Recent searches


No recent searches

Overwhelmed by noise in audit log

Completed


Posted Feb 12, 2021

When I check the audit log, I am generally investigating the root cause of some problem. However, it's annoying to do this because my audit log is filled with records of every successful sign-in of hundreds of agents. I often find myself needing to generate audit log entries so that I can use the click-to-filter capability to find the events I'm actually looking for.

For example, if an agent is reporting some loss of access or functionality, I need to do something like add them to a group and immediately remove them so I can click on their name to see a filtered audit trail.

That's fine as a workaround I suppose, but the real issue is when I don't know when or where exactly a change has occurred. I need to click through multiple pages of "Successful sign-in by so-and-so" to see any important changes to views, triggers, users, etc.


7

6

6 comments

image avatar

Caroline Kello

Zendesk Product Manager

Hey Collin, 

The Audit log in Admin Center has the ability to let you filter by Actor (as well as date range), have you tried using that? We do have additional work planed to allow you to filter more easily by the different columns and allow you to find things more quickly and easily.

Cheers, Caroline

-1


Hi Caroline, I tend to need to filter by "item changed" more often than "actor," which is one place where the Support audit log beats the Admin Center audit log. The flood of noise generated from agents logging in is a problem in both, and is the one case so far where I'd prefer to exclude all entries of a specific, undesired type vs. the typical case when I want to include only entries of a certain, desired type.

I would be interested in a feature that lets me split up the audit log by a high-level type that lets me find the source of unclear problems more easily. For example, a "rule changes" category that shows me updates for triggers, automations, and views; a "user changes" category that shows changes in role or group membership; "ticket activity" that shows deletions, and so on.

One circumstance where this functionality would help is a nebulous report where a user says something like "by the way, my views seem messed up, I don't remember when it happened but I think I used to be able to see more stuff." I want to check for changes to their group memberships, so I have to filter the audit log so that the user is the "item changed." I also want to look for changes to views, but don't have enough information to investigate a specific view, and any one of a group of leads may have modified some settings for their group's view. So then I would have to make a guess at a date range when the issue appeared, and sift through hundreds of useless "successful sign-in" entries looking for any changes to views, or possibly even to triggers that make a certain ticket visible to a view...

What I'm ultimately saying is, I rarely come to the audit log looking for everything a certain actor has done recently, and I think I have looked for confirmation of a successful sign-in exactly once: to pinpoint the start of someone's login issues when they weren't available to tell me themselves. I would love to filter the audit log by "item changed" or the general category of the change I'm looking for.

6


I second this. This virtually makes the audit log unusable to us. We also need to search by what was changed (or the user that was changed) not by the actor. Most of the time we are wanting to find out who made the change to a specific user, and we don't know who the actor was. 

4


There is an article for all audit log feedback: https://support.zendesk.com/hc/en-us/community/posts/4410330961562-Audit-log-We-want-your-feedback-

Definitely agree that you should be able to search by user and not actor

2


This is really a problem for me because the sheer size of the log is enormous. These are incorrect and misleading entries anyways, so it's the opposite of helpful to have thousands of lines saying the system/random admins updated email addresses for users. This happens every time a new email sends in a ticket.  I can no longer download a month of data reliably, and investigating anything is painfully slow and difficult. 

0


image avatar

Caroline Kello

Zendesk Product Manager

Hey folks, here to share that we just announced filtering by the Item column in Audit log. It should be available on your accounts now. We expect this to help with the noise but recognize that more filtering and search capabilities are needed.

0


Post is closed for comments.

Didn't find what you're looking for?

New post