How to identify the user who deleted page(s) in Confluence

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

  • This article outlines step by step procedure of how to enable logging for page deletions as well as how to get the information from the database. Audit of Page deletion belongs to the Advanced coverage level of the Pages and Blogs category of End-user Activity.

Starting version 7.5, Confluence is shipped with the Advanced Audit Log feature  - because of which a new upgrade task had to be factored in to migrate audit log data in the legacy format and tables to the new Advanced Logs Format. This audit record migration process (via upgrade task) is responsible for migrating data from the following 3 tables to the new Advanced Audit Log's table - AO_C77861_AUDIT_ENTITY in batches (by default 1000 records at a time).

  1. AUDITRECORD 
  2. AUDIT_AFFECTED_OBJECT 
  3. AUDIT_CHANGED_VALUE 

Prior to version 7.5, audit information was stored in the AUDIT RECORD table. Now the data is stored in the AO_C77861_AUDIT_ENTITY table. 

Environment

Confluence Version >=7.5 

For version below 7.5 check out Finding who deleted pages in Confluence.

Solution

Firstly we need to enable Advanced auditing to enable Page deletion so that the information is stored in DB. The Steps to enable audit logs on confluence UI for page deletion are as follows.

  • Go to  >General Configuration > Audit log
  • Once you click on the Audit log, you should see the below screen. Select more options  > Settings as highlighted in the below screenshot
  • On the settings screen, under the Coverage section, scroll to End user Activity and select Advanced from the dropdown
  • Click on Save, to save the settings
  • After the above settings are saved, if there is any page deletion action that happens, you would be able to see those in the audit logs.
  • Please check the Auditing in confluence page for reference

Once Advanced auditing is in place, run the below query in DB to fetch the information

Oracle 
SELECT "USER_NAME" as UserName, ("SECONDARY_RESOURCE_ID" ) AS DELETEDPAGEID , c.TITLE AS PageName
FROM "AO_C77861_AUDIT_ENTITY" a
inner join content c 
on TO_CHAR (c.Contentid) = a."SECONDARY_RESOURCE_ID"
WHERE "ACTION"='Page deleted'

The result will be the name of the user who deleted the page and the PageID and PageName information. 

If advanced auditing is not enabled as per the above configuration, you can run the following SQL query to obtain information about the user who deleted the page:

select c.contentid , c.title , a."SPACE_KEY" , um.username as whodeletedthepage from "AO_7B47A5_EVENT" a inner join content c on 
c.contentid = a."CONTENT_ID" join user_mapping um on
a."USER_KEY" = um.user_key 
where c.title='<Page-Title>' and a."NAME" ='page_trashed';



Last modified on Jun 6, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.