Audit Log Page

The Audit Log page lists platform audit events for your Riverbed IQ Ops tenant. Each row records who performed an operation, which service handled it, what kind of operation it was, which EntityClosed Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations. was affected, and when the event occurred. Use the Audit Log to review activity for security, compliance, or troubleshooting.

Note: You need the Audit Reader role to open the Audit Log page. Administrators assign roles on the User Management page. For the role definition, see Riverbed Console Built-in Roles.

Open the audit log page

  1. Navigate to the Audit Log page:

    1. Click the Launchpad button ⁝⁝⁝.

    2. Click IQ Ops > Management.

    3. In the Management page, click the Hamburger Icon, then click Audit log.

Overview

Audit log search uses the same faceted search layout as Incident Search: a search bar for free text, a filter bar (selected filters and time range), and a Filters panel on the left for facets. The result count updates as you change the search text or filters.

Search bar

Use the search bar to narrow results by text. Type in the box and run the search (for example, click Search or press Enter). The search applies across the audit entries that match your current filters and time range.

Filter bar

The filter bar shows the filters you applied and lets you set the time range for audit events.

  • Time range: Restrict results to a time period (for example, last hour, last day, or last month). The audit log uses the event timestamp for this range.

Note: By default, the Audit Log page loads with a default time range.

  • Selected filters: Facets you choose in the Filters panel appear here as tags. Remove a tag to clear that filter.

  • Clear All: Removes selected filters and the time range.

Filters panel

The Filters panel lists facet categories and values, with counts for the current result set. Select one or more values to refine the results. Typical categories include:

  • Operation: The operation that was performed (for example, create, read, update, or delete).

  • Service name: The name of the service that recorded the event.

  • User identity: The user account (for example, user name or email) associated with the event.

  • Entity name: The name of the entity that was affected.

After you adjust facets, apply the search so the list refreshes (for example, click Apply Filters if that control is shown, or run the search again as prompted by the page).

Results table

The table shows one row per audit event. Sortable columns include Entity name, Service name, Operation, and Timestamp. User identity is shown for context and is not sortable.

Row details

Click a row to open a details panel with more information about that audit event when the service provides additional content.