Audit Log
The audit log page allows you to view and manage all important events that occur within your organization. You can track user activities, system changes, security-related events, and more to enhance your organization’s security and compliance.
Viewing Audit Logs
Viewing Log List
On the audit log page, you can view a chronologically sorted list of events. Each log entry includes the following information:
- Time: When the event occurred
- User: Information about the user who triggered the event
- Event Information: Type and detailed information about the event that occurred
Event Type Filter
You can view only specific types of events. Select the desired event type from the dropdown menu to display only logs of that type.
Event Types
The event types tracked in the audit log are as follows:
User Management Events
organization.invite.sent
This event occurs when an organization administrator invites a new user to the organization. When an invitation email is sent, it is automatically recorded, including information about the user who sent the invitation and the invited email address.
Added: 2025.7.28organization.user.added
This event occurs when an invited user accepts the invitation and successfully joins the organization. You can track when new members are added to the organization.
Added: 2025.7.28organization.user.removed
This event occurs when an organization administrator removes an existing user from the organization. Information about both the administrator who performed the removal and the removed user is recorded.
Added: 2025.7.28organization.user.role.changed
This event occurs when a user’s permission role is changed within the organization. Both previous and new role information is recorded together, allowing you to track permission change history.
Added: 2025.7.28auth.login.success
This event occurs when a user successfully logs into the system. Login time, IP address, and user information are recorded to manage access history.
Added: 2025.7.28auth.logout
This event occurs when a user logs out of the system. Session termination time and user information are recorded.
Added: 2025.7.28auth.password.changed
This is a security event that occurs when a user changes their password. It is recorded as an important activity for strengthening account security.
Added: 2025.7.28Organization Settings Events
organization.name.changed
This event occurs when the organization’s name is changed. When you modify the name in organization settings, both the previous and new names are recorded to track organization information change history.
Added: 2025.7.28organization.id.changed
This event occurs when the organization’s unique identifier (ID) is changed. Organization identifier changes are important configuration changes that require administrator privileges, and both before and after ID information is recorded.
Added: 2025.7.28organization.owner.changed
This event occurs when organization ownership is transferred to another user. Information about both the previous owner and the new owner is recorded, tracking the highest authority changes in the organization.
Added: 2025.7.28organization.user.add.failure
This event occurs when an attempt to add a user to the organization fails. It is recorded along with failure reasons such as insufficient permissions, duplicate invitations, or system errors to help with problem resolution.
Added: 2025.7.28MCP Integration Events
mcp.integration.created
This event occurs when a new MCP (Model Context Protocol) integration is created. When a new connection setup with an external service is completed, it is recorded, including integration name and configuration information.
Added: 2025.7.28mcp.integration.updated
This event occurs when the settings of an existing MCP integration are modified. When integration-related settings such as connection information, authentication settings, or permissions are updated, they are recorded along with the changes.
Added: 2025.7.28mcp.integration.deleted
This event occurs when an MCP integration is deleted. It is recorded when disconnecting from external services or removing integrations that are no longer in use, tracking integration management history.
Added: 2025.7.28mcp.preset.created
This event occurs when a new MCP preset is created. When frequently used integration settings are saved as templates, it is recorded, including preset name and included configuration information.
Added: 2025.7.28mcp.preset.updated
This event occurs when an existing MCP preset is modified. When settings or names included in the preset are changed, they are recorded along with the modifications to track preset management history.
Added: 2025.7.28mcp.preset.deleted
This event occurs when an MCP preset is deleted. It is recorded when removing presets that are no longer in use, and the deleted preset information is preserved.
Added: 2025.7.28LLM Events
llm.credit.limit.exceeded
This event occurs when the organization’s LLM usage credits exceed the set limit. It is recorded to prevent excessive usage and for cost management, including information about when the limit was exceeded and usage amounts.
Added: 2025.7.28llm.message.failure
This event occurs when message processing sent to the LLM fails. It is recorded along with failure reasons such as network errors, API limit exceeded, or invalid requests to help with problem diagnosis.
Added: 2025.7.28llm.message.received
This event occurs when a response message is successfully received from the LLM. You can track conversation flow and response times, and it is used for system performance monitoring.
Added: 2025.7.28llm.message.sent
This event occurs when a user’s message is successfully sent to the LLM. Request time and message information are recorded to analyze usage patterns.
Added: 2025.7.28llm.tool.call.attempted
This event occurs when the LLM attempts to call a specific tool or function. Tool usage attempts such as MCP integration or external API calls are recorded to track system activity.
Added: 2025.7.28llm.tool.call.failure
This event occurs when an LLM tool call fails. It is recorded along with failure reasons such as integration errors, insufficient permissions, or timeouts to provide information needed for problem resolution.
Added: 2025.7.28llm.tool.call.success
This event occurs when an LLM tool call is successfully completed. Information about the called tool and execution results is recorded to track successful integration activities.
Added: 2025.7.28Log Format Examples
Audit logs are stored in JSON format and have the following structure:
User Login Success
{
"auditId": "77f66585-229a-4ff9-86d4-0aa078d5bb29-f65d1255-54ac-481d-9de9-89f7013180a1",
"time": "2025-07-25T08:08:25Z",
"actor": {
"name": "Keira Yoon",
"ipAddress": "203.0.113.42",
"role": "owner"
},
"event": {
"eventType": "auth.login.success",
"name": "Login Success",
"description": "Keira Yoon succeed to login."
}
}User Role Change
{
"auditId": "1a1ec237-b5a0-4f7c-b445-0bf2ecb6b270",
"time": "2025-07-25T08:08:25Z",
"actor": {
"name": "Keira Yoon",
"ipAddress": "203.0.113.42",
"role": "owner"
},
"event": {
"eventType": "organization.user.role.changed",
"name": "Organization user's role changed",
"description": "Keira Yoon changed QueryPie Shared's role from admin to member"
}
}MCP Integration Creation
{
"auditId": "e8720ca3-08eb-45eb-8b74-129042c9e39c",
"time": "2025-07-25T08:08:25Z",
"actor": {
"name": "Keira Yoon",
"ipAddress": "203.0.113.42",
"role": "owner"
},
"event": {
"eventType": "mcp.integration.created",
"name": "Integration created",
"description": "Keira Yoon created integration Custom SSE"
}
}