Audit logs

Examine user actions by logging them into an HTTP log drain.

Enable audit logs

Use Better Stack to store and examine your audit logs.

1. Start by creating a Logs source

2. Set up audit logs

  • Navigate to Better Stack → Organization → Features.
  • Enable Audit logs toggle.
  • Fill in the URL:
  • Header name: Authorization.
  • Header value: Bearer $SOURCE_TOKEN. Use the Source token you've copied earlier instead of $SOURCE_TOKEN.

3. Check your audit logs

You should see your audit logs in Logs → Live tail.

Want to send your audit logs somewhere else?

Use any URL, and we’ll send your audit logs there. We’ll use a POST request with audit logs in JSON format.

Audit logs format

Example of an audit log of a user deleting a monitor:

Example audit log for deleting a monitor
    "email": "",
    "event": "DELETE request",
    "ip": "",
    "message": "Simon Let <> (user ID 123, team ID 456, organization ID 789) sent a GET request from to",
    "name": "Simon Let",
    "organization_id": 789,
    "team_id": 456,
    "url": "",
    "user_id": 123

Need help?

Please let us know at
We're happy to help! 🙏