LogoLogo
Python SDKSlack
  • Documentation
  • Cookbooks
  • Self-Hosting
  • Release Notes
  • Reference
  • API Reference
    • Overview
    • Python SDK
    • OpenTelemetry SDK
    • OpenInference SDK
    • Phoenix OSS
    • GraphQL API
      • Getting Started with GraphQL
      • How To Use GraphQL
        • Forming Calls
        • Using global node IDs
        • Querying Nested Data
        • Notebook Examples
        • Mutations
      • Admin API
      • Annotations API
      • Custom Metrics API
      • Dashboards API
      • File Importer API
      • Online Tasks API
      • Metrics API
      • Models API
      • Monitors API
      • Table Importer API
      • Resource Limitations
  • Export Data API
  • Prompt Hub API
  • Authentication & security
    • Arize Private Connect
    • API Keys
    • SSO & RBAC
      • Setting Up SSO with Okta
    • Compliance
      • Arize Audit Log
    • Whitelisting
Powered by GitBook

Support

  • Chat Us On Slack
  • support@arize.com

Get Started

  • Signup For Free
  • Book A Demo

Copyright © 2025 Arize AI, Inc

On this page
  • Overview
  • Types of Audit Logs
  • 1. Unauthenticated Audit Logs
  • 2. Authenticated Audit Logs
  • 3. Exporter Audit Logs
  • Query Parameters
  • Pagination

Was this helpful?

  1. Authentication & security
  2. Compliance

Arize Audit Log

Last updated 18 days ago

Was this helpful?

Overview

Audit Logs provide a comprehensive record of user activities within your Arize account. They are valuable for:

  • Security monitoring and compliance

  • Tracking login attempts

  • Monitoring data access

  • Ensuring adherence to internal policies

  • Investigating suspicious activities

Types of Audit Logs

Arize provides three types of audit logs, each capturing different aspects of user interaction with the platform:

1. Unauthenticated Audit Logs

These logs capture user login attempts, whether successful or unsuccessful. They include:

  • Email address

  • IP address

  • Success/failure status

  • Timestamp of the login attempt

Example Query

query GetUnauthenticatedAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    unauthenticatedAuditLogs(
      first: $num,
      startTime: $startTime,
      endTime: $endTime,
      after: $cursor
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          ip
          success
          mutationName
          loggedAt
        }
      }
    }
  }
}

2. Authenticated Audit Logs

These logs record mutations (operations) performed by users after they have successfully logged in. They include:

  • Email address of the user

  • Operation name

  • Operation text (the GraphQL query)

  • Variables passed to the operation

  • Timestamp of the operation

Note: The operationName field is client-supplied. When using the Arize UI, these will be consistent, but be aware that this field can be manipulated by clients and should not be solely relied upon for security-critical decisions.

Example Query

query GetAuthenticatedAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    authenticatedAuditLogs(
      first: $num,
      startTime: $startTime,
      endTime: $endTime,
      after: $cursor
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          operationName
          operationText
          variables
          loggedAt
        }
      }
    }
  }
}

3. Exporter Audit Logs

These logs track when data is exported from your Arize account, helping you monitor who is downloading data and from which models. They include:

  • Email address of the user

  • Model name from which data was exported

  • Timestamp of the export

Note: Exporter logs are only created when data is actually returned. Export requests that return zero rows will not be logged. Additionally, export requests for demo models are not logged.

Example Query

query GetExporterAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    exporterAuditLogs(
      first: $num,
      after: $cursor,
      startTime: $startTime,
      endTime: $endTime
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          model {
            name
          }
          loggedAt
        }
      }
    }
  }
}

Query Parameters

All audit log queries accept the following parameters:

  • num (required): Number of records to retrieve per page

  • startTime (optional): Start of the time range to query (ISO format). If not provided, defaults to last 30 days.

  • endTime (optional): End of the time range to query (ISO format). If not provided, defaults to now.

  • cursor (optional): Pagination cursor for retrieving additional pages of results

Pagination

Pagination is encouraged when working with large volumes of audit logs. Each query response includes a pageInfo object with:

  • hasNextPage: Boolean indicating if more records are available

  • endCursor: Cursor to use for fetching the next page of results

Here's an example implementation of pagination for retrieving authenticated audit logs:

# Initialize variables
authenticated_logs = []
params = {
    "num": 100,
    "startTime": "2025-01-01T00:00:00Z"
}

# Loop through all pages
while True:
    paged_response = client.execute(authenticated_audit_logs_query, params)
    # Append the logs to your list
    authenticated_logs.extend(paged_response["account"]["authenticatedAuditLogs"]["edges"])
    # If there is another page of information, point the cursor to the next page and fetch more
    end_cursor = paged_response["account"]["authenticatedAuditLogs"]["pageInfo"]["endCursor"]
    print("pageInfo end_cursor %s" % (end_cursor))
    if end_cursor:
        print("There is another page of logs. Loading more.")
        params["cursor"] = end_cursor
    else:
        # No more logs to pull. The list is complete!
        break

arize_audit_log_tutorial.ipynbGoogle Docs
Logo