Obvious/Help Center

Audit Log

Published February 27, 2026 · Last updated March 5, 2026 · 3 min read

This guide walks you through viewing, filtering, and exporting a record of every action taken in your workspace. By the end, you'll know exactly where to find who did what — and when.

What gets logged

Obvious records actions across your workspace automatically. Every event captures who performed it, what happened, and the outcome. Here's what the audit log tracks:

Categories

  • Auth — Sign-ins, sign-outs, and authentication events.
  • Resource — Creating, updating, or deleting projects, documents, sheets, threads, files, and templates.
  • Permission — Changes to who can access what — sharing a project, updating roles, removing access.
  • Access — When someone views or opens a resource.
  • System — Workspace-level events like settings changes.

What each event shows

Every entry in the log includes:

  • Timestamp — When it happened.
  • Actor — Who did it (a person, an agent, or an API key).
  • Event type — The specific action (e.g., auth.login, resource.create).
  • Category — Which category the event falls under.
  • Resource — What was affected (a project, sheet, document, thread, etc.) and its ID.
  • Action — A description of what happened.
  • Outcome — Whether it succeeded, failed, or was denied.
  • IP address — Where the request came from.

Open the audit log

Note: Only workspace Owners and Admins can access the audit log.

  1. Click Settings in the sidebar.

  2. Under the workspace section, click Audit Log. The log opens with your most recent events listed first.

The page shows a count of total events and how many are currently displayed. Click Load More at the bottom of the table to see older entries.

Filter events

The audit log can get busy. Filters help you find what you're looking for.

  1. At the top of the audit log page, you'll see a filter panel with six options:

    • Start Date and End Date — Narrow results to a specific time range.
    • Category — Filter by Auth, Resource, Permission, Access, or System.
    • Event Type — Search for a specific event type (e.g., auth.login).
    • Actor ID — Filter to a specific person or agent.
    • Outcome — Show only events that succeeded, failed, or were denied.

  2. Set the filters you want, then click Apply Filters. The table updates immediately.

  3. To start over, click Reset. All filters clear and the full log reappears.

Tip: Combine filters to answer specific questions fast. Looking for failed login attempts last week? Set the date range, choose Auth as the category, and select Failure as the outcome.

Export the log

Need to share the audit log with your security team or save a copy for compliance?

  1. Set any filters you want applied to the export. The export respects your current filters — so if you've filtered to a specific date range or category, only those events get exported.

  2. Click Export CSV in the top-right corner of the audit log page.

  3. A CSV file downloads to your computer with a filename that includes your workspace ID and the current date.

Ask the agent

You can also ask the Obvious agent to query the audit log for you. Try a prompt like:

Show me all failed login attempts in the last 7 days

Who made changes to the Marketing project last week?

Export the audit log for January 2026

The agent can filter, summarize, and surface patterns — useful when you're investigating something specific and don't want to click through filters manually.

Next steps

Was this helpful?