Working with Activity Audit Logs
The Activity Audit Logs page () displays detailed views of data you select from charts, or items you search for. Through this page, you can use the filtering options in the navigation bar to focus on specific users and activities to provide an audit trail or detect patterns of use.
The page shows these items:
|
Search options: Cloud applications (managed, enterprise, and unsanctioned) and web categories Event types (for example, activities, policy violations) Event sources (for example, API, inline, email) Time range options (for example, last 34 hours, last week, last month) | |
| Search query string. | |
| The total number of events found from the search. |
| Navigation bar from which you can filter your search further by choosing users, user groups, activity types, content types, and policy names on which to search. These filters can be helpful when you need to keep an audit trail on specific users or activities. The search results show the most recent 10,000 records from the selected filter items. | |
| Bar graph display of event data, showing counts for all events found (in addition to the most recent 10,00 records). | |
|
Table of event data, showing the newest 500 records. The data is sorted in descending order by time. For additional data, you can export the contents to a CSV file. The export includes the results of the currently selected filters. For ServiceNow cloud applications, the Activity Audit Logs page does not show source details (IP, city, country, country code, IP, origination, source state, or user type) for content download activity. |
