System Audit Report

Access the report

In the Reports menu, under Audit, click System Audit Report.

Arrange the report

To more easily view data in the report, do one or more of the following:

To sort the content of a column in chronological order, click the column header. (Click the header again to reverse the sort order.)
To change the width of a column, move the pointer over the edge of the column and when the re-size icon appears, click and drag the column to the desired size.
To rearrange the columns, click and drag a column header to a new location on the table.
If the list contains more entries or columns than can be displayed on your screen, scroll horizontally or vertically. The system automatically loads more data as you scroll the page.
To include or exclude columns, click the Columns drop-down menu and select or clear the columns that are included. When you've hidden a column and want to see it again, it is added as the last column of the table.

See Available data columns for descriptions of each column.

Search for audit records

You can quickly search for audits that contain the search term. Start typing in the search bar and the report automatically updates the list to display audits that contain the search term.

View audit records by date

The report displays data for a specific timeframe. You can select particular timeframes (Past 24 Hours, Past 7 Days, Past 30 Days, Past 60 Days, or Past 90 Days), or specify a date range using the calendar and time pickers and click Apply. The results in the report update to match your timeframe or date range.

Filter audit records

The available filters allow you to narrow the audits list based on matching specific criteria. For example, you can use filters to locate audit records for changes made to a particular workflow by a specific person or people (e.g., audit records for changes made to the Incident Resolution workflow by Mary McBride or Aarohi Kaur).

You can apply one or more filters to narrow down the list of audit records. If you apply multiple filters, xMatters only returns record that match all of the specified filter criteria. For detailed instructions on how to use filters, see Filtering data tables.

The following table describes the available filters on the System Audit Report and their values:

Filter	Values
Name	Show All: All audit records, regardless of user, device, group, workflow, custom step, or HTTP trigger. Search to select other options: Type a search term to populate a list of matching users, devices, groups, workflows, custom steps, or HTTP triggers you can select from.
Changed	Workflow: Audit records for workflow changes. Custom Step: Audit records for custom step changes. HTTP Trigger: Audit records for HTTP trigger changes. User: Audit records for user changes. Device: Audit records for device changes. Group: Audit records for group changes.
Changed By	Show All: All audit records, regardless of who made the change. Me (First Last): Changes you made. For example, "Me (Mary McBride)". Search to select other options: Type a search term to populate a list of users you can select from.

Export the report

Click Export to open or save the report's currently displayed results as a spreadsheet.

Available data columns

The Workflows Audit Report includes the following columns:

Column	Description
Time	The date and time of the change.
Changed	What was changed: User, Device, Group, Workflow, Custom Step, or HTTP Trigger. For more information on each change, see Data components.
Name	The name of the user, device, group, or workflow, or the name and version of the custom step or HTTP trigger.
Changes	Details about the change. To learn how to interpret the data in this column, see How to read changes in an audit record.
Changed By	The first name, last name, and user ID of who made the change.
Interface	The product interface where the change was made: Web UI, API, or Not Available.

Data components

The Workflow Audit Report records changes to the following components:

Changed	Component
User	First and last name User ID Active/inactive status Login credentials Roles Sites Time zones Languages Custom user properties
Device	Name Type Contact information Active/inactive status Priority threshold Device delay Device order Device timeframe Test status Failsafe status
Group	Name Description Type Members Admins Observers 'Observed By All' setting Active/inactive status 'Allow Duplicates' setting 'Use Failsafe Devices' setting Site to use for holidays 'Externally Owned' setting Dynamic group criteria
Workflow	Name Description Enabled/disabled status Notification flood control status Permissions Forms Form properties Flow canvases
HTTP Trigger	Name Permissions Settings Inputs Outputs Script
Custom Step	Name Permissions Settings Inputs Outputs Script

How to read changes in an audit record

When constant changes occur within your organization, it may be difficult to find the audit record you need in the System Audit Report even after you've utilized the filter, sort, and search functions to narrow down the list. Learn how to read and interpret the data in the Changes column of an audit record to quickly find what you're looking for:

Added

When a component is added, the Changes column records the name of the component and any corresponding settings that have been configured for it during creation. For example, if you add a user, you would see the following in an audit record:

Changed column: The type of change, which in this case is "User".
Name column: The first name, last name, and user ID of the new user.
Changes column: The action that occurred, which in this case is adding a user. The column lists the name of the new user and the settings that were configured at the time of creation.

Deleted

When a component is deleted, the Changes column records the name of the component that was removed. For example, if you delete a workflow, you would see the following in an audit record:

Changed column: The type of change, which in this case is "Workflow".
Name column: The name of the deleted workflow.
Changes column: The action that occurred, which in this case is deleting a workflow.

Updated

When a component is updated, the Changes column records the name of the component and the changed setting's old value for reference along with the newly updated value. For example, if you update a trigger in a workflow, you would see the following in an audit record:

Changed column: The type of change, which in this case is "Workflow".
Name column: The name of the updated workflow.
Changes column: The action that occurred, which in this case is updating a flow trigger in a workflow. The column lists the name of component (the flow trigger) and the settings that were configured during the update, including old and new values when applicable. (e.g., If you disabled the flow trigger, the change would look like: 'Is Enabled: Enabled ➔ Disabled'. The updated setting is "Is Enabled", the old value is "Enabled", and the new value is "Disabled".)

Multiple changes

When multiple components are updated at the same time (e.g., a team member relocates and they update their sites, languages, and time zone), the report lists them all in one record when possible. Some changes may be listed in separate records due to how the data is processed. To confirm if multiple records were changed at the same time by the same user, check if the Time and Changed By column values are the same for the records you're looking at.

Unknown or unavailable data

We are continuously adding xMatters components to the System Audit Report. If the report hasn't started capturing data for a specific component at the time of a change, the information cannot be retrieved and it is shown as Not Available on the audit record. This may also apply to data that appear as [none]—if you search or filter for a change that occurred before the component was added to the report, you will not be able to access the data.

System Audit Report

Use the System Audit Report

Understand the System Audit Report