The Audit Log monitors user activity in the tenant
Audit Log Categories and Events
Event | Description |
---|---|
Request approved | A submitted request was approved by an authorized user. |
Request denied | A submitted request was denied by an authorized user. |
Request submitted | A request was submitted for approval. |
Event | Description |
---|---|
Case exported | A case was exported to a downloadable format. |
Case shared | A case was shared with external parties or users. |
Table exported to CSV | A case table was exported in CSV format. |
Event | Description |
---|---|
Custom cases table created | A new custom table for cases was created. |
Custom cases table edited | An existing custom cases table was edited. |
Exported to CSV | Data from a custom cases table was exported as a CSV file. |
Field created | A new field was added to a custom cases table. |
Field edited | A field in a custom cases table was updated. |
Field deleted | A field was removed from a custom cases table. |
Event | Description |
---|---|
Connection created | A new integration connection was created. |
Connection deleted | An existing integration connection was removed. |
Connection edited | An integration connection was modified or updated. |
Event | Description |
---|---|
Dashboard activated | A dashboard was activated and made live. |
Dashboard created | A new dashboard was created. |
Dashboard deactivated | A dashboard was deactivated. |
Dashboard deleted | A dashboard was deleted. |
Dashboard edited | Changes were made to a dashboard’s configuration or layout. |
Dashboard metadata edited | Metadata for the dashboard (e.g., tags, ownership) was updated. |
Event | Description |
---|---|
Global variable created | A new global variable was created. |
Global variable deleted | A global variable was removed from the system. |
Global variable edited | An existing global variable was updated or changed. |
Event | Description |
---|---|
Runner group created | A new group for managing runners was created. |
Runner group deleted | A runner group was deleted. |
Runner group edited | A runner group’s settings or members were updated. |
Runner group set as default | A runner group was marked as the default for new workflows or tasks. |
Event | Description |
---|---|
App created | A new self-service app was created. |
App deleted | A self-service app was removed. |
App published | A self-service app was published and made available. |
Event | Description |
---|---|
Field created | A new field was added to a data table. |
Field deleted | A field was removed from a data table. |
Field edited | A field in a table was modified. |
Table created | A new data table was created. |
Table deleted | A data table was deleted. |
Table edited | A data table was updated or modified. |
Table exported to CSV | A table’s contents were exported to a CSV file. |
Event | Description |
---|---|
Audit logs exported | Audit logs were exported for review or archiving. |
Blink-cloud runner updated | Settings for the Blink cloud runner were updated. |
Default tenant runner updated | The default runner for the tenant was changed. |
Runner auto upgrade updated | Auto-upgrade settings for runners were modified. |
SAML role mapping updated | Role mapping configuration for SAML was updated. |
SAML settings updated | SAML authentication settings were changed. |
Two-factor authentication disabled | Two-factor authentication was disabled for the tenant. |
Two-factor authentication enabled | Two-factor authentication was enabled for the tenant. |
Event | Description |
---|---|
Group created | A new group was created. |
Group deleted | An existing group was deleted. |
Group name updated | The name of a group was changed. |
Role created | A new role was created. |
Role deleted | An existing role was deleted. |
Role updated | An existing role was updated. |
Service account activated | A service account was activated. |
Service account created | A new service account was created. |
Service account deactivated | A service account was deactivated. |
Service account deleted | A service account was deleted. |
Service account group assignment updated | A service account’s group was updated. |
Service account role changed | A service account’s role was changed. |
User activated | A user was activated. |
User deactivated | A user was deactivated. |
User deleted | A user was deleted. |
User group assignment updated | A user’s group assignment was updated. |
User invited | A user was invited. |
User role changed | A user’s role was changed. |
Event | Description |
---|---|
User logged in | A user logged in. |
User logged out | A user logged out. |
API key created | An API key was created. |
API key deleted | An API key was deleted. |
Event | Description |
---|---|
Pack created | A new pack was created. |
Pack deleted | A pack was deleted. |
Pack edited | A pack was edited. |
Workflow activated | A workflow was activated. |
Workflow created | A new workflow was created. |
Workflow deactivated | A workflow was deactivated. |
Workflow deleted | A workflow was deleted. |
Workflow published | A workflow was published. |
Workflow settings updated | Workflow settings were updated. |
Event | Description |
---|---|
Workspace created | A new workspace was created. |
Workspace deleted | A workspace was deleted. |
Workspace name updated | A workspace’s name was updated. |
User invited/added | A user was invited or added. |
User removed | A user was removed. |
User role changed | A user’s role in the workspace was changed. |
Navigate to the 'Audit Log Settings' page
In the top right-corner of the Audit Log page, select the icon
Enter the Required Parameters
Optional-Test Connection
Access the HTTP Event Collector
Select Source
Input Settings
Review
Token Created Successfully
Integrate with Blink
8088
). Your full url will look something like this https://splunk.yourcompany.com:8088
Test Connection and Save Settings