Please update the content of the audit log available for enterprise customers to include details on the creation, modification, deletion, and enable/disable for targets in ZenDesk. Also add my voice to those asking that the audit logs be made available in real-time in machine-readable form, using webhooks for example.
Hey folks, thanks for continuing to keep this thread alive and adding your feedback and events that you'd like to see in the Audit log - it's been tremendously valuable. We now have a team dedicated to working on Audit log so we're ready to make some great progress on this feature 🎉 There are two themes we're working towards:
- The data in the Audit log needs to be easy to find. This means better filtering capabilities and allowing you to find the event you're looking for faster.
- The data needs to be there to find. This means closing the gaps on events we know, and you know, are missing and need to be added (focusing initially on Support). We're partnering with several teams to get those events in, currently working on User profile updates and Organisation updates which we're targeting in the next few months.
Then there's the bigger project of moving onto the other products and make sure the Audit log captures all create, update and delete events in your account.
Appreciate all your feedback on this topic.
I would also like to see changes to groups in the audit log! (or basically any change you can do to Zendesk settings (i.e. not tickets).
Yes please. It would be great to see more logging, like activation/deactivation/changes of organisation fields, user fields, ticket fields and so.
Searching in the audit log would be impressive, right now it's a giant hot mess that can't be meaningfully sorted. We have over 200k end users and over 130 agents - being able to audit and investigate issues as they come up would be a huge time saver.
EDIT: Did some math. We currently have 1940 pages of audit logs after being live for about 2 months. There's about 100 records displayed per page. That's almost 200k audit records. Why do we need a developer to be able to do a basic search through this data?!
With the changes to the audit log now showing succesfull log ins, this causes the audit to be overloaded with agent log-ins especially when we have over 800!
Is there any plans on making the audit more searchable so you can filter for the type of change that was made?
yes yes yes
audit log is useful to some degree but does not include some crucial info.
we would like it to include literally everything you can't find in "show all events" in a ticket.
And the ability to export it.
An easy audit GUI with more filtering and data is essential for larger enterprise clients.
As others have mentioned these are big points
More types of data
- All standard/custom organization fields for sure, user and ticket would be a nice to have
Zendesk settings changes
- Groups, roles, security settings, etc.... as our admin team grows this is becoming more important
- Being able to choose a specific users, organizations, agents, change types etc would all be great.
Can we also have the ability to see end user profile changes in the audit log, specifically email address changes, which I believe is excluded? If the downside to that is too much data is displayed could we have a filter to remove them if necessary?
As changes to end user profile can affect customers, it would be really useful too see changes made to their accounts.
Even an option to pull a full extract from the audit log page or even in the Reports section of Support would be a super helpful start.
While having to pull this from an API and parse the JSON is an option when troubleshooting as an admin, these are extra steps that an auditor may not like to see if any sort of investigation is underway. This is becoming more and more important as we need to ensure we are in compliance, both federally and that of our internal teams.
Additional items within the audit log would decrease our effort in hunting down the information:
- When Groups were created (if they were made incorrectly, we can see how long the impact was happening)
- The ability to filter out logins (logins consume pages of data and does not prove useful for our team)
- Additional filter options as we specifically need to look for actions happening but sometimes do not know the time frame or who performed the action
Agree with Abdul & Heather above, we need to know when user records are manually modified by agents. We had to grant permission to a user group to edit user/org for one very specific scenario. Unfortunately, your edit permission is for ALL fields on user/org and agents mis-use it and manually modify email addresses which they should not do.
It's quite noisy, you're right. Search/filter/sort is the next piece of functionality we want to introduce so it's at the top of the list.
Would love to hear what kind would be useful to you if you're open to sharing!
Thanks for acknowledging how noisy this is. Since this was enabled, each day has about 4 pages of audit log entries just for sign ins alone. it's taken an already bad experience to worse.
Glad to hear this is finally getting looked at, thank you!
