Audit log

The Audit log is the per-event record of activity in your tenant. Every action that matters — a schema saved, a connection added, an API key minted, a member invited, a sign-in attempt — lands here with the actor, the request path, the outcome, and a timestamp.

It’s the page you reach for when something unexpected happens and you need to know what changed. It’s also the page security and compliance teams export from during an audit cycle.

Note

Audit log access is Team tier and above. Starter tenants can upgrade later and see history back to the start of the retention window.

What’s audited

The set covers everything a human or agent can do that changes state or accesses sensitive surfaces:

Auth and identity. Sign-in, sign-out, failed sign-in, SSO handshakes, password reset attempts.

Schemas and connections. Create, edit, delete on schemas; same for connections; file uploads and deletions.

Access management. API key mints and revocations; member invites, role changes, and revocations; workspace creates and renames.

Engine queries. Every MDX query against a cube — the path, the API key or user that issued it, the duration, the status.

What’s not logged: query result contents (we never log the rows you fetched), per-cell access patterns, your Saiku UI clicks. For the full data-handling picture see Tenant isolation.

Filtering

The filter bar narrows by actor (user or API key), event type, date range, and outcome (success / failure). Each filter syncs to the URL so you can share a specific view with a teammate.

Click any event row to expand it — full HTTP method and path, status code, the actor’s ID, request and response sizes. The detail view is where you’d grab evidence for an audit package.

CSV export

The Export CSV button downloads the currently-filtered set as a CSV. Useful for offline analysis, attaching to a SOC 2 readiness package, or feeding into your own SIEM. There’s no rate limit on the export beyond your account-level rate limit — pull as often as you need.

Retention

Tier	Window
Team	90 days
Business	Configurable up to 7 years
Enterprise	Custom

Events outside the retention window are purged. If your compliance posture requires longer retention than your tier provides, export on a schedule (daily or weekly) to your own archive — S3, GCS, SIEM, whatever fits your stack.

Common investigations

A few patterns we see often:

“Why is this cube broken?” Filter by event type schema.update for the schema in question. The most recent event shows the last person who touched it and what they changed.

“What has this contractor been doing?” Filter by actor → their user ID. Skim recent events. Useful before revoking access.

“Is this API key compromised?” Filter by actor → key ID, restrict to the last 24 hours. Look for unusual paths, error spikes, or volume out of pattern.

Related

• Members — actors you’ll see on this page.
• API keys — actors you’ll see on this page.
• Tenant isolation — what we log, what we deliberately don’t.