> ## Documentation Index
> Fetch the complete documentation index at: https://arize-ax.mintlify.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Arize Audit Log

## Overview

Audit Logs provide a comprehensive record of user activities within your Arize AX account. They are valuable for:

* Security monitoring and compliance
* Tracking login attempts
* Monitoring data access
* Ensuring adherence to internal policies
* Investigating suspicious activities

## Types of Audit Logs

Arize AX provides three types of audit logs, each capturing different aspects of user interaction with the platform:

### 1. Unauthenticated Audit Logs

These logs capture user login attempts, whether successful or unsuccessful. They include:

* Email address
* IP address
* Success/failure status
* Timestamp of the login attempt

**Example Query**

```graphql theme={null}
query GetUnauthenticatedAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    unauthenticatedAuditLogs(
      first: $num,
      startTime: $startTime,
      endTime: $endTime,
      after: $cursor
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          ip
          success
          mutationName
          loggedAt
        }
      }
    }
  }
}
```

### 2. Authenticated Audit Logs

These logs record mutations (operations) performed by users after they have successfully logged in. They include:

* Email address of the user
* Operation name
* Operation text (the GraphQL query)
* Variables passed to the operation
* Timestamp of the operation

> **Note:** The `operationName` field is client-supplied. When using the Arize AX UI, these will be consistent, but be aware that this field can be manipulated by clients and should not be solely relied upon for security-critical decisions.

**Example Query**

```graphql theme={null}
query GetAuthenticatedAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    authenticatedAuditLogs(
      first: $num,
      startTime: $startTime,
      endTime: $endTime,
      after: $cursor
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          operationName
          operationText
          variables
          loggedAt
        }
      }
    }
  }
}
```

### 3. Exporter Audit Logs

These logs track when data is exported from your Arize AX account, helping you monitor who is downloading data and from which models. They include:

* Email address of the user
* Model name from which data was exported
* Timestamp of the export

> **Note:** Exporter logs are only created when data is actually returned. Export requests that return zero rows will not be logged. Additionally, export requests for demo models are not logged.

**Example Query**

```graphql theme={null}
query GetExporterAuditLogs(
  $num: Int!,
  $startTime: DateTime,
  $endTime: DateTime,
  $cursor: String
) {
  account {
    exporterAuditLogs(
      first: $num,
      after: $cursor,
      startTime: $startTime,
      endTime: $endTime
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      edges {
        node {
          id
          user {
            email
          }
          model {
            name
          }
          loggedAt
        }
      }
    }
  }
}
```

### Query Parameters

All audit log queries accept the following parameters:

* `num` (required): Number of records to retrieve per page
* `startTime` (optional): Start of the time range to query (ISO format). If not provided, defaults to last 30 days.
* `endTime` (optional): End of the time range to query (ISO format). If not provided, defaults to now.
* `cursor` (optional): Pagination cursor for retrieving additional pages of results

### Pagination

Pagination is encouraged when working with large volumes of audit logs. Each query response includes a `pageInfo` object with:

* `hasNextPage`: Boolean indicating if more records are available
* `endCursor`: Cursor to use for fetching the next page of results

Here's an example implementation of pagination for retrieving authenticated audit logs:

```python theme={null}
# Initialize variables
authenticated_logs = []
params = {
    "num": 100,
    "startTime": "2025-01-01T00:00:00Z"
}

# Loop through all pages
while True:
    paged_response = client.execute(authenticated_audit_logs_query, params)
    # Append the logs to your list
    authenticated_logs.extend(paged_response["account"]["authenticatedAuditLogs"]["edges"])
    # If there is another page of information, point the cursor to the next page and fetch more
    end_cursor = paged_response["account"]["authenticatedAuditLogs"]["pageInfo"]["endCursor"]
    print("pageInfo end_cursor %s" % (end_cursor))
    if end_cursor:
        print("There is another page of logs. Loading more.")
        params["cursor"] = end_cursor
    else:
        # No more logs to pull. The list is complete!
        break
```