Audit log - We want your feedback!

22 Comments

  • Chris Bulin
    Community Moderator

    Hi Caroline! Thank you for being at Community Day today.

    What kind of filtering do you want to see? We currently have Date and Actor filters; what's next in your priorities?

    • I would love to see Item added as a filter. For example, recently one of our ticket forms had a behavior change that we were trying to pinpoint, but had a large range (2 days) that we wanted to review. It would have been nice to filter it down to only ticket form changes to find all of them in one go.

    What wouldn't be great for you if we added; e.g. would you not want to "subscribe" to certain events? Why not? 

    • I would love to be able to filter out some of the noisier components (like agent logins) because most of the time I don't need that information, whereas environment changes are really important and I would want to be able to know when those happen. It would be amazing if there was a way to send notifications to Slack when there are changes to certain components (ticket forms, triggers, automations). It would make life a lot easier.

    What are you going to the Audit log to find?

    • Most of the time we are getting a report from a user of behavior change in the instance. If Events doesn't give us an answer and we have a defined timeframe, my next step would be to check the Audit log. Recent examples: Who created a group view? Why did an optional ticket field become required? What made the change to an agent's profile name?

    How far back are seeing yourself needing to have information stored?

    • I would say most of the time I don't need to go back more than a month tops. I think it would be nice to have an archive API that we could query for rare instances that we might need something older, but in the interface itself, 1 month would meet our needs.
    4
  • Stephen Belleau
    Community Moderator
    • What kind of filtering do you want to see? We currently have Date and Actor filters; what's next in your priorities?

    Item, Type, Activity.

    More specifically for "Item" it would be really cool if we could enter the ID of a record, whether that's a user/ticket/view/trigger...

    • What wouldn't be great for you if we added; e.g. would you not want to "subscribe" to certain events? Why not? 

    The user login events are nice to have, but IMO should live outside the audit log. It's too much noise and it's very rarely what we're looking for. I would prefer to see this data on the user's profile page.

    • What are you going to the Audit log to find?

    Usually it's when something was identified as being changed or removed unexpectedly, and we need to find out who so that we can chase down why. 

    • How far back are seeing yourself needing to have information stored?

    Usually it's within the past month, but we do occasionally need to look further back. On occasion I have had to look for something over a year ago.

    If the audit log UI showed a smaller range to improve performance that would be fine as long as we still could filter and/or export from older data.

    • If there are certain events that you're missing from the Audit log today and would like to have added, let us know that too.

    I am having a brain fart and can't think of it, but I recall being surprised that a certain event wasn't already included 😞I'll follow up if I remember. But in general, I would expect ALL admin configuration events to be included. Business rules, webhooks, Talk/Chat settings, etc.

    3
  • Sydney Neubauer

    What kind of filtering do you want to see? We currently have Date and Actor filters; what's next in your priorities?

    • Not just the ability to filter on items, we would like the ability to exclude variables too. For example, there are a lot of "log in" items in the audit log, we may want to remove all those to see an accurate list of actions in the audit log
    • Or even an option to filter by changes (user changes, trigger updates, deleted tickets etc vrs log in as nothing as changed in the instance

    What are you going to the Audit log to find?

    • Whenever something has been added, removed. The usual times we need to identify in the audit log is "group creation", "user deleted", "Admin changes", "view edits"

    How far back are seeing yourself needing to have information store

    • We have had it where there is a Group created many years ago that wasn't set up correctly so we need to see exactly when it was made so we can locate the affected tickets

    If there are certain events that you're missing from the Audit log today and would like to have added, let us know that too.

    • Please ensure all changes made by admins are recorded - triggers, groups, view changes, profile creations, Assumptions (admins as agents, agents as end-users, etc)

    I echo the points in the previous posts :)

    3
  • CJ

    - I would love to see the view changes and macro changes recorded in great detail like trigger history. 

    - I would love to filter the audit log by end-users and agents. It's *extremely* cluttered because we have an open zendesk and 90% of tickets are going to be a first time user, so every new emailer generates an audit log message about their creation. This is a lot of messages every day and makes using the Audit log in the browser impossible now. I have to download and filter those out, to be able to find anything. 

    - It would be cool to be able to set up notifications for changes to things like triggers and macros. This would allow for instant notification of changes, and be some extra security and peace of mind, especially if you need to grant access to a lot of people to be able to edit these things. 

