> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gurubase.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Logs

> Track and monitor all actions performed on Gurubase with detailed audit logging

## Overview

Gurubase provides comprehensive audit logging to track all actions performed within the platform. This feature helps you monitor user activities, troubleshoot issues, and maintain security compliance by recording detailed information about every operation.

## What Audit Logs Store

Audit logs capture comprehensive information about all platform activities, including:

* **User Actions**: All actions performed by users (identified by email)
* **System Actions**: Automated operations triggered in the background
* **Timestamps**: Exact date and time of each action
* **IP Addresses**: Source location of actions
* **Action Types**: The specific operation performed
* **Objects Affected**: What resources were modified
* **Field Changes**: Before and after values for updates

## Accessing Audit Logs

Audit logs can be accessed in two ways:

### Per-Guru Audit Logs

All maintainers can view audit logs for a specific guru:

1. Navigate to the **Audit Logs** section in the guru sidebar
2. View the activity log table scoped to that guru
3. Use filtering options to narrow down results
4. Click on "Details" for individual entries to view detailed information

<Frame>
  <img src="https://mintcdn.com/gurubase/PMnPe4PheUTq6epp/images/guides/audit-logs/audit-logs.png?fit=max&auto=format&n=PMnPe4PheUTq6epp&q=85&s=3adac4bcdf2c45a6b5e8ff0106345a03" alt="Audit Logs Interface" width="3002" height="1570" data-path="images/guides/audit-logs/audit-logs.png" />
</Frame>

### Global Audit Logs (Self-hosted)

Super admins in self-hosted deployments can access a global audit log view from the **Settings** page. This view shows logs across all gurus, including actions that are not tied to any specific guru (such as login events and user management).

## Filtering Options

Filters are selected from dropdown menus and require clicking the **Apply** button to take effect. Use the **Reset** button to clear all active filters.

### Filter by Guru (Global View Only)

* Filter logs by one or more specific gurus
* Select **No guru** to see actions not associated with any guru (e.g., login events, user management)

### Filter by Model

* Filter by the entity type that was affected (e.g., DataSource, APIKey, GuruType, Integration)
* Useful for focusing on changes to a specific type of resource

### Filter by User

* Filter logs by specific users using their email addresses
* View actions performed by individual team members
* Track user-specific activity patterns

### Filter by Action Type

* Filter by the four main action types:
  * **Access** - Viewing or accessing resources
  * **Created** - Creating new resources
  * **Deleted** - Removing resources
  * **Updated** - Modifying existing resources

## Export

Audit logs can be exported in three formats: **CSV**, **Excel (XLSX)**, and **JSON**.

* The exported file includes all columns visible in the table plus the detailed changes data (the same information shown when clicking the "Details" eye icon)
* The filename reflects the currently applied filters (e.g., `audit_logs_users-2_actions-1_1711792800.xlsx`)
* Export is available in both the per-guru and global audit log views
* Active filters are applied to the export, so only the filtered data is included

## Guru-Independent Actions (Self-hosted)

Some actions are not tied to any specific guru. These are all self-hosted-only features and only appear in the **global audit log** on the Settings page, or when selecting the **No guru** option in the guru filter:

* **LOGIN\_SUCCESS** - Successful user login
* **LOGIN\_FAILED** - Failed login attempt
* **REGISTER** - New user registration
* **PASSWORD\_CHANGED** - User password change
* **USER\_CREATED** - New user account created by admin
* **USER\_DELETED** - User account deleted by admin
* **EXPORT\_AUDIT\_LOGS** - Audit log export from the global view (when no guru context)

These actions will never appear in the per-guru audit log page since they have no guru association.

## Recorded Operation Types

Gurubase tracks a comprehensive range of operations across the platform:

### Guru Management

* **UPDATE\_GURU** - Modifications to Guru settings and configuration

### Analytics and Reporting

* **EXPORT\_ANALYTICS** - Exporting analytics data and reports
* **EXPORT\_AUDIT\_LOGS** - Exporting audit log data

### Data Source Operations

* **ADD\_DATASOURCE** - Adding new data sources to Gurus
* **DELETE\_DATASOURCE** - Removing data sources
* **REINDEX\_DATASOURCE** - Reindexing existing data sources

### Integration Management

* **CREATE\_INTEGRATION** - Setting up new platform integrations
* **DELETE\_INTEGRATION** - Removing integrations
* **EDIT\_INTEGRATION** - Modifying integration settings (channels, etc.)

