Audit log

What is recorded

• Monitor creation, updates, pause/resume, and deletion.
• Alert channel creation, deletion, and successful tests.
• API key creation and revocation.
• Service, team, SLO, dependency, and monitor-link changes.
• Routing policy, maintenance window, on-call schedule, and override changes.
• Report snapshot creation and integration connection changes.
• Incident acknowledgements, notes, resolution, review creation, review publishing, and action-item changes.
• Member invitations, role updates, removals, permission overrides, and team membership changes.

How to use it

• Review the audit log after access, routing, alerting, or key changes.
• Use actor, action, target, timestamp, and metadata to reconstruct changes.
• Export audit evidence as CSV or JSON when audit export is enabled by organization policy.
• Use audit entries during incident review when configuration changes may have contributed.
• Use the audit log during security review to demonstrate operational accountability.

Access

• Audit log access is limited to organization owners and admins.
• Deleted users are preserved as system or deleted user where actor details are unavailable.
• Audit records are scoped to the current organization.

Related documentation