    2
  • Angelique Paulus
    • Filter on type field that indicates if the action is related to login/create/update/destroy/Permanently destroy. Where a multiple select or exclude type would be possible. (That would also give the option to filter out the login lines.)
    • Extra column with information like type of element that gets updated and make sure that one can filter on that. 
      If you export the file to CSV (currently only option to filter out on "type" field) and filter that field for example on "Update" there is a lot of different type of information underneath. The column "Item changed" the one time is about an agent account, the other time about a setting change. As for changes on the agent account it indicates the name of the item that is changed (which is good information). However currently not possible to use another column to filter out if you only want to see any changes in Agent accounts. You will have to find the names of the individual agents one by one to filter it out.
    • Other example is that you might want to have an overview of all updates of any  organization card. Currently not possible to filter out on all updates of organization cards or even to filter on the specific name of the organization to see what has changed to that card. 
    • The "changes" column doesn't always have an indication of what changed. So it can be that there is a line of type = update, item changed = name of an agent, changes column = empty.  So we can see somebody changed something but we haven't got a clue what has changed. More structure in what is documented in this field and what in the item changed would make it easier to use filters and search what you are looking for
    • Could we get some flexibility on indicating which updates we would like to receive in the audit log. For instance there is no change log on a organization or person card, but certain  changes on these card appear to be ending up in the audit log, but not all or not the once that we would require (and sometimes that are customer user or organization fields we would need this for)
    • Agree with earlier mentioned request to be able to notify somebody via triggers on certain changes. So there is an option to check if it is an appropriate change
    2
  • Caroline Kello
    Zendesk Product Manager

    Hi everyone, 

    Just wanted to stop by and say that I'm super appreciative of you all taking the time to write down your feedback. Nica (Product Design) and I are reading through everything and will compile our summaries and thoughts here to make sure we're hearing the problems correctly and capturing your needs.

    Keep it coming! Thanks, Caroline

    1
  • Dan Ross
    Community Moderator

    Small request tangentially related to the audit log, I'm not sure if this is the right place. It would be super if the data stored in the audit log could be displayed on the objects themselves.

    For example, when I open a View, I see the last update Datetime, but not who did it, which means I need to make a trip to the audit log and filter to the date shown.



    If we displayed the audit log actor on the object itself, we could save the whole trip of having to go to the log. 

    5
  • takao
    • What are you going to the Audit log to find?

    I would like to find  the data exporting record.

    For example, when someone use this function, it would be recorded.
    https://support.zendesk.com/hc/ja/articles/4408886165402-JSON-CSV-XML%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E3%81%B8%E3%81%AE%E3%83%87%E3%83%BC%E3%82%BF%E3%81%AE%E3%82%A8%E3%82%AF%E3%82%B9%E3%83%9D%E3%83%BC%E3%83%88#topic_lnw_tfb_sfb

     

    2
  • Christopher Wooten

    To be able to see all changes made in the system. 

    To be able to filter by type action and or time. Not just time.

    2
  • Caroline Kello
    Zendesk Product Manager

    Hi everyone,

    Wanted to try and summarise some of the themes you've raised here and make sure we're on the same page. 

     

    Better filtering.

    100% agree on this. We've just released filtering by the Type column this week (which should also help in filtering our noisy events like sign ins), and are working towards giving the ability to filter by all of the columns in the audit log. 

    Missing events. 

    There's updates, deleted and creations for certain objects and settings that are still missing from the audit log and that you're expecting to find there. This is our no. 1 priority and we're diligently going through each section of Admin Center (now that everything lives there) and adding in events where there are none. On that topic: takao, the events that you're after for exports happening under Tools > Reports is actually in progress with the team 🎉

    Proactive notifications.

    Some events are more interesting than others, and changes to some has a bigger impact on your setup - so you want to be notified when they're changed. This is a really interesting use case that we've not dug into yet. Nica and I will continue to talk about this one and reach out to you who raised this for more discovery. 

    Customizations. 

    We should allow you to save your commonly used filters, or create completely custom view of only the events that you're interested in. This is something that's come up before and we're definitely interested in exploring. Our thought process has been that if we build better and more extensive filtering capabilities this might not be as big of a need, but let's keep talking about that. 

    In-situ audit logs.

    I'm trying to come up for a good definition for this but it's around displaying the record of audit events as you're viewing the object itself. If I'm looking at an Org; show me all the CRUDs that have happened to that Org. I'd like to have more discussions around this because some interesting thoughts pop up with this kind of feature, mostly I'm curious if the audit log itself as it is today would have any value in this kind of future state. 

     

    Thanks everyone for sharing your thoughts and weighing in. If there's a particular theme above that you're interested in talking about, leave a comment here and I'd love to chat to you more. Cheers!

    4
  • Chris Bulin
    Community Moderator

    In-situ audit logs.

    I'm trying to come up for a good definition for this but it's around displaying the record of audit events as you're viewing the object itself. If I'm looking at an Org; show me all the CRUDs that have happened to that Org. I'd like to have more discussions around this because some interesting thoughts pop up with this kind of feature, mostly I'm curious if the audit log itself as it is today would have any value in this kind of future state. 

    This does exist in some places and I am always grateful for that. For instance, the "revision history" link on triggers. These are extremely helpful to my team.

