About activity logs

Amperity maintains records of user activity that occured in your tenant. For example:

  • A user makes a configuration change to the Amperity platform

  • A user creates a sandbox

  • A user views personally identifiable information (PII)

  • A workflow was stopped by a user

  • A user configured a destination

  • A user created an API key

  • A user was assigned to a resource group

All activity may be downloaded to a CSV file and individual event, user, and object IDs may be copied.

Important

Activity logs are retained for audit and compliance purposes and cannot be deleted.

Note

The Users section of the Users and Activity page requires the user to be assigned the Allow user administration policy option.

User activity logs.

The activity list displays the following columns:

  • User The user who took the action. For most users, this is that user’s friendly name or email address.

    An auth token is displayed for users that access Amperity programmatically.

  • Tenant The tenant from which the action originated. This column is visible when viewing activity logs from a parent tenant that has access to one or more sandbox tenants.

  • Date The date and time of the action (displayed in your local time-zone).

  • Action The action taken in the application. This takes the form of “action type/action”. For example, activating a segment appears as “segment/activate” and running a segment for download appears as “query.exec/download”.

    Note

    A few actions in the list are not user-initiated. For example, when a user is granted a new authorization policy, both the grant and the receipt appear on separate rows.

  • Object The object against which the action occurred.

    For example, if a user ran a segment, that segment’s name is displayed. If a user sent a segment to a destination, both the name of the segment and the destination name will be displayed. If the user was the recipient of a new authorization policy, the policy name will be displayed.

Filter activity

Use the controls above the activity list to narrow which events are shown.

Search

Enter a search term to filter events by matching text in the event data.

Date range

Choose a preset window from the date range selector: last 30 days (default), last 90 days, last 365 days, or all available events.

Additional filters

Click Filters to expand the filter panel. Each picklist is populated with values drawn from your tenant’s activity history, so only options that appear in your logs are shown. The following picklist filters are available:

  • User Filter by one or more specific users who initiated the action.

  • Tenant Filter by tenant. This filter is available from parent tenants that have access to one or more sandbox tenants.

  • Action Filter by one or more event types.

  • Email domain Filter by the email domain of the user who initiated the action.

The filter badge next to Filters shows a count of how many picklist filters are active. Click Reset to clear all active filters and return to the default view.

Download user activity

You can download a CSV file of activity events. Two download options are available in the top-right corner of the activity log.

  • Download time range opens a date picker so you can choose a specific start and end date. Any active search terms and picklist filters are included in the download.

  • Download exports all events that match your current filters and date range selector. The button label changes to Download all when no filters are active.

To download user activity

  1. From the ellipses menu in the top right, click Settings, and then select Activity log.

  2. Apply any search terms or filters to narrow the events you want to export, or leave the defaults to export all available events.

  3. Click Download time range to choose a specific date window, or click Download all to export all events that match the current filters.

  4. A CSV file named events-yyyy-mm-dd-timestamp.csv is downloaded.

Column names in the user activity CSV file

The first row of the user activity file has the following column headers, and then a row for each tracked event:

column name

Description

event-id

The Amperity internal identifier for the event. This can be used to request additional information about the event, if needed. For example: "event_id": "ae-Ab1cDeFg".

event-type

The type of event. For example: "event_type": ":amperity.alert.audience/created".

This value is also available from the Action column under Users on the Users and Activity page.

external-id

Internal value only.

happened-at

The date and time at which the action occurred. Dates and times are in ISO 8601 format and in UTC. For example: "happened_at": "2024-04-09T17:21:06.747Z".

This value is also available from the Date column under Users on the Users and Activity page.

Note

The downloaded date and time are in GMT. The Amperity user interface shows the date and time in your local timezone.

object

The identifier for the object against which the action occurred. For example: "object_id": "seg-35GMWpn6Y".

object-name

A composed string that describes the objects for which the action occurred. For example: "object_name": "Socktown Returning Customers".

This value is also available from the Object column under Users on the Users and Activity page.

origin-ip

The IP address that is associated with the user who initiated the action. For example: "origin_ip": "111.11.111.1".

principal-email

The email address for the user who initiated the action. For example: "principal_email": "user@socktown.com".

This value may be NULL when the user is an API key.

principal-id

The identifier for the user who initiated the action. This user may be an API key or a non-human user. For example: "principal_id": "google-apps|user@socktown.com".

principal-name

The friendly name of the user associated with the activity, if available, otherwise the email address or API key. For example: "principal_name": "Socktown User".

This value is also available from the User column under Users on the Users and Activity page.

recorded-at

The time at which the system recorded the action. May be slightly different than the value of happened-at due to the asynchronous nature of Amperity.

session_id

“The identifier for the session from which the action occurred.” For example: "session_id": "Ab1cDeFgHijkLMN2Op3QrStUvWxYZ0123".

source

The component within Amperity that added the log entry.

user_agent

The user agent string of the client that initiated the action. For example: "user_agent": "Mac OS X 4.5.6" or "user_agent": "Chrome 1.2.3".

User activity event types

The following table lists the most common event types, grouped by the component or area within Amperity that is most associated with the event type.

Note

Many events are prefixed with a dot-delimited string that typically starts with “amperity”. The specific event is located after a slash (“/”). The following table lists the events by the strings immediately before and after the slash.

