Export and Read Audit Logs

Download a log of all material events that have occurred in your GraphOS organization


This feature is only available with a GraphOS Enterprise plan. You can test it out by signing up for a free GraphOS trial. To compare GraphOS feature support across all plan types, see the pricing page.

Organizations with a GraphOS Enterprise plan can export and download an audit log of all material events that have occurred in the organization over a given timeframe.

The interface for requesting an export of auditable events is available under the Audit tab of your organization's homepage in GraphOS Studio:

GraphOS Studio audit log
note
Audit log data is available from July 2021 onward.

Creating an audit log export

note
Only Organization Admins can request audit exports.

When creating an audit log export, you specify a time range, along with optional filters to limit actions to a particular user or graph. The maximum time range that you can request audits for is 180 days, as defined by Apollo's retention policy.

note
If you need to export a log with more complex filters and against archives, please email support@apollographql.com.

Exports sometimes take a few minutes to process. When an export is ready, Studio emails you a link to its CSV file, and you can also find that link in the audit exports table. Audit export files are available to download for 30 days.

Note that it takes about 10 to 15 minutes before a performed action can appear in an exported audit log.

Reading an audit log

An exported audit log is a CSV file in which each row represents a material change to your Studio organization. Columns contain the following information:

ColumnDescription
TimestampThe time when the action occurred.
ActionThe type of action that occurred. Possible values are listed in Audited actions.
Resource_IDThe ID of the resource that was acted on.
Resource_TypeThe type of resource that was acted on. Possible values are listed in Resource types.
DetailsA JSON object containing details of the action that occurred. The fields of this object vary depending on the action.
Actor_IDThe Studio ID of the actor that performed the action.
Actor_TypeThe type of actor that performed the action. This is most commonly USER (an authenticated user) or GRAPH (a tool such as the Rover CLI using a graph API key).
Effective_RoleThe organizational role of the actor that performed the action, indicating its corresponding permissions.
Actor_EmailThe actor's email address, if the actor is a USER.
Actor_NameThe actor's name, if the actor is a USER.
Graph_IDThe ID of the Studio graph that the action pertains to, if any.

Resource types

An audit log's Resource_Type column indicates what type of resource each action was performed on. Possible values are listed below.

Resource typeDescription
ACCOUNTA Studio organization.
USERA Studio user.
GRAPHA Studio graph.
GRAPH_VARIANTA graph variant.
GRAPH_API_KEYA graph API key.
USER_API_KEYA user API key.
ZENDESK_TICKETAn Apollo support ticket.
AUDIT_JOBThe generation of an audit log export.
EMAIL_SETTINGSA user's marketing email settings.
ACCOUNT_INVITATIONAn invitation for a user to join an organization.

Audited actions

The Action column of an audit log indicates the type of each action that was performed. Possible values are listed below.

note
If your audit log includes an action type that is not listed below and you have questions about it, please contact support@apollographql.com.

Generic actions

These actions are applied to a variety of resource types, including graphs, variants, and API keys.

Action typeDescription
CREATECreates a resource of the corresponding resource type.
UPDATEModifies an existing resource of the corresponding resource type.
SOFT_DELETEDeletes a resource of the corresponding resource type, but the resource is still recoverable if necessary.
UNDO_SOFT_DELETERecovers a resource from a previous SOFT_DELETE.
DELETEPermanently deletes a resource of the corresponding resource type.
CONFIG_CHANGEModifies a resource's configuration, such as changing a variant's endpoint URL. Many different configuration changes use this action type.
API_KEYCreates, renames, or deletes an API key. This action type is deprecated in favor of CREATE, UPDATE, and DELETE, but it still appears alongside those action types in audit logs.

Federated graphs

Action typeDescription
IMPLEMENTING_SERVICE_UPSERTAdds a new subgraph to a federated graph.
IMPLEMENTING_SERVICE_REMOVERemoves a subgraph from a federated graph.

Organization members

Action typeDescription
JOIN_ACCOUNTAdds a user to an organization.
LEAVE_ACCOUNTRemoves a user from an organization.
CHANGE_ROLEChanges a user's organizational role.
OVERRIDE_GRAPH_ROLEOverrides a user's role for a single graph.

Studio features

Action typeDescription
IGNORE_OPERATION_IN_CHECKSIgnores a particular GraphQL operation when running schema checks.
MARK_CHANGES_SAFE_FOR_OPERATIONMarks a particular set of changes as safe when running schema checks.
TOGGLE_DATADOGEnables or disables Datadog metrics forwarding.

GraphOS plan

Action typeDescription
CURRENT_BILLING_SUBSCRIPTION_CHANGEChanges an organization's active Studio plan.
BILLING_PERIOD_CHANGEChanges a Studio plan's billing period.
CANCEL_STUDIO_SUBSCRIPTIONCancels a Studio plan (the plan remains active through the current billing period, after which the TERMINATE_STUDIO_SUBSCRIPTION action occurs).
TERMINATE_STUDIO_SUBSCRIPTIONTerminates an organization's canceled plan at the end of the current billing period.
REACTIVATE_STUDIO_SUBSCRIPTIONReactivates a previously canceled Studio plan.
Feedback

Forums