The audit log shows various changes in your Zendesk since the account was created. It saves a record of these changes indefinitely, and you can view the entire change history. You can view the audit log in Admin Center, or via the Support API
This article contains the following sections:
About audit log changes
The audit log shows changes to account information and settings, users, apps, web widget, business rules, tickets, and organizations. For each entry in the audit log, the following information is included:
| Column | Description |
|---|---|
| Time | Time and date the event occurred. |
| Actor | User who caused the event |
| IP address | IP address of the user who caused the event |
| Item | Object changed by the actor |
| Type | Type of action for the event (Created, Updated, Deleted, Exported, or Sign in) |
| Activity | Details about the event |
In the Zendesk API and Zendesk Support, audit log timestamps appear in Coordinated Universal Time (UTC). In Admin Center, audit log timestamps are shown in your account's time zone. See Setting your account's time. If you are unsure of what time audit log is using, hover your mouse pointer over the information icon in the Time column heading.
Viewing the audit log in Admin Center
From the Audit Log page in Admin Center, you can view the audit log as a whole, sort the log by time, filter the list, or export a copy of the log.
- In Admin Center, click the Account icon (
) in the sidebar, then select Audit log > Audit log.
Filtering the audit log
The audit log can be filtered by data, actor, or type.
To filter the audit log
- In Admin Center, click the Account icon () in the sidebar, then select Audit log > Audit log.
- Click the Time column to sort the entries by date.
- To filter the entries, click Filter, and then add your filter criteria. Click Start date and End date to set a date range, enter a name in the Actor field to filter by the people or system responsible for the activities, or select one or more Type of activity.
By default, the filter date range is set to the last 12 weeks.
- Click Apply filters.
Exporting the audit log
When necessary, you can export a CSV formatted copy of the audit log. If you filter the list before starting the export, the CSV file is also filtered this way. The exported copy is emailed to your primary Zendesk email address.
To export a copy of the audit log
- In Admin Center, click the Account icon () in the sidebar, then select Audit log > Audit log.
- Filter the audit log as needed.
- Click Email CSV.
51 Comments
HeyO Craig VanDeVenter
For your question "are the logs available to a custom API" - the API for Audit Logs are documented here: https://developer.zendesk.com/api-reference/ticketing/account-configuration/audit_logs/
I'm not sure if this answers your question, but if Looker can pull logs down from our REST API to ingest, hopefully that'll suffice.
Dwight Bussman this is great! Thank you for this!
Happy to help! :)
The audit log accessible from Support allows you to open the information/action changed in a new tab. For users it can display all the times they logged in or changes made to their profile. This is also great if you know what changed but not sure when since you can edit the new tab's url and plug in your desired option.
The audit log accessible from the Admin center does not allow you to open any of them in a new tab/window. So you're stuck digging through until you find what you're looking for and all the changes for one person/rule aren't accessible together.
While date is a helpful filter, it should also include optionally a timestamp. I knew something occurred at 8am, but had to click through page after page to get from midnight to try to get to 8am.
It would be great turning on/off a ticket form would be part of the audit log.
Background:
Our Zendesk instance has been hit by a spam attack.
All spam tickets came in via Help Center using the same form.
Therefor we turned the form off for end users.
During the spam attack we involved Zendesk support and they asked us, when we turned off the ticket form, but we couldn't tell exactly, because this information is currently not part of the audit logs.
The new audit log interface in Admin center have some good ideas, but seems not finish.
Should be interesting to add a lot of other filter :
- filter per item
- date AND Hours
- on the previous one we were able to select a specific item and get its history, not possible anymore
Hey Josef,
Status change of a ticket form (active/inactive) is already in the audit log. I tested it real quick in my account and can confirm it's there.
Caroline Kello
Sorry - It seems I haven't been precise enough; I didn't mean activate/deactivate a ticket form - I was talking about the parameter "Editable for end users":
Oh gotcha, thanks for clarifying. You're right - we currently don't have that captured. I'll add a task for it on our backlog.
Did this functionality get removed:
In the previous audit log, I could click on the activity and view a log of who made changes and what changes were made. Did that go away?
I find this helpful when training new agents on macros. I'm able to see who first created the macro and what was updated and who updated it so that I can see a timeline of events and adjust my training as needed. Equally, it shows me if someone changed something without "permission".
It would be good if you could search for what has been changed e.g. the new email address added
Andrea Rodriguez (CD Baby) I saw this functionality go missing as well and used it. Prior to the change I saved link templates and they still work if you edit them for your new needs. The name part can be different such as user, sla%2Fpolicy, or role_settings, but the following should give you what you're looking for.
[your subdomain].zendesk.com/settings/account/audits?filter%5Bsource_id%5D=[ID of the thing you're looking into]&filter%5Bsource_type%5D=[Zendesk name of the thing you're looking into]
Ex: mysubdomain.zendesk.com/settings/account/audits?filter%5Bsource_id%5D=1234567890&filter%5Bsource_type%5D=rule
Hi Monica, yes! That is really helpful! I think I'll be able to navigate what I need now, thanks so much!
Related unrelated, does anyone know why when a new user is created, it applies that name to me and the other Admins? What is blacked out is completely unrelated to me.
Are Changes of Service Level Agreements (SLA) *not* in the Audit Log?
Why so?
We need to track down a suspicious change but ....
Regards
Oliver
Also I second the comment of Andrea Rodriguez (CD Baby)
The new "Admin Center" view of the audit log it very limited in functionality, as the only filter is "person" and "action" but not "type" and especially not "specified item" (source_id). This means you now have to switch to the API which is a pain in the ass to use if you're not a developer. Also the documentation is not very good. It's not listed "what types exist" etc, and many of the queries make the DB time out instead of bringing any result.
Please bring back the clickable audit log filters.
Thanks
Oliver
I would like to set up a report that gives me the total time my agents spent on the tickets and the time they start logging in the system for load balancing. Appreciate if you can point me to standard report or to someone who can help me create one.
At present there isn't a way to report on when agents log in or out. However there is some work going on in this area, starting with reporting on agent availability in Talk, that should eventually encompass this – see the discussion here: Zendesk Talk: Allow Reporting on Agent Availability
In the meantime, you can report on the time agents spend on tickets via the free Time Tracking app.
I'd like to add a comment to this too. It's imperative we're able to see a version history or track changes of ticket field changes, especially if you have more than one administrator -- if you click in the ticket field, at the top it even tells you when it was last modified but not "what" was modified or by whom. It seems pointless to tell me that a field was recently updated but not say what information was changed. Secondly, since automations and triggers can rely on tags, it's even more important to know of any changes that are made since it can break other configuration. And it's very hard to correct behavior regarding updates when you don't know who made them.
There's an ongoing effort to close the gap on events that are missing from the audit logs – see Caroline Kello's official comment in this thread, and please do upvote and add what you're wanting to see included: Audit Logs
Hi Dwight Bussman,
I would like to know if there is a limited number of logs we can see. For example, do we see audit logs the past XX days or the past 1000 changes?
Thanks in advance 🙏
heyO Ahra Jo
Similar to the Audit Logs API, the Audit Logs within Admin Center should be for the life of the account. As mentioned in the article above " It saves a record of these changes indefinitely," Some accounts predate the logging of certain features, so logs would not exist for changes until the ability to log that type of event had been added.
Please sign in to leave a comment.