• Products
  • Documentation
  • Resources

Track organization activities from the audit log

The audit log tracks key activities that occur within Atlassian organization. Use these activities to diagnose problems or questions related to user details, product access, managed accounts, and organization settings.

Learn more about the audit log in this video

Who can do this?
Role: Organization admin
Plan: Atlassian Access, some activity also requires an Enterprise plan

The audit log includes activities for a specific time period. To save activities before they pass 180 days, export the audit log periodically.

Track user-created activity

Tracking user-created activity in the audit log is available when you upgrade your products to an Enterprise plan. Read more about Enterprise plans

The audit log also tracks user-created activity for all accounts: managed and unmanaged. By default, we store content from user-created activity in the audit log. User-created activity refers to actions users take like viewing or creating a Confluence page.

You can choose whether or not to store user-created content in the audit log. When you update your activity settings in the audit log, you can see these changes in activity:

1. Stored

Stored user-created activity – you can see the Confluence page title and/or Jira issue identification in the audit log.

2. Not Stored

Not stored user-created activity – unable to see the Confluence page title and Jira issue identification in the audit log.
  1. Stored user-created activity – you can see the Confluence page title and/or Jira issue identification in the audit log.

  2. Not stored user-created activity – you’re unable to see the Confluence page title and/or Jira issue identification in the audit log.

Data residency isn’t available for the audit log.
You may want to exclude sensitive content from the audit log. You can do this by updating your activity settings in the audit log. Learn more about data residency

Change settings for user-created activity

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Audit log.

  3. Select Activity settings.

  4. Select Product > Stored to start storing user-created activity.

  5. Select Product > Not stored to stop storing user-created activity.

Product audit logs

Audit logs already exist in Jira Software Cloud and Confluence Cloud. Refer to the table to understand the different types of activities you can find in each audit log.

 

Jira Software Cloud / Confluence Cloud

Atlassian Access

Cloud Enterprise

Example activities

  • Changes to project configuration for Jira

  • Changes to space permissions for Confluence

  • Changes to sprint related actions

  • Changes to a user’s product or site access

  • Group creations and deletions

  • Changes to a group’s membership

  • Changes to a group’s product or administration access

  • Tracks user-created activity

    • Create

    • Edit

    • View

    • Delete

Scope

Each individual product

All sites and products added to the organization

Jira and Confluence

Storage

Determined by each product’s storage limits

Retain for 180 days

Retain for 30 days

Learn more about product audit logs in the Jira admin or Confluence admin documentation.

Access audit log activities

The audit log includes these types of activities.

Type

Activity explanation

Site & product users

Actions that admins complete for users with product access, typically from the Users page or an individual user’s details page.

Groups

Actions that admins complete, typically from the Groups or Product access pages.

Organization

Actions that organization admins complete, related to settings or other organization pages.

Security policies

Actions that organization admins take related to the organization’s security policies.

User accounts

Actions that the organization's managed accounts take with their own accounts.

To see a detailed list of the Bitbucket Cloud audit log events, refer to Bitbucket Cloud audit log events.

View the audit log

To access your organization's audit log:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Audit log.

You need to be an organization admin to do this.

You’ll see a table of activities, organized by the date and time the activity happened and the actor who took the action. The actor may be a user or the Atlassian system.

It may take a few minutes for new activities to appear in the audit log.

Organization activities in the audit log

Search the audit log

The audit log lists activities that go as far back as 180 days.

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Audit log.

  3. Enter your search criteria in the text field. You can search for activities with users' names, email addresses, group names, or site names. You must enter an exact term.

  4. Narrow the search results by specifying the dates and activity.

  5. Click Apply to search.

Export the audit log

When you export a log, you receive an email with a CSV file to download. The CSV file will include up to 10,000 activities. If you’re using the search or filter options when you export, the CSV file will only include the filtered activities.

You can also use the organizations REST API to access and save audit log activities. See our API documentation for more details.

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Audit log.

  3. Click Export log in the top right.

  4. From the dialog, click Export.

  5. You’ll receive an email called Your audit log is ready to download. From the email, click Download audit log to download the CSV file.

The download link in the email expires one day later. If you don’t download the CSV file right away, you can export the log again.

Additional Help