    2
  • Ed Dyer

    Hi Zendesk (mods and product managers and admins),

    Proactive notifications.

    Some events are more interesting than others, and changes to some has a bigger impact on your setup - so you want to be notified when they're changed. This is a really interesting use case that we've not dug into yet. Nica and I will continue to talk about this one and reach out to you who raised this for more discovery. 

    +1 on the above! In our instance we have a "who watches the watchers" mentality that requires proactive notifications when admins make certain changes (like privilege escalation) that would be more useful to be notified of proactively than having to audit a log for on a weekly basis.

    Thanks so much for listening!

    2
  • takao

    I am very happy to hear that my request is in progress!! thanks :)

    1
  • Daniel Cox

    Hi All,

    Is it not worth just having a simple search in the audit log for now - to search a name or sentence?

    Is the audit log not being checked for a specific event in most cases?

    For example, I found a set of emails that kept appearing in my suspended tickets - I tried adding the email address to the allow list, whatever else I could think of.

    ZD kept telling me that I could not recover these automatically, and when I tried manually - a message saying the the Requester was suspended.

    Then I realised what that actually meant - when I searched the email address under the people section, I found that that email address (end-user) was suspended. 

    I would have been the only person to suspend them, but I have no recollection of doing so, nor, could I understand why I would have.

    For me, this is about checking one's work - and this could in turn identify any bugs or issues, that might masquerade around as user errors.

    Is there an ETA on some of the changes that were mentioned above?

    Dan Cox.

    4
  • Collin Cunninghame

    The ability to see all changes to a particular item is critical for me. In the old experience, you could click on the view/trigger/user/whatever to see all the log entries that involve that item. It's disappointing that it's no longer possible to view that log when the new one does not share this essential feature.

    The new audit log is useless for answering questions like "looks like this thing changed -- when and why?" which has got to be the #1 reason you'd consult the audit log in the first place. I'm not going there to see every change a specific person made, or to go through literally hundreds of pages of "so-and-so successfully logged in" and "so-and-so's primary email was changed from not set to whatever@example.com."

    Seriously, those two types of entries account for 99% of my audit log, and it's at a volume where each page covers 5-15 minutes of time. It's not reasonable at all to go through the log a page at a time hoping to find the thing I'm looking for, especially since I usually don't even know a rough window of time to search for a particular change.

    As a bonus, the latter is considered an "update" type event, so the new type filtering would still be useless even if it worked -- right now adding a type filter at all (even an all-inclusive one that should presumably show everything) fails to return any items of that type. Looks like adding a date filter is mandatory, but again I usually don't know when some individual user had their name or group memberships modified.

     

    3
  • Ryan Boyer

    I agree with the feedback and comments about improving the Audit Log! My prinicipal feedback would be to enhance and increase the filtering options. In its current state, there is simply too much data to export to a CSV and try to search within Excel. Therefore, having more filters and search options within the Zendesk UI will make the Audit Log easier to use.

    1
  • Ruben Cortez

    Dump the audit logs into a dedicated Explore dataset and call it done.

    2
  • Nate Damschen

    I echo Collin's feedback. In the old experience, I could click into a View/Trigger/Item in the Audit log and quickly see the full history of that item. That was extremely useful, I'd often have the team ask me who created a new view or who may have made changes to an item. I could simply add and remove a condition like 'Does not have tag that doesn't exist' from a view to push it to the top of the log, and from there quickly see the full story behind that item. With recent updates, this is no longer possible.

    3
  • Sarah Strazzeri

    Chat Triggers & Settings to be incorporated into audit logs; including changes and adjustments to chat triggers not just enabled/disabled; or trigger creation.

    1
  • CJ

    Caroline Kello Unfortunately, filtering by "type" doesn't help with 99% of the searches I need to do, because the system classifies all those email address insertions as "updates", which is unfortunately the same thing I would need to filter on for pretty much every check I'm doing. At this point, I'm not able to download even a month of data without having to wait nearly an hour for the report and then Google Sheets frequently times out trying to load it, because of these entries, that are also incorrect about who even did the action. Are there any updates about filtering or changing what is being gathered?  

    1
  • CJ

    I'm no longer able to download a full month of data, because the resulting log is so large it crashes google sheets. This is 100% cause by the thousands and thousands of entries that are email address insertions, that are also *bad logs with incorrect information on the actor who did it*. This is a really bad problem that makes it impossible to filter the logs, even, to something reasonable. 

    0
  • Caroline Kello
    Zendesk Product Manager

    Just wanted to share that the announcement just went out for filtering the Audit log by what's in the Item column. Your engagement and feedback on this particular topic has been crucial and we're excited that this capability is now available for you. Let us know how it works for you. 

    0

Please sign in to leave a comment.

Powered by Zendesk