Skip to main content

Audit Logs

Qarion maintains an immutable, append-only audit trail that records every significant action across the platform. The audit log is designed to satisfy both internal governance requirements and external audit demands.

What Is Captured

Every mutation event produces an audit log entry with the following fields:

FieldDescription
ActorUser ID, email, and display name of the person who performed the action
ActionType of operation — create, update, delete, archive, approve, reject, login, etc.
ResourceType and ID of the affected resource (product, ticket, contract, meeting, dataset, etc.)
Resource NameHuman-readable snapshot for quick identification
DetailsStructured JSON payload with changed fields and old → new values
IP AddressOriginating IP of the request
TimestampUTC timestamp (immutable once written)
SpaceThe space context, if applicable (null for org/platform-level events)
Immutability

Audit log entries are never updated or deleted. The table enforces an append-only pattern — there are no PUT or DELETE operations on audit log records.

Browsing the Audit Log

In the UI

Navigate to your space and open the Audit Log section. The log supports:

  • Filtering by action type, resource type, acting user, and date range
  • Pagination for navigating large datasets
  • Resource drill-down — click any resource to view its full history

Via API

The audit log is exposed through read-only API endpoints:

EndpointDescription
GET /api/v1/{slug}/audit-logPaginated, filtered audit log for a space
GET /api/v1/{slug}/audit-log/exportExport as CSV or JSON
GET /api/v1/{slug}/audit-log/{resource_type}/{resource_id}History for a specific resource

Common query parameters:

ParameterTypeDescription
actionstringFilter by action type (e.g. create, update, delete)
resource_typestringFilter by resource type (e.g. product, ticket)
user_idUUIDFilter by acting user
start_datedatetimeStart of date range
end_datedatetimeEnd of date range

Exporting for External Auditors

Audit logs can be exported in two formats:

CSV Export

Use GET /api/v1/{slug}/audit-log/export?fmt=csv to download a CSV file. The export includes:

ColumnDescription
idUnique audit entry ID
created_atISO 8601 timestamp
actionAction performed
resource_typeType of resource
resource_idID of affected resource
resource_nameHuman-readable name
user_emailActor's email
user_full_nameActor's display name
detailsStructured change payload
ip_addressSource IP

JSON Export

Use GET /api/v1/{slug}/audit-log/export?fmt=json to receive a JSON array of audit entries.

Export Limits

Exports are capped at 10,000 rows per request. Use date range filters to work through larger datasets in batches.

SIEM Integration

Enterprise customers can forward audit logs to external Security Information and Event Management (SIEM) systems.

Structured JSON Logging

When platform.structured_logging is enabled, Qarion outputs structured JSON logs that can be consumed by log aggregators such as:

  • Splunk — via HTTP Event Collector (HEC)
  • Elastic / ELK Stack — via Filebeat or Logstash
  • Datadog — via log forwarding agent
  • AWS CloudWatch — via CloudWatch Logs agent

Webhook-Based Forwarding

Alternatively, configure a webhook connector to push audit events to your SIEM in real time. See Alerts & Webhooks for webhook configuration.

Audit Log Retention

Retention is configurable via the platform.audit_retention_days feature setting:

SettingDefaultDescription
platform.audit_retention_daysUnlimited (null)Number of days to retain audit entries

Configure this in Administration → Feature Settings → Platform.

caution

Setting a short retention period may conflict with regulatory requirements (e.g., GDPR requires demonstrating compliance over time). Ensure your retention policy aligns with your organization's legal obligations.

Tier Availability

CapabilityCommunityProfessionalEnterprise
Immutable audit trail
UI browsing & filtering
CSV / JSON export
Configurable retention
Structured JSON logging
SIEM forwarding
Org-level cross-space audit