For us, at a minimum, we need to be able to search/filter (inclusively and exclusively) by
- Event Date/Time (exact match, or range)
- Actor (searchable dropdown like we have in tickets, perhaps?)
- IP Address (text field)
- Type (Created, Updated, Audit, Apps)
- Item Changed (Ex: New Organization, Macro Created, Macro Updated)
- Item Changes (this one could be tricky but being able to search for any changes made to any macros using FIELD X would be great at scoping out how some changes were made.
- Ability to jump to a specific page number (even if just by query parameter in the URL
Thanks for considering!
We would like to have much more useful data displayed in the audit logs, such as when any change is made to a user or an organisation.
It is vital for us as a responsible business holding customer information that we have a duty of care to ensure the data is accurate and if a change is made we are able to see when and what was changed and by whom - this is more important to me than seeing when someone has logged in or changed their password, which fills the audit log at present.
I agree. There should be a native option to work with the data. Even a simple search or export to .csv would be better than what we have now.
Yes to all of this!
Building out the audit log to include User / Organization changes and to be searchable would help tremendously. Not only would it help us, but it would also help your team troubleshoot issues. Win, win!
Dan, have you checked out the new location of audit log in Admin Center? It will give you the date range filter and export to csv.
Thanks for the clarification on "search/filter (inclusively and exclusively)". That was something I had on my list to validate. I'll take a look at "Ability to jump to a specific page number (even if just by query parameter in the URL" that might be something we can look at separately.
@... I agree that the audit log is not useful now that successful logins are listed. Date range isn't a helpful filter for me - most of the time I'm looking to see who changed a particular record so I can talk to them about it - I have no idea the date the change was made. Now there are pages of successful log in lines so I can't even reasonably do a browser search on a few pages to find what I'm looking for.
A search on the key words in the items changed field would be very helpful. Or a search on the user role (including custom roles) could also be helpful - I'm mostly looking for activity that only an admin or someone with extra security could do. So that activity would narrow down my search.
I would like to also request audits of changes to the end user profile. This is key customer information and we should be able to audit which agent or user added/changed/removed the information and when.
We would like to see more end-user updates especially to user profile name as this would be useful to understand if it was customer error or an agent has changed - with data breaches top priority it helps understand where the change was made.
same! please add this feature asap. It allows for complete transparency and the ability to hold individuals accountable.
We've two themes going for the audit log work in 2021: a) we want data to be easier to find which includes work like better filtering capabilities, and b) we want data to be there to find, which means we're looking to close the gaps on some audit events that we know are missing focusing on Support settings to start with. Looking forward to being able to share those updates as work progresses and will make sure to update this thread.
Hi :waves: I was advised by Dave to add my request to this thread:
It's imperative we're able to see a version history or track changes of ticket fields, especially if you have more than one administrator -- if you click in the ticket field, at the top it even tells you when it was last modified but not "what" was modified or by whom. It seems pointless to indicate a field was recently updated but not say what information was changed. Secondly, since automations and triggers can rely on tags, it's even more important to know of any changes made since it can break other configurations. It would also be very hard to correct any offending behavior regarding updates when you don't know who made them. Thanks!
@Caroline Kello -- any chance of logging Emails sent to Users in the Audit Log? Many vendor platforms offer this now. Great for troubleshooting end-user support requests. Thank you for considering.
Need a tool with information to help the administrator troubleshoot the system.
We have 3 system admins and sometimes I do not know why certain things happen and need to look for which admin do what at when.
Currently audit log is useless. It does not capture who create a group, who make changes to a user field, who did what and when. And no searching or filtering capability make it hard for us to get the information faster.
+1 for the ability to export without an API
I'd like to highlight the need to include user-level mergers in the audit
+1 for auditing all admin changes, including fields, forms, groups. And to be able to export results.
Hi, are there any logs for changes in Guide/HC?
Also, any plans to have any kind of auditable data for Chat? And/or usage data like for triggers, e.g. by accessing https://example.zendesk.com/api/v2/triggers.json?include=usage_30d
Por favor, entrar para comentar.