Audit log export

The audit log records every meaningful action on your workspace: invites, role changes, channel connects, knowledge edits, exports, deletions, and more. The export ships you the full history as CSV so you can hand it to compliance, archive it monthly, or load it into your SIEM.

​

What’s recorded

The audit log captures, at minimum:

• Members & roles — invites, accepted invites, role changes, removals.
• Channels — connect/disconnect, key rotations.
• Knowledge — sources added/deleted, full re-syncs, Q&A pair edits.
• Flows — publish, unpublish, version changes.
• Settings — auto-recharge toggle, daily digest toggle, auto-send toggle.
• Privacy — data exports, contact deletions, retention policy changes.
• Webhooks — endpoint create/delete.

Each entry stores: timestamp, actor (user or system for automated actions), action key, target type & id, IP address, and a JSON changes blob with the before/after values.

​

Export the log

1. Go to Settings → Security → Audit log.
2. Click Export CSV.
3. The download starts immediately — keloa-audit-log-YYYY-MM-DD.csv.

The export streams row-by-row server-side, so it works on workspaces with hundreds of thousands of entries without timing out.

​

CSV columns

The export is ordered newest-first.

​

Permissions

• The Export CSV button is visible to anyone who can read the audit log.
• Triggering an export requires billing manager (currently equivalent to admin).

​

Common uses

• Monthly compliance archive — schedule a calendar reminder, export, drop in your secure store.
• Security review — when investigating a suspicious change, filter the CSV by actor or target id.
• SIEM ingestion — load the CSV into Splunk, Datadog, or Elastic for cross-system correlation.

​

Retention

The audit log itself is retained for the lifetime of your workspace — entries are never auto-deleted, even when the underlying records (a deleted contact, a removed channel) go away. The audit log is the receipt that an action happened.

​

Related