Audit events

The Audit events feature in 8x8 Admin Console allows administrators to review configuration changes made to their 8x8 services over a period of up to 90 days, in 30-day increments. Use this feature to see who made a change, when the change was made, what type of change was made, and the details of the change. Currently, you can select to view the changes made to:

  • Users
  • Auto attendants
  • Call forwarding
  • Call queues
  • Phone numbers
  • Extensions
  • Ring groups

Note: You must have administrator privileges to access and view audit results.

As an administrator, you can:

  1. Log in to your 8x8 Admin Console account.
  2. From the menu , go to Audit events.

  3. Use the filters on the left-side of the page to refine the results, such as:

    • Date range
    • User who made the change
    • Impacted entity

    The page refreshes automatically to display the matching results.

    If no results match your search criteria, a message appears indicating that no audit events were found.

Use the filtering options in the Audit events viewer to narrow the audit event results to specific events.

The following filters sections are available in Audit events:

  • When— Select a date range for viewing the audit events. Available options include:
    • Today
    • Last 24 hours
    • Last 7 days
    • Last 30 days
    • Custom data range (up to 90 days)
  • You can select to view events from today, the last 24 hours, the last 7 days, and the last 30 days. You can also search for a custom date range, to a maximum of 90 days.

    • Note: Each query supports a maximum range of 30 days. To retrieve 90 days of data, run three separate queries.

  • Who—Filter events by the type of action performed, such as:
    • Created
    • Deleted
    • Edited
  • Impacted entity—Filter the results by the entity affected the change. Examples include:
    • All
    • Auto attendant basic information
    • Call forwarding rule
    • Call queue
    • Phone number
    • Extension
    • Ring group
    • User basic information

You can also use the Search field at the top right of the page to find changes related to a specific entity, such as a user's name

After applying your filters or after searching for a specific entity, the matching audit events appear in the results list. The number of events that match your search is listed at the top left corner of the results list.

Each event displays a summary including when the change occurred, who made the change, and the action performed.

To see the full details of an event:

  1. In 8x8 Admin Console, go to menu > Audit events.

  2. Use the filters or search field to locate the event.

  3. Click the event row or the View icon in the event's row.

    A side panel opens displaying detailed information about the particlar event, such as:

    • The affected user's User ID
    • The affected user's first and last name
    • The event name
  4. In the side panel that displays, you can view more detailed information about that particular event.
    • For newly-added entities or attributes, you will see only the details of the new content.
    • For changed attributes, you will see the original values highlighted in red, and the new values highlighted in green.
  1. Click to close the side panel.

Audit events page showing a list of audit logs. A selected entry “Edited – Alex Doe (User extension)” is highlighted, and the right-side panel displays detailed user attribute information including extension number, license ID, PBX, and primary telephone number

Audit event change indicators

In the event details panel:

  • Newly added attributes display the new value only.
  • Modified attributes display the original value in red and the new value in green.

Some attributes reported as changed in Audit events, such as user basic information, call forwarding rule orextension, can be edited directly from the audit event details panel.

To edit an attribute from an audit event:

  1. Locate the event in the Audit events results list.
  2. Click the event row or the View icon to open the details panel.
  3. In the side panel, click Edit.

You are redirected to edit the relevant configuration page in the 8x8 Admin Console, where you can update the selected attribute.

8x8 Admin Console Audit events page showing an event where a secondary admin edited user attributes for Alex Doe. The details panel on the right displays extension and profile information such as extension number, license ID, PBX, and primary telephone number. Click Edit to edit user’s details

Customer admins with appropriate permissions can generate a CSV report of Audit Events. Export capability to the audit log enables customer admins to self-manage their audit data according to their data governance and retention requirements and to process 8x8 audit events in external audit tools.

The report includes all the columns viewable to the user, as you selected, without making any additional column selections.

This capability is helpful for long-term storage and offline analysis.

To generate an Audit events report:

  1. Go to Home > Audit events.

  2. Apply the desired filters on the Audit Events page.

  3. Click Generate report in the upper-right corner of the events table. A CSV format report is generated.

  4. Click Download and save the CSV report locally.

Notes:
- The report contains a maximum of 50.000 rows.
- The output contains identifiers and details in JSON format.

Audit Events report column description

Many columns provided in the Audit events CSV report contain internal identifiers (alphanumeric) to ensure consistency and strict accuracy of the audit data. In many cases, the human-readable version is available in the details column.

Note: Future releases of the Audit Report will also contain the human-readable form, where applicable, for those fields where it is not currently available.

The following table lists the fields displayed when creating the audit events viewer report. Download the .CSV report and save it locally for further use:

Column

Description
displayName The human-readable form of the entityKey (where applicable).
For example, if the entityType is user, this will contain the user’s first and last name
auditTimestamp The date/time (in UTC) when the event was registered.
eventType Specifies how the event changed/accessed the entity: create, update, delete, read, export.
service Specifies which 8x8 service was involved in the event. At the time of writing, only platform is available; platform refers to changes made in the 8x8 Admin Console.
entityKey The identifier of the entity that was changed/accessed in this audit event.
entityType Specifies the type of entity that was changed/accessed in this audit event.
For example, user, extension, and call forwarding.
auditUserId The identifier of the user who made the change (or accessed the record).
impersonator In rare cases where 8x8 agents make changes on behalf of customers (for example, as a result of a support request), the impersonator column will contain the identifier of the user who made the change.
details

Contains detailed information on which attributes of the changed entity were updated. This field is in JSON representation:

- The “new” object contains all of the newly-added attributes and the new value of changed attributes.

- The “old” object contains all of the deleted attributes and the old value of changed attributes.

correlationType When several changes are made to various entities as part of one change set, the correlationType displays the parent entity type.
For example, if an extension was assigned to a user during a user creation flow, the entityType would be “extension”, and the correlationType would be “user”.
correlationID The identifier of the parent entity of this change.