Article version: Enterprise Server 2.14

This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2019-07-12. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Searching the audit log

Site administrators can search an extensive list of audited actions on your GitHub Enterprise Server instance.

In this article

Search query syntax

Compose a search query from one or more key:value pairs separated by AND/OR logical operators.

Key Value
actor_id ID of the user account that initiated the action
actor Name of the user account that initiated the action
oauth_app_id ID of the OAuth application associated with the action
action Name of the audited action
user_id ID of the user affected by the action
user Name of the user affected by the action
repo_id ID of the repository affected by the action (if applicable)
repo Name of the repository affected by the action (if applicable)
actor_ip IP address from which the action was initiated
created_at Time at which the action occurred
from View from which the action was initiated
note Miscellaneous event-specific information (in either plain text or JSON format)
org Name of the organization affected by the action (if applicable)
org_id ID of the organization affected by the action (if applicable)

For example, to see all actions that have affected the repository octocat/Spoon-Knife since the beginning of 2017:

repo:"octocat/Spoon-Knife" AND created_at:[2017-01-01 TO *]

For a full list of actions, see "Audited actions."

Searching the audit log

  1. In the upper-right corner of any page, click .

    Rocketship icon for accessing site admin settings

  2. In the left sidebar, click Audit log.

    Audit log tab

  3. Type a search query.

    Search query

Ask a human

Can't find what you're looking for?

Contact us