Question

How can I find changes to specific users with the audit log?

Answer

On Enterprise plans, you can see changes to specific users in your audit log. Audit logs serve as a powerful troubleshooting tool, allowing you to track changes made to a specific user and the exact times these changes occurred. By utilizing audit logs, you can effectively monitor user activity and identify any modifications that may impact performance or security.

To find changes related to a specific user, open the audit log and use the following settings in the audit log filter. See Filtering the audit log for details. 

  • Activity type = Updated
  • Item > Type = Customer for end-user role or Team member for agent or admin roles
  • Item > Names = The name of the user 

Audit logs are also available from the API. You can use the API request to retrieve audit logs. For example the following API request: https://yoursubdomain.zendesk.com/api/v2/audit_logs?filter[source_type]=user&filter[source_id]=379921250014

The API request returns JSON results with details such as the following:

  • Source type
  • Source ID
  • Action performed
  • Timestamp of the action
  • User who performed the action

Screenshot 2024-12-23 at 3.52.48 PM.png

For more information, see the article: Using audit logs to track activity.

Note: Some user changes such as suspension have a unique Type value and will not be returned by the above methods. User suspension events will have a Type value of User Setting but the ID is no longer the user's ID.
Powered by Zendesk