near real-time, with a delay of a few minutes at most.

What is Airtable's retention period for audit log events?

Audit log events are stored and searchable for 180 days.