GitHub AE is currently under limited release. Please contact our Sales Team to find out more.

Searching the audit log

Site administrators can search an extensive list of audited actions on the enterprise.

In this article

Search query syntax

Compose a search query from one or more key:value pairs separated by AND/OR logical operators.

KeyValue
actor_idID of the user account that initiated the action
actorName of the user account that initiated the action
oauth_app_idID of the OAuth application associated with the action
actionName of the audited action
user_idID of the user affected by the action
userName of the user affected by the action
repo_idID of the repository affected by the action (if applicable)
repoName of the repository affected by the action (if applicable)
actor_ipIP address from which the action was initiated
created_atTime at which the action occurred
fromView from which the action was initiated
noteMiscellaneous event-specific information (in either plain text or JSON format)
orgName of the organization affected by the action (if applicable)
org_idID of the organization affected by the action (if applicable)

For example, to see all actions that have affected the repository octocat/Spoon-Knife since the beginning of 2017:

repo:"octocat/Spoon-Knife" AND created_at:[2017-01-01 TO *]

For a full list of actions, see "Audited actions."

Searching the audit log

  1. In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.

    "Enterprise settings" in drop-down menu for profile photo on GitHub AE

  2. In the enterprise account sidebar, click Settings.

    Settings tab in the enterprise account sidebar

  3. Under " Settings", click Audit log.

    Audit log tab in the enterprise account sidebar

  4. Type a search query.

    Search query

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.