Audit log of material GraphOS events
Download a log of all material events that have occured in your organization
This feature is available only with an Enterprise plan.
If your organization doesn't currently have an Enterprise plan, you can test out this functionality by signing up for a free Enterprise trial.
Organizations with a GraphOS Enterprise plan can export and download an audit log of all material events that have occurred in the organization over a given timeframe.
The interface for requesting an export of auditable events is available under the Audit tab of your organization's homepage in Apollo Studio:
Audit log data is available from July 2021 onward.
Creating an audit log export
Only Organization Admins can request audit exports.
When creating an audit log export, you specify a time range, along with optional filters to limit actions to a particular user or graph. The maximum time range that you can request audits for is 180 days, as definied by our retention policy.
If you need to export a log with more complex filters and against archives, please email firstname.lastname@example.org.
Exports sometimes take a few minutes to process. When an export is ready, Studio emails you a link to its CSV file, and you can also find that link in the audit exports table. Audit export files are available to download for 30 days.
Note that it takes about 10 to 15 minutes before a performed action can appear in an exported audit log.
Reading an audit log
An exported audit log is a CSV file in which each row represents a material change to your Studio organization. Columns contain the following information:
|Timestamp||The time when the action occurred.|
|Action||The type of action that occurred. Possible values are listed in Audited actions.|
|Resource_ID||The ID of the resource that was acted on.|
|Resource_Type||The type of resource that was acted on. Possible values are listed in Resource types.|
|Details||A JSON object containing details of the action that occurred. The fields of this object vary depending on the action.|
|Actor_ID||The Studio ID of the actor that performed the action.|
|Actor_Type||The type of actor that performed the action. This is most commonly |
|Effective_Role||The organizational role of the actor that performed the action, indicating its corresponding permissions.|
|Actor_Email||The actor's email address, if the actor is a |
|Actor_Name||The actor's name, if the actor is a |
|Graph_ID||The ID of the Studio graph that the action pertains to, if any.|
An audit log's Resource_Type column indicates what type of resource each action was performed on. Possible values are listed below.
|A Studio organization.|
|A Studio user.|
|A Studio [graph]./graphs/overview/).|
|A graph variant.|
|A graph API key.|
|A user API key.|
|An Apollo support ticket.|
|The generation of an audit log export.|
|A user's marketing email settings.|
|An invitation for a user to join an organization.|
The Action column of an audit log indicates the type of each action that was performed. Possible values are listed below.
If your audit log includes an action type that is not listed below and you have questions about it, please contact email@example.com.
These actions are applied to a variety of resource types, including graphs, variants, and API keys.
|Creates a resource of the corresponding resource type.|
|Modifies an existing resource of the corresponding resource type.|
|Deletes a resource of the corresponding resource type, but the resource is still recoverable if necessary.|
|Recovers a resource from a previous |
|Permanently deletes a resource of the corresponding resource type.|
|Modifies a resource's configuration, such as changing a variant's endpoint URL. Many different configuration changes use this action type.|
|Creates, renames, or deletes an API key. This action type is deprecated in favor of |
|Adds a new subgraph to a federated graph.|
|Removes a subgraph from a federated graph.|
|Adds a user to an organization.|
|Removes a user from an organization.|
|Changes a user's organizational role.|
|Overrides a user's role for a single graph.|
|Ignores a particular GraphQL operation when running schema checks.|
|Marks a particular set of changes as safe when running schema checks.|
|Enables or disables Datadog metrics forwarding.|
|Changes an organization's active Studio plan.|
|Changes a Studio plan's billing period.|
|Cancels a Studio plan (the plan remains active through the current billing period, after which the |
|Terminates an organization's canceled plan at the end of the current billing period.|
|Reactivates a previously canceled Studio plan.|