Audit Log
The Audit Log provides a complete record of actions taken within your LakeSentry organization. Every significant action — from rule changes to action plan approvals to user management — is logged with the user who performed it, when it happened, and what changed. This is your accountability record for compliance, troubleshooting, and governance.
Audit log view
Section titled “Audit log view”The main view shows audit events in reverse chronological order:
| Column | What it shows |
|---|---|
| Time | When the event occurred |
| Actor | Who performed the action (email address, or actor type for system actions) |
| Action | What was done (e.g., “attribution rule create”, “action plan approve”) |
| Resource | What was affected (resource type and truncated ID) |
| IP Address | Origin IP address of the request |
Filtering
Section titled “Filtering”You can filter the log by action type using the dropdown at the top of the page. Available filter options include login, plan approved, plan rejected, insight suppressed, connector created, and connector updated. Use the Clear filter link to return to the full log.
Action types
Section titled “Action types”LakeSentry logs the following categories of actions:
Attribution rule changes
Section titled “Attribution rule changes”| Action | What it records |
|---|---|
| Rule created | New attribution rule — includes name, rule type, workspace, and priority |
| Rule updated | Changes to an existing rule — includes the updated field values (e.g., name, priority, is_active) |
| Rule deleted | Rule removal |
| Rule reordered | Priority change — includes the new priority value |
Activation and deactivation of rules are recorded as rule updates with the is_active field in the details.
Attribution rule changes are among the most important audit events — a rule change can shift cost attribution across your entire organization.
Action plan events
Section titled “Action plan events”| Action | What it records |
|---|---|
| Action approved | Who approved the action and what it will do |
| Action rejected | Who rejected and optionally why |
Budget events
Section titled “Budget events”| Action | What it records |
|---|---|
| Budget created | Scope, amount, period, and thresholds |
| Budget updated | What changed (amount, thresholds, recipients) |
| Budget deleted | Entity type, entity ID, and budget amount at deletion time |
User management events
Section titled “User management events”| Action | What it records |
|---|---|
| User invited | Invitee email and assigned role |
| Invitation accepted | Who accepted and the resulting user account |
| Invitation revoked | Which invitation was revoked |
| User removed | Who was removed and by whom |
| Ownership transferred | Previous and new owner |
Organization changes
Section titled “Organization changes”| Action | What it records |
|---|---|
| Hierarchy change | Org unit, department, or team group created/updated/deleted |
| Connector change | Account or region connector created/updated/deleted |
Webhook events
Section titled “Webhook events”| Action | What it records |
|---|---|
| Webhook created | Endpoint URL |
| Webhook updated | Configuration changes |
| Webhook deleted | Which webhook was removed |
Logged data
Section titled “Logged data”Each audit event stores the following data in the database:
- Action details — A JSON payload with action-specific context (e.g., changed field values, entity information)
- Request metadata — IP address and user agent of the originating request
The IP address is visible in the table view. The full details payload and user agent are stored in the database for programmatic access.
Common workflows
Section titled “Common workflows”Investigating a cost attribution change
Section titled “Investigating a cost attribution change”- Filter the audit log by action to find attribution rule changes.
- Review the log entries around the time the change was noticed.
- Look for rules that were created, modified, or deleted.
- If a change was incorrect, use the logged details to create a correcting rule.
Reviewing action plan approvals
Section titled “Reviewing action plan approvals”- Use the action filter to select “Plan Approved” or “Plan Rejected”.
- Review the entries to see who approved or rejected actions and why.
- Cross-reference with the Insights & Actions execution history for execution details.
Compliance audit
Section titled “Compliance audit”- Page through the audit log to review the audit period.
- Key areas to check:
- Who has admin access and what actions they’ve taken
- What action plans were approved or rejected
- What changes were made to attribution rules and budgets
- What connector and webhook configuration changes were made
Troubleshooting unexpected behavior
Section titled “Troubleshooting unexpected behavior”- Identify when the unexpected behavior started.
- Page through the audit log to find entries around that time.
- Look for any changes that coincide — rule changes, connector updates, or hierarchy modifications.
- Check the Insights & Actions execution history for automated processes that may have triggered the change.
Next steps
Section titled “Next steps”- Insights & Actions — Action execution history and approval workflow
- Attribution Rules — Managing the rules that audit tracks
- Roles & Permissions — Understanding who can do what
- Settings — Organization-wide configuration