Audit events

The Audit events feature in 8x8 Admin Console allows administrators to review configuration changes made to their 8x8 services over a period of up to 90 days, in 30-day increments. Use this feature to see who made a change, when the change was made, what type of change was made, and the details of the change. Currently, you can select to view the changes made to:

  • Users
  • Auto attendants
  • Call forwarding
  • Call queues
  • Phone numbers
  • Extensions
  • Ring groups

Note: You must have administrator privileges to access and view audit results.

As an administrator, you can:

  1. Log in to your 8x8 Admin Console account.
  2. From the menu , go to Audit events.
  3. From the left side of the window, apply the necessary filters, such as the date range, who made the change, the impacted entity, etc, to obtain the desired results.

    The page refreshes automatically to display the results.

If the search doesn’t yield any results, a message displays informing you that none of the audit events matched the query.

Use the filtering capabilities available in the Audit events viewer to limit the audit event results to specific data. The following filters sections are available in Audit events:

  • When—Use to specify a date range for the audit events you are interested in. You can select to view events from today, the last 24 hours, the last 7 days, and the last 30 days. You can also search for a custom date range, to a maximum of 90 days.

    • Note: Each query is limited to a maximum window size of 30 days. If you wish to return 90 days of data, you will need to query three times (each query set for 30 days).

  • Who—Use to limit the results to the user who initiated the change. Select the desired user from the drop-down list.
  • Operation—Use to filter the results based on the operation that caused the change. You can select to filter for entities that were created, deleted, or edited.
  • Impacted entity—Use to filter the results based on the entity that was changed. For example, if you are only looking for changes to Auto Attendants, select it from the list and the search will return only the changes done to auto attendants. You can filter for the following impacted entities:
    • All
    • Auto attendant basic information
    • Call forwarding rule
    • Call queue
    • Phone number
    • Extension
    • Ring group
    • User basic information

You can also use the search field located at the top right corner of the page to search for a specific entity name that was changed. For example, you can search for a user’s name to find only the change events that impacted that user.

After applying your filters or after searching for a specific entity, the results display on the page. The number of events that match your search is listed at the top left corner of the results list.

The results list includes information such as when the change occurred, who created the change, and a quick summary of the change details.

Note: The Audit Event list no longer displays the untranslated audit events.

To see the full details of an event:

  1. In 8x8 Admin Console, go to menu > Audit events.
  2. Use the filters to find the event you are interested in.
  3. Click the event or click the view icon in the event's row.
  4. In the side panel that displays, you can view more detailed information about that particular event.
    • For newly-added entities or attributes, you will see only the details of the new content.
    • For changed attributes, you will see the original values highlighted in red, and the new values highlighted in green.
  1. To close the side panel, click from the top left corner.

Objects reported as changed in Audit events, such as user basic information, call forwarding rule, and extension, can be edited. If you need to edit a changed object listed in your audit events search results, select the object from the list or click the view icon to view the details. In the side panel that displays, click the edit icon located at the top right corner. You are redirected to edit the info in the 8x8 Admin Console.

Customer admins with appropriate permissions can generate a CSV report of Audit Events. Export capability to the audit log enables customer admins to self-manage their audit data according to their data governance and retention requirements and to process 8x8 audit events in external audit tools.

The report includes all the columns viewable to the user, as you selected, without making any additional column selections.

This capability is helpful for long-term storage and offline analysis.

To generate an audit events report:

  1. Go to Home > Audit events.

  2. On the Audit events page, in the upper-right corner, click Generate report. A CSV format report is generated.

  3. Click Download and and save the .CSV report locally.

Notes:
- The report contains a maximum of 50.000 rows.
- The output contains identifiers and details in JSON format.

Audit Events report column description:

Many columns provided in the Audit events CSV report contain internal identifiers (alphanumeric) to ensure consistency and strict accuracy of the audit data. In many cases, the human-readable version is available in the details column.

Note: Future releases of the Audit Report will also contain the human-readable form, where applicable, for those fields where it is not currently available.

The following table lists the fields displayed when creating the audit events viewer report. Download the .CSV report and save it locally for further use:

Column

Description
displayName The human-readable form of the entityKey (where applicable).
For example, if the entityType is user, this will contain the user’s first and last name
auditTimestamp The date/time (in UTC) when the event was registered.
eventType Specifies how the event changed/accessed the entity: create, update, delete, read, export.
service Specifies which 8x8 service was involved in the event. At the time of writing, only platform is available; platform refers to changes made in the 8x8 Admin Console.
entityKey The identifier of the entity that was changed/accessed in this audit event.
entityType Specifies the type of entity that was changed/accessed in this audit event.
For example, user, extension, and call forwarding.
auditUserId The identifier of the user who made the change (or accessed the record).
impersonator In rare cases where 8x8 agents make changes on behalf of customers (for example, as a result of a support request), the impersonator column will contain the identifier of the user who made the change.
details

Contains detailed information on which attributes of the changed entity were updated. This field is in JSON representation:

- The “new” object contains all of the newly-added attributes and the new value of changed attributes.

- The “old” object contains all of the deleted attributes and the old value of changed attributes.

correlationType When several changes are made to various entities as part of one change set, the correlationType displays the parent entity type.
For example, if an extension was assigned to a user during a user creation flow, the entityType would be “extension”, and the correlationType would be “user”.
correlationID The identifier of the parent entity of this change.