### Backfill Job Operations

* **CREATE\_BACKFILL\_JOB** - Creating automated data sync jobs
* **DELETE\_BACKFILL\_JOB** - Removing backfill jobs
* **UPDATE\_BACKFILL\_JOB** - Modifying backfill job settings
* **REINDEX\_BACKFILL\_JOB** - Triggering backfill job reindexing

### Widget Management

* **CREATE\_WIDGET\_ID** - Creating website widgets
* **DELETE\_WIDGET\_ID** - Removing widgets

### Team Management

* **ADD\_MAINTAINER** - Adding new maintainers to the account
* **REMOVE\_MAINTAINER** - Removing maintainer access

### User Management (Self-hosted)

* **USER\_CREATED** - Creating a new user account
* **USER\_DELETED** - Deleting a user account
* **ROLE\_ASSIGNED** / **ROLE\_REVOKED** - Assigning or revoking guru-level roles
* **PASSWORD\_CHANGED** - Changing a user's password

### Authentication (Self-hosted)

* **LOGIN\_SUCCESS** - Successful login
* **LOGIN\_FAILED** - Failed login attempt
* **REGISTER** - New user registration

### Secret Management

* **SECRET\_READ** - Reading a secret value
* **SECRET\_WRITE** - Creating or updating a secret
* **SECRET\_DELETE** - Deleting a secret

### Excel Jobs

* **DOWNLOAD\_EXCEL\_OUTPUT** - Downloading an Excel job output file

## Action Types

All operations are categorized into four main action types, each with distinct visual indicators:

### Access (Grey Badge)

* Viewing resources or data
* Exporting analytics or audit logs
* Login and authentication events
* Reindexing data sources
* Reading secrets
* Downloading Excel outputs

### Created (Green Badge)

* Creating new resources (data sources, integrations, widgets)
* User registration
* Admin creating new user accounts

### Updated (Blue Badge)

* Modifying existing settings and configurations
* Assigning or revoking roles
* Changing passwords
* Updating secrets

### Deleted (Red Badge)

* Removing resources (data sources, integrations, widgets)
* Deleting user accounts
* Deleting secrets

## Detailed Log Information

### Basic Information

Each audit log entry includes:

* **Timestamp**: Exact date and time of the action
* **User**: Email address of the user who performed the action
* **IP Address**: Source IP address for the operation
* **Action**: The type of operation performed
* **Object**: The specific resource that was affected

### Field Change Tracking

For update operations, audit logs show detailed before/after comparisons:

<Frame>
  <img src="https://mintcdn.com/gurubase/PMnPe4PheUTq6epp/images/guides/audit-logs/before-after.png?fit=max&auto=format&n=PMnPe4PheUTq6epp&q=85&s=a916bf5b1603dbc23168c4fc490e3c13" alt="Before/After Field Comparison" width="3006" height="1596" data-path="images/guides/audit-logs/before-after.png" />
</Frame>

This includes:

* **Previous Value**: The state before the change
* **New Value**: The state after the change
* **Field Names**: Specific fields that were modified

### Operation Details

Additional context is provided for complex operations:

<Frame>
  <img src="https://mintcdn.com/gurubase/PMnPe4PheUTq6epp/images/guides/audit-logs/info.png?fit=max&auto=format&n=PMnPe4PheUTq6epp&q=85&s=e503244c79866faf7f8edbe6fbc4de5a" alt="Operation Details" width="3004" height="1588" data-path="images/guides/audit-logs/info.png" />
</Frame>

This includes:

* **Filters Applied**: Parameters used in operations
* **Success Status**: Whether the operation completed successfully
* **Additional Context**: Extra information relevant to the operation

## System vs User Actions

### User Actions

* Performed by specific users (identified by email)
* Include IP address information
* Show user-initiated operations

### System Actions

* Automated operations triggered in the background
* Marked as "System" in the user field
* No IP address recorded (shown as "-")
* Include automated sync jobs, scheduled tasks, and background processes

## Auto-Cleanup

Audit logs older than **3 months (90 days)** are automatically deleted on a daily basis. This applies to both the optimized audit log entries and the underlying log records. No configuration is needed -- the cleanup runs automatically.

## Best Practices

### Regular Monitoring

* Review audit logs regularly to identify patterns
* Monitor for unusual activity or unauthorized access
* Track integration health and sync status

### Filtering and Search

* Use the guru filter (global view) to focus on a specific guru or guru-independent actions
* Use model and action type filters to narrow down results
* Use user filters to focus on specific team members
* Remember to click **Apply** after selecting filters

### Exporting for Compliance

* Export audit logs regularly for compliance records
* Use filters before exporting to get targeted reports
* JSON format preserves the full structure of change details

### Security Compliance

* Audit logs help meet compliance requirements
* Track data access and modifications
* Monitor maintainer access changes

## Next Steps

<CardGroup cols={2}>
  <Card title="Analytics Guide" icon="bar-chart" href="/guides/analytics">
    Learn how to analyze your Guru's usage patterns
  </Card>

  <Card title="Create Your First Guru" icon="users" href="/guides/create-guru">
    Understand how to manage maintainers and permissions
  </Card>
</CardGroup>