For example, the following event:

:amperity.plugin.destination/created

is shown in the following table as:

destination/created

If your tenant shows an event that is not listed in this table, its purpose can often be inferred by the string and the event after the trailing slash. You may open a support ticket to request more information about an event that is not shown in this table. Ask your Amperity support representative for more information about the event, and then request also that this reference be updated.

Event grouping

Description

AI Assistant

The following events are associated with the AI Assistant:

assistant/send-user-message

A user sent a question to the AI Assistant. The audit event may include the response from the AI assistant.

query.exec/sampled

A set of sample data was provided to the AI Assistant.

Note

More detail about AI Assistant data sharing policies, how the model stores data, and what types of data is sent (or not sent), is available from the AI Assistant Privacy FAQ.

API keys

The following events are associated with API keys:

api-key/created

An API key was created.

api-key/deleted

An API key was deleted.

api-key/issue

An API token issuer was created.

Note

This event is always associated with the following events:

policy/attached

and

policy/attached-to

api-key/issue-oauth2-client-credentials

An OAuth2 client credentials token issuer was created.

api-key/updated

An API key was updated.

BI Connect

The following events are associated with BI Connect:

warehouse/user-added

A user was added to BI Connect.

warehouse/user-removed

A user was removed from BI Connect.

warehouse/user-renewed

A user was allowed to continue accessing BI Connect.

Campaigns

The following events are associated with campaigns:

campaign/send

A campaign was sent.

Credentials

The following events are associated with credentials:

credential/created

A credential was created.

credential/deleted

A credential was deleted.

credential/updated

A credential was updated.

Destinations

The following events are associated with destinations:

destination/cloned

A user created a destination by copying an existing destination.

destination/created

A user created a destination.

destination/deleted

A user deleted a destination.

destination/updated

A user updated a destination.

Domain tables

The following events are associated with domain tables:

workflow/domain-data-records-deletion-started

A user deleted records from a domain table.

Orchestrations

The following events are associated with orchestrations and orchestration groups:

orchestration/run

A user initiated a manual run for an orchestration.

orchestration.group/run

A user initiated a manual run for an orchestration group.

Policies

The following events are associated with policies:

policy/attached and policy/attached-to

A policy was attached to an object that was created within Amperity.

For example, when a new API token issuer is created, the policy/attached and policy/attached-to events are logged and are associated with the name of the API issuer token.

policy/created

A policy was created.

policy/deleted

A policy was created.

policy/detached and policy/detached-from

A policy was detached from an object that exists within Amperity.

policy/updated

A policy was updated.

Important

Occasionally members of your Amperity team will access your tenant. This is always done as a full administrator.

In situations where they are helping to troubleshoot an issue or answer a question with more detail, they will often switch their view to match the policy settings associated with your tenant.

For example, if the view is switched to “DataGrid Operator”, that action is logged using the following event type:

amperity.auth.token/user-switched-policies

Privacy rights

The following events are associated with privacy rights workflows:

workflow/domain-ccpa-deletion-started

The CCPA delete workflow has started.

Queries

The following events are associated with the Queries page:

query/activated

A query was activated.

query/created

A query was created.

query/deleted

A query was deleted.

query/moved

A query was moved from one folder into another.

query.draft/discarded

A query in a draft state was discarded.

query.folder/created

A folder on the Queries page was created.

query.folder/deleted

A folder on the Queries page was deleted.

Resource groups

The following events are associated with resource groups:

resource-group/assigned

A user was assigned to a resource group.

resource-group/created

A resource group was created.

resource-group/deleted

A resource group was deleted.

resource-group/updated

A resource group was updated.

Sandboxes

The following events are associated with sandboxes:

tenant/created

A sandbox was created.

tenant/deleted

A sandbox was deleted.

tenant/updated

A sandbox was updated.

Note

These events appear within the sandbox and are followed by the policy/attached-to and policy/attached events and allow DataGrid Administrator access to the sandbox.

Single Sign-on

The following events are associated with single sign-on (SSO):

connection/created

An SSO connection was created.

connection/deleted

An SSO connection was deleted.

connection/updated

An SSO connection was updated.

group-mapping/created

An SSO group mapping was created.

group-mapping/deleted

An SSO group mapping was deleted.

group-mapping/updated

An SSO group mapping was updated.

User activity

The following events are associated with the Users section within the Users and Activity page:

audit.user-activity/download

A user downloaded user activity into a CSV file to view offline.

Users

The following events are associated with Amperity user accounts that are managed from the Users and Activity page:

user/created

A user was created.

user/deleted

A user was deleted.

user/reset-mfa

The multi-factor authentication settings for a user were reset.

user/sent-password-reset-email

A user was sent an email to they can reset their password.

user/updated

A user account was updated.

Workflow alerts

The following events are associated with workflow alerts:

audience/created

An audience for a workflow alert was created.

Note

This event shows only the first time an email addresss or Slack channel is configured to receive workflow alerts for courier groups, scheduled orchestration groups, or campaigns. All later events related to workflow alerts shows the audience/updated event.

audience/updated

The membership of an audience for a workflow alert was updated. This includes adding or removing email addresses or Slack channels to or from a workflow alert.

subscription/created

A subscription for a workflow alert was created.

subscription/updated

A subscription for a workflow alert was updated.

Workflows

The following events are associated with workflows:

workflow/cancel

A workflow resolution was stopped by a user.

workflow/retry

A workflow resolution was opened, after which a specific resolution option was selected, and then the workflow was retried.

workflow/skip

A user opened a workflow resolution, and then skipped the task that caused the workflow failure.