View user audit logs
Learn how to view and query user audit logs.
Audit logs require administrator permissions.
Retool automatically logs user actions, such as query runs and password resets. The logs include the user's name, the action taken, and when the action took place.
You can access audit logs from either:
- The User menu on the top-right when browsing your organization.
- The Retool menu on the top-left of the App IDE.
Logged events
By default, Retool captures the following events in the audit log:
| Action | Identifier in logs |
|---|---|
| Query runs | QUERY_RUN |
| Query previews | QUERY_PREVIEW |
| Page views | PAGE_VIEW |
| User logs in | LOGIN |
| User logs out | LOGOUT |
| User signs up | SIGN_UP |
| User redeems an invite | REDEEM_INVITE |
| User invites another user | INVITE_USER |
| User re-sends invite | RE_INVITE_USER |
| User runs a query in the Query Library | PLAYGROUND_QUERY_RUN |
| User disables two-factor authentication | DISABLE_TWO_FACTOR_AUTH |
| User requests a password reset link | REQUEST_PASSWORD_RESET_LINK |
| User requests passwordless login | REQUEST_PASSWORDLESS_LOGIN |
| User confirms a password reset request | CONFIRM_PASSWORD_RESET_LINK |
| User creates a group | CREATE_GROUP |
| User updates a group | UPDATE_GROUP |
| User deletes a group | DELETE_GROUP |
| User adds other users to a group | ADD_USERS_TO_GROUP |
| User removes other users from a group | REMOVE_USERS_FROM_GROUP |
| User disables another user | DISABLE_USER |
| User enables another user | ENABLE_USER |
| User updates an organization | UPDATE_ORGANIZATION |
| User creates a resource | CREATE_RESOURCE |
| User updates a resource | UPDATE_RESOURCE |
| User deletes a resource | DELETE_RESOURCE |
| User exports a page | PAGE_EXPORT |
| User creates a workflow | CREATE_WORKFLOW |
| User deletes a workflow | DELETE_WORKFLOW |
| User releases a workflow | RELEASE_WORKFLOW |
| User enables a workflow | ENABLE_WORKFLOW |
| User disables a workflow | DISABLE_WORKFLOW |
| User views a workflow | VIEW_WORKFLOW |
| User runs a workflow manually | RUN_WORKFLOW |
| User runs a workflow block manually | RUN_WORKFLOW_BLOCK |
To access the audit log, visit /audit. You can see a list of all the events, the user who performed them, and the time. You can also explore more detailed information, including the exact query, the parameters passed, the user's IP address, or response time.
Audit logs for Retool Cloud organizations are retained for one year. Self-hosted deployments manage their own audit log retention.
Hide query data from logs
You can hide parameters from logs on a per-query basis. See documentation on queries for more details.
To prevent all headers in queries from getting added to audit logs, enable the HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS environment variable. This is only available on self-hosted deployments.
Access audit logs in SQL or stdout
Access to the audit logs SQL table and stdout are only available on self-hosted deployments. If you're interested in a self-hosted deployment, reach out for a demo.
Self-hosted Retool deployments can use SQL to query the audit logs database table or output audit log events to stdout.
Query audit logs in SQL
Retool logs events to the audit_trail_events table in the Retool Postgres database. This table's schema contains the following columns.
| Column | Description |
|---|---|
actionType | The type of action taken. See Logged events for possible values. |
userId | The ID of the user taking the action. |
ipAddress | The IP address of the user taking the action. |
responseTimeMs | The response time of the action, in milliseconds. |
pageName | The name of the app, module, workflow, or page on which the action was taken. |
queryName | For query actions, the name of the query. |
resourceName | For actions on resources, the name of the resource. |
metadata | Additional data about the action. |
You can join the audit_trail_events table with the users table to learn more details about the users who performed actions. For example, the following query returns records of groups created and the user who created each group.
select
u.email, u."userName", a."actionType", a.metadata
from
audit_trail_events a
join users u on a."userId" = u.id
where a."actionType" = 'CREATE_GROUP';
Output audit logs to stdout
Set the environment variable LOG_AUDIT_EVENTS=true to output all audit log events to stdout. This is useful if you use external services to monitor stdout, such as Datadog.