This version of GitHub Enterprise was discontinued on 2021-06-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Searching the audit log

Site administrators can search an extensive list of audited actions on the enterprise.

Search query syntax

Compose a search query from one or more key:value pairs separated by AND/OR logical operators.

KeyValue
actor_idID of the user account that initiated the action
actorName of the user account that initiated the action
oauth_app_idID of the OAuth application associated with the action
actionName of the audited action
user_idID of the user affected by the action
userName of the user affected by the action
repo_idID of the repository affected by the action (if applicable)
repoName of the repository affected by the action (if applicable)
actor_ipIP address from which the action was initiated
created_atTime at which the action occurred
fromView from which the action was initiated
noteMiscellaneous event-specific information (in either plain text or JSON format)
orgName of the organization affected by the action (if applicable)
org_idID of the organization affected by the action (if applicable)

For example, to see all actions that have affected the repository octocat/Spoon-Knife since the beginning of 2017:

repo:"octocat/Spoon-Knife" AND created_at:[2017-01-01 TO *]

For a full list of actions, see "Audited actions."

Searching the audit log

  1. Navigate to your enterprise account by visiting https://HOSTNAME/enterprises/ENTERPRISE-NAME, replacing HOSTNAME with your instance's hostname and ENTERPRISE-NAME with your enterprise account's name.

  2. In the enterprise account sidebar, click Settings. Settings tab in the enterprise account sidebar

  3. Under " Settings", click Audit log. Audit log tab in the enterprise account sidebar

  4. Type a search query. Search query