Skip to main content

View user audit logs

Learn how to view and query user audit logs.

Available on:Business planEnterprise plan
warning

Audit logs require administrator permissions.

Retool automatically logs user actions, such as query runs and password resets. The logs include the user's name, the action taken, and when the action took place.

You can access audit logs from either:

  • The User menu on the top-right when browsing your organization.
  • The Retool menu on the top-left of the App IDE.

Viewing audit logs

Logged events

By default, Retool captures the following events in the audit log:

ActionIdentifier in logs
Query runsQUERY_RUN
Query previewsQUERY_PREVIEW
Page viewsPAGE_VIEW
User logs inLOGIN
User logs outLOGOUT
User signs upSIGN_UP
User redeems an inviteREDEEM_INVITE
User invites another userINVITE_USER
User re-sends inviteRE_INVITE_USER
User runs a query in the Query LibraryPLAYGROUND_QUERY_RUN
User disables two-factor authenticationDISABLE_TWO_FACTOR_AUTH
User requests a password reset linkREQUEST_PASSWORD_RESET_LINK
User requests passwordless loginREQUEST_PASSWORDLESS_LOGIN
User confirms a password reset requestCONFIRM_PASSWORD_RESET_LINK
User creates a groupCREATE_GROUP
User updates a groupUPDATE_GROUP
User deletes a groupDELETE_GROUP
User adds other users to a groupADD_USERS_TO_GROUP
User removes other users from a groupREMOVE_USERS_FROM_GROUP
User disables another userDISABLE_USER
User enables another userENABLE_USER
User updates an organizationUPDATE_ORGANIZATION
User creates a resourceCREATE_RESOURCE
User updates a resourceUPDATE_RESOURCE
User deletes a resourceDELETE_RESOURCE
User exports a pagePAGE_EXPORT
User creates a workflowCREATE_WORKFLOW
User deletes a workflowDELETE_WORKFLOW
User releases a workflowRELEASE_WORKFLOW
User enables a workflowENABLE_WORKFLOW
User disables a workflowDISABLE_WORKFLOW
User views a workflowVIEW_WORKFLOW
User runs a workflow manuallyRUN_WORKFLOW
User runs a workflow block manuallyRUN_WORKFLOW_BLOCK

To access the audit log, visit /audit. You can see a list of all the events, the user who performed them, and the time. You can also explore more detailed information, including the exact query, the parameters passed, the user's IP address, or response time.

Audit logs for Retool Cloud organizations are retained for one year. Self-hosted deployments manage their own audit log retention.

Hide query data from logs

You can hide parameters from logs on a per-query basis. See documentation on queries for more details.

To prevent all headers in queries from getting added to audit logs, enable the HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS environment variable. This is only available on self-hosted deployments.

Access audit logs in SQL or stdout

note

Access to the audit logs SQL table and stdout are only available on self-hosted deployments. If you're interested in a self-hosted deployment, reach out for a demo.

Self-hosted Retool deployments can use SQL to query the audit logs database table or output audit log events to stdout.

Query audit logs in SQL

Retool logs events to the audit_trail_events table in the postgres database of the deployment instance. You can create a PostgreSQL resource if you want to build apps and workflows to query audit log data.

The audit_trail_events table contains the following columns.

ColumnDescription
actionTypeThe type of action taken. See Logged events for possible values.
userIdThe ID of the user taking the action.
ipAddressThe IP address of the user taking the action.
responseTimeMsThe response time of the action, in milliseconds.
pageNameThe name of the app, module, workflow, or page on which the action was taken.
queryNameFor query actions, the name of the query.
resourceNameFor actions on resources, the name of the resource.
metadataAdditional data about the action.

You can join the audit_trail_events table with the users table to learn more details about the users who performed actions. For example, the following query returns records of groups created and the user who created each group.

select
u.email, u."userName", a."actionType", a.metadata
from
audit_trail_events a
join users u on a."userId" = u.id
where a."actionType" = 'CREATE_GROUP';

Output audit logs to stdout

Set the environment variable LOG_AUDIT_EVENTS=true to output all audit log events to stdout. This is useful if you use external services to monitor stdout, such as Datadog.

Send audit log events to Datadog

warning

This feature is only available to Enterprise organizations on Retool Cloud. It will be available to self-hosted Enterprise organizations running version 3.38 and later.

You can configure Retool to send audit log events to Datadog. Enter your Datadog API key on Settings > Advanced under Audit Log. Logs will be sent to Datadog with service:retool-audit-log attribute.